Home/ Questions/Q 3760430
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T10:28:13+00:00

I want to make authentication controled by Tomcat. To test it I created to

  • 0

I want to make authentication controled by Tomcat. To test it I created to simple pages, login page and loginError page.
Authentication seemed to work. When I enter wrong login or password I see loginError page. But when I enter correct login and password I see:

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Here is my web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <security-constraint>
        <web-resource-collection>
            <url-pattern>/protected.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginError.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
</web-app>

Here is my tomcat-users.xml

<tomcat-users>

  <role rolename="tomcat"/>
    <role rolename="admin"/>
    <role rolename="manager"/>
    <user password="tomcat" roles="tomcat,manager,admin" username="tomcat"/>
    <user password="proger" roles="tomcat" username="proger"/>
</tomcat-users>

My login.jsp looks like:

<html>
    <body>
        <form id="loginForm" method="post" action="j_security_check">
            <p>
                Username: <input type="text" name="j_username" id="j_username" />
                <br/>
                Password: <input type="password" name="j_password" id="j_password" />
                <br/>
                <button type="submit">login</button>
            </p>
        </form>
    </body>
</html>

I deploy it I use NetBeans 6.9.1. I use Tomcat 6.0.29.
What can be wrong?
Thank you in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using 

       <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>

    requires that you also define ‘valid’ roles

    <security-role>
      <role-name>admin</role-name>
</security-role>
<security-role>
     <role-name>user</role-name>
</security-role>

    If the user enters a valid name/pass, but is only in role ‘dimwit’, they’ll get access denied

    • 0