Waffle JAAS Authentication

Question

I am trying to integrate waffle in my web app project (jsp). I want to authenticate user for my webapp, from Active directory(following Kerberos protocol ).

Whenever user hint the url firstly tomcat server authenticate the user from Active directory server, upon authentication user can use my web application (jsp).

Here's the setting I followed for implementing waffle. When I hit the url pop up occur for verification after successful login it shows

HTTP Status 403 - Access to the requested resource has been denied

context.xml

    <Context>
    <Realm className="org.apache.catalina.realm.JAASRealm" 
    appName="Jaas" 
    userClassNames="waffle.jaas.UserPrincipal"
    roleClassNames="waffle.jaas.RolePrincipal" 
    useContextClassLoader="false" 
    debug="true" />
</Context>

web.xml

      <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Jaas</realm-name>
</login-config>

<security-role>
  <role-name>Everyone</role-name>
</security-role>


<security-constraint>
  <display-name>Waffle Security Constraint</display-name>
  <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>Everyone</role-name>
  </auth-constraint>
</security-constraint>

login.conf

    Jaas {
    waffle.jaas.WindowsLoginModule sufficient;
};

jaas.policy

    grant Principal * * {
  permission java.security.AllPermission "/*";
};

Answer 1

I tried the below configuration, it works for me.

<security-role>
  <role-name>*</role-name>
</security-role>

<security-constraint>
  <display-name>Waffle Security Constraint</display-name>
  <web-resource-collection>
    <web-resource-name>Protected Area</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>*</role-name>
  </auth-constraint>
</security-constraint>