I have installed Tomcat in my machine and it is running fine. I am able to login to the administration manager. I have deployed a .war
file which can be viewed on the Tomcat manager. The name of the file is shim
(actually I am installing freeshim
).
When I try to access shim on the browser using 192.168.1.65:8080/shim
I get a web administration interface of the shim
. This is the message I get:
This is the web administration interface for FreeSHIM. Web services are located "here".
When I click "here" in order for me to configure the Freeshim I get an error:
HTTP Status 403 – Access to the requested resource has been denied.
Where am I going wrong? How can I change this permission?
Best Answer
HTTP Status 403 (Access to the requested resource has been denied) can indicate that either you typed 3+ incorrect credentials (try another web-browser) or you've some problem with configuration.
If you have not changed any configuration files, please examine the file
conf/tomcat-users.xml
in your installation (locate tomcat-users.xml
). That file must contain the credentials to let you use Tomcat webapp.For example, to add the manager-gui role to a user named
tomcat
with a password ofs3cret
, add the following to the config file listed above:Then you can access your webapps manager from
/manager/html
(e.g. reloading after config changes).Read more: Manager App HOW-TO
If you're trying to implement your own security constraint (in
web.xml
), try the following example (before</web-app>
ending):If you still having the problem, try:
catalina.sh configtest
orxmlstarlet val /etc/tomcat?/*.xml /var/lib/tomcat7/webapps/*/WEB-INF/*.xml
,<url-pattern>
matches in your<security-constraint>
or set to/*
,/var/log/tomcat7
),INFO
->FINE
/FINEST
) inlogging.properties
orlog4j.properties
(INFO, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL), restart Tomat and check the logs,sudo lsof | grep -E "java.*(out|txt|log)$"
,tail -f /var/log/tomcat7/*.log /var/log/tomcat7/*.txt /var/log/tomcat7/*.out
),log4j
logging system, make sure you initialized it properly by placing libs andlog4j.properties
into the right folder and configuring it,test BASIC authentication with cURL:
without credentials:
Normally request should return HTTP/1.1 401 Unauthorized and the "WWW-Authenticate" header should indicate Basic authentication is required.
with credentials:
The request should be sent with an "Authorization" header and it should authenticate. If your credentials are invalid, you should get: HTTP/1.1 401 Unauthorized. If the user is authenticated, but does not have access to view the resource you should get: HTTP/1.1 403 Forbidden.
maybe a user lock out mechanism has been activated for too many failed authentication attempts (LockOutRealm),
stop and run Tomcat manually (in the same way as in:
ps wuax | grep ^tomcat
), e.g.:Alternatively start using
catalina.sh
script like:Or in debug mode:
and check your
catalina.out
log.last resort is to debug process by:
sudo strace -fp PID
.