Can someone please help me figure out what is wrong with the configuration below
I keep getting "HTTP Status 403 - Access to the requested resource has been denied" when I run the application.

I'm using netbeans 6.7.1 with tomcat.

this is my web.xml

<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <session-config> <session-timeout> 30 </session-timeout> </session-config> <security-constraint> <web-resource-collection> <web-resource-name>Chapter12Test</web-resource-name> <http-method>GET</http-method> <http-method>POST</http-method> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint>Admin</auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/index.html</form-login-page> <form-error-page>/loginerror.html</form-error-page> </form-login-config> <realm-name>Chapter12Test</realm-name> </login-config> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <security-role> <description>Has access to everything</description> <role-name>manager</role-name> <role-name>role1</role-name> <role-name>tomcat</role-name> <role-name>Admin</role-name> </security-role> </web-app>


this is my tomcat-users.xml file

<?xml version='1.0' encoding='utf-8'?> <tomcat-users> <role rolename="manager"/> <role rolename="Admin"/> <role rolename="Member"/> <role rolename="Guest"/> <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat,manager"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="user1" password="password1" roles="manager"/> <user username="role1" password="tomcat" roles="role1,manager"/> <user username="moses" password="moses" roles="Admin"/> </tomcat-users>

I was expecting a log in screen to pop up when ever the application is run.

All 3 files index.jsp, index.html and loginerror.html are outside the WEB-INF directory

thanks

In specification it is written

The realm-name indicates the realm name to use in HTTP BASIC authentication.

I don't know whether you can use realm name in case of FORM based authentication.

I took out the realm name from "<login-config>" and it is still not working.