How to fix Tomcat HTTP Status 403: Access to the requested resource has been denied?

Question

I am trying to setup Tomcat with my current source code. I downloaded the zip from tomcat site (6.0.32).

I then put in the config file for my project in tomcatDir\conf\Catalina\localhost

I then added the users to tomcat-users.xml

When I hit my application using localhost:8080/<context root>, I get the login prompt as I am supposed to. After providing the right credentials, the tomcat throws 403 error. I am able to access the manager with localhost:8080/manager/

tomcat-users.xml:

<role rolename="manager"/>
<role rolename="admin"/>
<user username="admin" password="5c50nD" roles="admin,manager"/>
<user username="nih\kishorev" password="altum" roles="admin,manager"/>

Answer 1

You should choose manager roles which are defined by tomcat instead of admin or manager.

manager-gui - Allows access to the html interface
manager-script - Allows access to the plain text interface
manager-jmx - Allows access to the JMX proxy interface
manager-status - Allows access to the read-only status pages

link to Configuring Manager Application access in tomcat

Answer 2

You need to change the form actions to Post, apparently there is a problem with the GET method on the 6.0.32 version of tomcat, it should be fixed in 6.0.33 version of tomcat.

link to tomcat bugzilla

Answer 3

This one works for me

<role rolename="manager"/>
<user username="admin" password="admin" roles="manager"/>

Answer 4

I had the same problem. I needed to do two things. In the web.xml you have to define BASIC or an other method leading to a form based login prompt and a role-name for example Admin:

    <security-constraint>   
    <web-resource-collection>   
        <web-resource-name>Protected Admin Area</web-resource-name>   
        <url-pattern>/Admin</url-pattern>   
    </web-resource-collection>
    <auth-constraint>
        <role-name>Admin</role-name>
    </auth-constraint>   
  </security-constraint>  
  <login-config>   
        <auth-method>BASIC</auth-method>
  </login-config>  

In the tomcat-users.xml add a user with the role Admin, or if you use a graphic interface like eclipse do the following:

Answer 5

Please check you web.xml In that put

admin instead of AllAuthenticatedUsers in <role-name>AllAuthenticatedUser</role-name>

Just try this and let me know whether it worked or not.