为什么Tomcat会出现403错误?

时间:2012-12-21 08:47:38

标签: java web-services apache tomcat access-control

我在下面配置我的tomcat-users.xml:

<?xml version='1.0' encoding='utf-8'?> 
<tomcat-users> 
<role rolename="tomcat"/> 
<role rolename="role1"/> 
<role rolename="manager"/> 
<role rolename="admin"/> 
<user username="admin" password="admin" roles="admin,manager"/> 
<user username="tomcat" password="tomcat" roles="tomcat"/> 
<user username="role1" password="tomcat" roles="role1"/> 
<user username="both" password="tomcat" roles="tomcat,role1"/>  
</tomcat-users>

我在webapps/dupload/task.html页面下放置了一个html页面,该页面向servlet提交了一个查询表单。 html代码如下:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
 <TITLE>A Sample Form Using POST</TITLE>
</HEAD>

<BODY BGCOLOR="#FDF5E6">
<H2 ALIGN="CENTER">SimpleTaskQuery</H2>

<FORM ACTION="http://10.5.20.78:8080/mps4/ui/SimpleTaskQueryServlet"
   METHOD="POST">
 <CENTER>
Task Id:
 <INPUT TYPE="TEXT" NAME="id" VALUE="111"><BR>
 <INPUT TYPE="SUBMIT">
 </CENTER>
</FORM>

</BODY>
</HTML>

但是当我提交表单时,tomcat会出现以下错误:

HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Apache Tomcat/7.0.26

我已经编辑了tomcat-users.xml并使用admin用户帐户登录。为什么这仍然不起作用?

更新

webapp的web.xml如下: web.xml:

 <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManger and Manager command</web-resource-name>
      <url-pattern>/ui/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>viewer</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Manager Application</realm-name>
  </login-config>
  <security-role>
    <description> </description>
    <role-name>viewer</role-name>
  </security-role>

我将tomcat-users.xml编辑为:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="viewer"/>
<role rolename="admin"/>
<role rolename="tomcat"/>
<user username="admin" password="admin" roles="manager-gui"/>
<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>
</tomcat-users>

但它仍然不起作用。

2 个答案:

答案 0 :(得分:0)

你应该解决这个问题:

<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>

此用户需要角色&#39; manager-script&#39;被删除,以便他将通过html接口获得访问权限。所以看起来应该是这样的:

<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui"/>

答案 1 :(得分:0)

您的web.xml说明了角色&#39; viewer&#39;是必须的。您以没有该角色的admin用户身份登录。

按如下方式更新tomcat-users.xml:

<user username="admin" password="admin" roles="manager-gui, viewer"/>;

奇怪的是,你的观众&#39;用户也没有查看者角色,但这不是导致问题的原因(如果您以管理员身份登录)

相关问题
最新问题