security authentification using JDBCRealm under tomcat 6 and postgresql
 

I'm making a web site and need limiting customers' access to the website of my application.

I work under Apache Tomcat 6.0.18, postresql and of course i've put postgresql-8.3-603.jdbc4 in my lib file.

My context Apache-Tomcat's name is "hotel", and my database's name is AMDB.

I haven't a file sun-web.xml (I've learned in some websites that we shouls sometimes make it : but where and why ?)

My files are :

Web.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>





<web-app xmlns="http://java.sun.com/xml/ns/javaee"

   xmlns: xsi="http://www.w3.org/2001/XMLSchema-instance"

   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

   version="2.5"> 



    <security-constraint>

<display-name>Sécurité sous Tomcat</display-name>



<web-resource-collection>

<web-resource-name>hotel</web-resource-name>





<url-pattern>/*</url-pattern>

            <http-method>GET</http-method>

            <http-method>POST</http-method>

            <http-method>HEAD</http-method>

            <http-method>PUT</http-method>

            <http-method>OPTIONS</http-method>

            <http-method>TRACE</http-method>

            <http-method>DELETE</http-method>





</web-resource-collection>



<auth-constraint>

<role-name>admin</role-name>

</auth-constraint>



</security-constraint>

   

   

   <login-config>

<auth-method>BASIC</auth-method>

<realm-name>Authentification pour Tomcat</realm-name>

</login-config>





        <security-role>  

<description/>        

        <role-name>admin</role-name>

                 <role-name>user</role-name>

    </security-role>





</web-app>

I've added the following code in my server.xml file inside the tag <Host>:

<Context path="/hotel" docBase="hotel"

   crossContext="true" reloadable="true" debug="1">



<Resource name="jdbc/AMDB" auth="root"

          type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"

          url="jdbc:postgresql://127.0.0.1:5432/AMDB"

          username="root" password="artirt" maxActive="20" maxIdle="10"

maxWait="-1"/>

        </Context>

        

        

                <Realm className="org.apache.catalina.realm.JDBCRealm" 

        connectionName="root"

        connectionPassword="artirt"

        localDataSource="true"

        dataSourceName="jdbc/AMDB"

        driverName="org.postgresql.Driver"

   connectionURL="jdbc:postgresql://127.0.0.1:5432/AMDB"

        userTable="users"

        userRoleTable="roles"

        userNameCol="username"

        userCredCol="password"

        roleNameCol="role-name"

/>

My database is created under postgresql using the following codes (that I've copied from pgAdmin):

-- Table: roles



-- DROP TABLE roles;



CREATE TABLE roles

(

  username character varying(32) NOT NULL,

  "role-name" character varying(32) NOT NULL,

  CONSTRAINT cleprimroles PRIMARY KEY (username, "role-name"),

  CONSTRAINT foreignckeyroles FOREIGN KEY (username)

      REFERENCES users (username) MATCH SIMPLE

      ON UPDATE NO ACTION ON DELETE NO ACTION

)

WITH (OIDS=FALSE);

ALTER TABLE roles OWNER TO root;









-- Table: users



-- DROP TABLE users;



CREATE TABLE users

(

  username character varying(32) NOT NULL,

  "password" character varying(32) NOT NULL,

  CONSTRAINT cleprimusers PRIMARY KEY (username)

)

WITH (OIDS=FALSE);

ALTER TABLE users OWNER TO root;

Given that, when I start tomcat and open a page of my application, the firefox window authentification (with login and password)
appears. I type my login and pass, and even if they are correct, the following error page appears :



http://img78.imageshack.us/img78/5864/tomcatwn4.th.jpg


The error is :

Etat HTTP 403 - L'acc�s � la ressource demand�e a �t� interdit

that means in english : the access to the requested resource is denied.

Thanks in advance for any reply.