How to fix Tomcat HTTP Status 403: Access to the requested resource has been denied?

Question

I am trying to setup Tomcat with my current source code. I downloaded the zip from tomcat site (6.0.32).

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/<context root>, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

tomcat-users.xml:

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>

I am having the same problem...did you manage to solve it? I can access the status page but the manager app gives this error.. — FailedDev, Sep 17 '11 at 11:48

score 3 · Answer 1 · answered Jul 06 '12 at 08:18

You should choose manager roles which are defined by tomcat instead of admin or manager.

manager-gui - Allows access to the html interface
manager-script - Allows access to the plain text interface
manager-jmx - Allows access to the JMX proxy interface
manager-status - Allows access to the read-only status pages

link to Configuring Manager Application access in tomcat

score 2 · Answer 2 · answered Sep 12 '14 at 11:37

2

This one works for me

<role rolename="manager"/>
<user username="admin" password="admin" roles="manager"/>

answered Sep 12 '14 at 11:37

Ratnesh

53
6

score 2 · Answer 3 · answered Oct 07 '11 at 16:00

2

You need to change the form actions to Post, apparently there is a problem with the GET method on the 6.0.32 version of tomcat, it should be fixed in 6.0.33 version of tomcat.

link to tomcat bugzilla

answered Oct 07 '11 at 16:00

vrtis

712
9
9

score 1 · Answer 4 · answered Apr 14 '16 at 07:01

I had the same problem. I needed to do two things. In the web.xml you have to define BASIC or an other method leading to a form based login prompt and a role-name for example Admin:

    <security-constraint>   
    <web-resource-collection>   
        <web-resource-name>Protected Admin Area</web-resource-name>   
        <url-pattern>/Admin</url-pattern>   
    </web-resource-collection>
    <auth-constraint>
        <role-name>Admin</role-name>
    </auth-constraint>   
  </security-constraint>  
  <login-config>   
        <auth-method>BASIC</auth-method>
  </login-config>

In the tomcat-users.xml add a user with the role Admin, or if you use a graphic interface like eclipse do the following:

score 0 · Answer 5 · edited Oct 11 '12 at 20:21

0

Please check you web.xml In that put

admin instead of AllAuthenticatedUsers in <role-name>AllAuthenticatedUser</role-name>

Just try this and let me know whether it worked or not.

edited Oct 11 '12 at 20:21

Piotr Sobiegraj

1,775
16
26

answered Jul 05 '12 at 08:56

Manoj Mudaliyar

1

How to fix Tomcat HTTP Status 403: Access to the requested resource has been denied?

5 Answers5

Linked