I'm making a web site and need limiting customers' access to the website of my application.
I work under Apache Tomcat 6.0.18, postresql and of course i've put postgresql-8.3-603.jdbc4 in my lib file.
My context Apache-Tomcat's name is "hotel", and my database's name is AMDB.
I haven't a file sun-web.xml (I've learned in some websites that we shouls sometimes make it : but where and why ?)
My files are :
Web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns: xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<security-constraint>
<display-name>Sécurité sous Tomcat</display-name>
<web-resource-collection>
<web-resource-name>hotel</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Authentification pour Tomcat</realm-name>
</login-config>
<security-role>
<description/>
<role-name>admin</role-name>
<role-name>user</role-name>
</security-role>
</web-app>I've added the following code in my server.xml file inside the tag <Host>:
<Context path="/hotel" docBase="hotel"
crossContext="true" reloadable="true" debug="1">
<Resource name="jdbc/AMDB" auth="root"
type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
url="jdbc:postgresql://127.0.0.1:5432/AMDB"
username="root" password="artirt" maxActive="20" maxIdle="10"
maxWait="-1"/>
</Context>
<Realm className="org.apache.catalina.realm.JDBCRealm"
connectionName="root"
connectionPassword="artirt"
localDataSource="true"
dataSourceName="jdbc/AMDB"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://127.0.0.1:5432/AMDB"
userTable="users"
userRoleTable="roles"
userNameCol="username"
userCredCol="password"
roleNameCol="role-name"
/>My database is created under postgresql using the following codes (that I've copied from pgAdmin):
-- Table: roles
-- DROP TABLE roles;
CREATE TABLE roles
(
username character varying(32) NOT NULL,
"role-name" character varying(32) NOT NULL,
CONSTRAINT cleprimroles PRIMARY KEY (username, "role-name"),
CONSTRAINT foreignckeyroles FOREIGN KEY (username)
REFERENCES users (username) MATCH SIMPLE
ON UPDATE NO ACTION ON DELETE NO ACTION
)
WITH (OIDS=FALSE);
ALTER TABLE roles OWNER TO root;
-- Table: users
-- DROP TABLE users;
CREATE TABLE users
(
username character varying(32) NOT NULL,
"password" character varying(32) NOT NULL,
CONSTRAINT cleprimusers PRIMARY KEY (username)
)
WITH (OIDS=FALSE);
ALTER TABLE users OWNER TO root;Given that, when I start tomcat and open a page of my application, the firefox window authentification (with login and password)
appears. I type my login and pass, and even if they are correct, the following error page appears :
[IMG]http://img78.imageshack.us/img78/5864/tomcatwn4.th.jpg[/IMG]
![[IMG]](http://img78.imageshack.us/my.php?image=tomcatwn4.jpg){kind=link}
The error is :
Etat HTTP 403 - L'acc�s � la ressource demand�e a �t� interditthat means in english : the access to the requested resource is denied.
Thanks in advance for any reply.