Reputation: 3653
Why does Tomcat give 403 error on my POST form?
I configure my tomcat-users.xml below:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="admin" roles="admin,manager"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="role1" password="tomcat" roles="role1"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
</tomcat-users>
I placed an html page under webapps/dupload/task.html page which submit a query form to a servlet. The html code is following:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>A Sample Form Using POST</TITLE>
</HEAD>
<BODY BGCOLOR="#FDF5E6">
<H2 ALIGN="CENTER">SimpleTaskQuery</H2>
<FORM ACTION="http://10.5.20.78:8080/mps4/ui/SimpleTaskQueryServlet"
METHOD="POST">
<CENTER>
Task Id:
<INPUT TYPE="TEXT" NAME="id" VALUE="111"><BR>
<INPUT TYPE="SUBMIT">
</CENTER>
</FORM>
</BODY>
</HTML>
But when I submit the form, tomcat gives the following error:
HTTP Status 403 - Access to the requested resource has been denied type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Apache Tomcat/7.0.26
I have already edited the tomcat-users.xml and login with the admin user account. Why does this still not work?
Update:
The webapp's web.xml is following: web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLManger and Manager command</web-resource-name>
<url-pattern>/ui/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>viewer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat Manager Application</realm-name>
</login-config>
<security-role>
<description> </description>
<role-name>viewer</role-name>
</security-role>
I edit the tomcat-users.xml to:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="viewer"/>
<role rolename="admin"/>
<role rolename="tomcat"/>
<user username="admin" password="admin" roles="manager-gui"/>
<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>
</tomcat-users>
but it still doesn't work.
Upvotes: 0
Views: 9995
Answers (2)
Reputation: 165
Your web.xml says the role 'viewer' is required. You log in as the admin user, who does not have that role.
Update your tomcat-users.xml as follows:
<user username="admin" password="admin" roles="manager-gui, viewer"/>;
Oddly enough, your 'viewer' user doesn't have the viewer role either, but that's not what causes the problem (if you log in as admin)
Upvotes: 0
Reputation: 1
You should fix this:
<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>
This user needs the role 'manager-script' to be deleted so that he will gain the access via html-interface. So it should look like:
<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui"/>
Upvotes: 0
Related Questions
- Why is tomcat returning status 403
- 403 access denied on tomcat 7.0.42
- How to fix tomcat HTTP status 403 : access denied
- Apache Tomcat configuration: Access not authorized
- Tomcat 8.5 - 403 Access Denied
- How to fix Tomcat access to the requested resouce which has been denied?
- How to fix Tomcat HTTP Status 403: Access to the requested resource has been denied?
- 403 Access denied to specified url in Tomcat 7.0.52
- How to fix access to the requested resource which has been denied in Tomcat?
- 403 Access Denied in Tomcat