Member Avatar for artirt
artirt 0 Newbie Poster

I'm making a web site and need limiting customers' access to the website of my application.

I work under Apache Tomcat 6.0.18, postresql and of course i've put postgresql-8.3-603.jdbc4 in my lib file.

My context Apache-Tomcat's name is "hotel", and my database's name is AMDB.

I haven't a file sun-web.xml (I've learned in some websites that we shouls sometimes make it : but where and why ?)

My files are :

Web.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>


<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns: xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
   version="2.5"> 

    <security-constraint>
<display-name>Sécurité sous Tomcat</display-name>

<web-resource-collection>
<web-resource-name>hotel</web-resource-name>


<url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            <http-method>HEAD</http-method>
            <http-method>PUT</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
            <http-method>DELETE</http-method>


</web-resource-collection>

<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>

</security-constraint>
   
   
   <login-config>
<auth-method>BASIC</auth-method>
<realm-name>Authentification pour Tomcat</realm-name>
</login-config>


	<security-role>  
<description/>	
        <role-name>admin</role-name>
		 <role-name>user</role-name>
    </security-role>


</web-app>

I've added the following code in my server.xml file inside the tag <Host>:

<Context path="/hotel" docBase="hotel"
   crossContext="true" reloadable="true" debug="1">

<Resource name="jdbc/AMDB" auth="root"
          type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
          url="jdbc:postgresql://127.0.0.1:5432/AMDB"
          username="root" password="artirt" maxActive="20" maxIdle="10"
maxWait="-1"/>
	</Context>
	
	
		<Realm className="org.apache.catalina.realm.JDBCRealm" 
	connectionName="root"
	connectionPassword="artirt"
	localDataSource="true"
	dataSourceName="jdbc/AMDB"
	driverName="org.postgresql.Driver"
   connectionURL="jdbc:postgresql://127.0.0.1:5432/AMDB"
	userTable="users"
	userRoleTable="roles"
	userNameCol="username"
	userCredCol="password"
	roleNameCol="role-name"
/>

My database is created under postgresql using the following codes (that I've copied from pgAdmin):

-- Table: roles

-- DROP TABLE roles;

CREATE TABLE roles
(
  username character varying(32) NOT NULL,
  "role-name" character varying(32) NOT NULL,
  CONSTRAINT cleprimroles PRIMARY KEY (username, "role-name"),
  CONSTRAINT foreignckeyroles FOREIGN KEY (username)
      REFERENCES users (username) MATCH SIMPLE
      ON UPDATE NO ACTION ON DELETE NO ACTION
)
WITH (OIDS=FALSE);
ALTER TABLE roles OWNER TO root;




-- Table: users

-- DROP TABLE users;

CREATE TABLE users
(
  username character varying(32) NOT NULL,
  "password" character varying(32) NOT NULL,
  CONSTRAINT cleprimusers PRIMARY KEY (username)
)
WITH (OIDS=FALSE);
ALTER TABLE users OWNER TO root;

Given that, when I start tomcat and open a page of my application, the firefox window authentification (with login and password)
appears. I type my login and pass, and even if they are correct, the following error page appears :

[IMG]http://img78.imageshack.us/img78/5864/tomcatwn4.th.jpg[/IMG]


The error is :

Etat HTTP 403 - L'acc�s � la ressource demand�e a �t� interdit

that means in english : the access to the requested resource is denied.

Thanks in advance for any reply.

  • 1 Contributor
  • 0 Replies
  • 88 Views
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.