stackoom
  简体   繁体   中英

How to fix tomcat HTTP status 403 : access denied

 原文  2018-02-08 13:46:52       java/ xml/ eclipse/ tomcat/ http-status-code-403

Question

I made a simple form athentification tomcat using eclipse in which a name and a password is required to access. However when i put the username and password in the file tomcat-users.xml i get an the error HTTP status 403 which mean the access is denied.

I guess that the problem is in either web.xml or in server.xml. I know that the error is not in tomcat-users.xml because i tried everything but i always get the same error.

the script in the file web.xml relative to my TestServlet is : 

<servlet>
        <servlet-name>TestServlet</servlet-name>
        <servlet-class>test.TestServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>TestServlet</servlet-name>
        <url-pattern>/test</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>

        <auth-constraint>
            <role-name>tomcat</role-name>
        </auth-constraint>


    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.html</form-login-page>
            <form-error-page>/login-failed.html</form-error-page>
        </form-login-config>
    </login-config>

PS : when i put wrong credentials i get the page login-failed.html, so everything works well when i put wrong credentials. PS : the code in the file tomcat-users.xml is : 

<tomcat-users>
<role rolename="manager"/>
<user username="admin" password="admin" roles="manager"/>
</tomcat-users>

Could someone help me locate the problem please ?

2 answers

solution1
 1  2018-02-08 16:53:11

U extract it and try to access it by calling localhost:8080 and give login credentials but can't login right. Means u have no access to that gui .so u must manually edit XML file and modify the scripts like this for access gui. After that I hope it will definitely works

Add following scripts 

    <tomcat-users>
      <role rolename="manager-gui"/>
   <role rolename="manager-jmx"/>
   <role rolename="manager-status"/>
   <user username="admin" password="admin" 
     roles="manager-gui,manager-status"/>
    </tomcat-users>

    manager-gui — Access to the HTML interface.

solution2
 1  2018-08-17 09:26:15

In the auth-constraint, you have configured "tomcat" role. This role is missing in your tomcat-users.xml file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP Status 403 - Access is denied Spring security spring security HTTP Status 403 - Access Denied Maven Tomcat Deployment returns HTTP 403 Access Denied, halting production hasRole() not working error Http Status 403 - Access is denied spring-oauth2: HTTP Status 403 - Access Denied 403 access denied on tomcat 7.0.42 Tomcat 8.5 - 403 Access Denied 403 access denied on changing name of ROOT [Tomcat] 403 Access denied to specified url in Tomcat 7.0.52 tomcat changes 404 status into 403 for http delete
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM