j_security_check为403页面提供了正确的凭据

时间:2012-03-15 22:39:35

标签: jsp tomcat j-security-check

我在login.jsp页面输入正确的凭据时收到403错误。这是我的web.xml

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Test</web-resource-name>
            <url-pattern>/test/something.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-login-page>/Login.jsp</form-login-page>
            <form-error-page>/LoginError.jsp</form-error-page>
        </form-login-config>
    </login-config>

    <security-role>
    <role-name>administrator</role-name>
  </security-role>

这是我的context.xml

<Context>

  <!-- Together with a corresponding entry in web.xml, this configures -->


  <Resource
    name="jdbc/DB"
    auth="Container"
    type="javax.sql.DataSource"
    driverClassName="com.mysql.jdbc.Driver"
    url="jdbc:mysql://something/DB"
    username="user"
    password="pass"
    maxActive="8"
    maxIdle="4"
    maxWait="10000"
   />
  <Realm 
    className="org.apache.catalina.realm.JDBCRealm" 
    driverName="com.mysql.jdbc.Driver" 
    connectionURL="jdbc:mysql://something/DB"
    connectionName="user" 
    connectionPassword="pass" 
    userTable="users" 
    userNameCol="user_name" 
    userCredCol="user_password" 
    userRoleTable="users"
    userRoleCol="role" 
    digest="MD5"
    />
</Context>

当它无效时会转到错误页面,但它与我的角色不一样。在数据库中,我有administratorstaff作为角色。

1 个答案:

答案 0 :(得分:1)

我在这里修好了是错的:

userRoleCol="role" 

需要:

roleNameCol="role"