Tomcat 6.0.32 HTTP Status 403 - Access to the requested resource has been denied

Hello all,

I am trying to setup tomcat with my current source code. I downloaded the zip from tomcat site(version 6.0.32

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

Any help appreciated. Stuck on this for 2 days now.

Thanks.

tomcat-users.xml :

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>

Looks fine with a quick glance. Perhaps the \ in the username is boofing things up? I'd try a username with just "normal" characters.

but that is the username it authenticates in the database.

I'd just try it to see if that's the issue. If not, then it's something else.

Ok.
Will try it now.

Nope.
That didnt work too.

OK, then we know it's something else.

Oh wait a minute... I thought you were trying to hit the manager app, but you say that's working. But you are getting a prompt when hitting the root app? That shouldn't be protected at all. Did you change something about the root app?

My application has an authorization to enter.
So when I try to access my application, it prompts me for credentials the way it is supposed to.
But after entering the credentials it gives me the 403.

I cant see anything in the log.
Just says Server started.... as the last entry.

Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.

The tomcat-users.xml section that contains the role information is commented out by default. Did you un-comment those lines?

And wouldn't you want to use a JNDI Realm and maybe check users against your active directory, and or in a database - DataSourceRealm?

And without seeing your web.xml, how do we know you setup basic authentication, or form authentication...?

And without seeing your server.xml, how do we know you didn't set your org.apache.catalina.realm.UserDatabaseRealm to store digested passwords?

<tomcat-users> <!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. --> <!-- NOTE: The sample user and role entries below are wrapped in a comment and thus are ignored when reading this file. Do not forget to remove <!.. ..> that surrounds them. --> <!-- <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/> --> </tomcat-users>

Bear Bibeault wrote:Ah, so you've replaced Tomcat's default root app with your own?

I don't rely upon Tomcat's system for authentication (do you really want to have to record all your users in tomact_users.xml rather than a database?), so someone else who knows it better will have to help.

You'll probably need to include more info on how the app is configured.

tomcat-users.xml and the Realm that uses it is really only intended for quick-and-dirty stuff. Real production webapps should be using a more robust Realm like one of the database or LDAP-based Realms.

tomcat-users is fine for testing, and the great thing about it is that a simple reconfiguration of the webapp Context or server.xml can then be used to use a "real" realm in production without any code changes. But as a data center operations solution, it's a nightmare. Not only would it require operators or security personnel to go mucking around in the server config directory, you can only get new/changed users to "take" by restarting Tomcat.

A userid in the form "aaaa\bbbb" usually means that the real ID is a user within a domain. Normally, a backslash is just begging for trouble, since it's Java's escape character, but tomcat-users.xml is (obviously!) an XML file, and backslashes aren't "magic" to XML, so I can't venture a guess on that one.

hello viidhya,

have you go to the services and restart the tomcat application?
i was just having the same problem as yours, i simply go to the windows services, and restart the Tomcat6 application.
then, i can login to the manager page.