If you are using a newer version of Tomcat it will do that to you unless you
explicitly define your user roles:
In web.xml under <security-constraint>
Instead of:
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
Change to:
<auth-constraint>
<role-name>admin</role-name>
<role-name>user</role-name>
<role-name>manager</role-name>
</auth-constraint>
And then try it - it should work...
HTH,
Akshay
On 6/20/06, Hu, Yiguang <[EMAIL PROTECTED]> wrote:
I have the following login page under /jetspeed/index.jsp (not a
portlet). I don't have problem with admin users. But run into problem
with non-admin user. After I provide the credentials for the login, it
was redirected to /jetspeed/login/redirector servlet which report the
following "HTTP Status 403" on the page. If I do
localhost:8080/Jetspeed/portal, it will show me the default page though.
I also attached the Jetspeed.log file which says "- Failed
authenticate() test ??/jetspeed/login/j_security_check" and
DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin
DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
accessControl() test
Any help is appreciated.
Thanks
"HTTP Status 403 - Access to the requested resource has been denied
________________________________
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested
resource has been denied) has been forbidden.
"
I saw this in the Jetspeed.log file:
DEBUG org.apache.catalina.realm.JAASRealm - JAAS LoginContext created
for username "tester"
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "tester"
[org.apache.jetspeed.security.impl.UserPrincipalImpl
DEBUG org.apache.catalina.realm.JAASRealm - Principal "tester" is a
valid user class. We will use this as the user Principal.
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal
"testrole" [org.apache.jetspeed.security.impl.RolePrincipalImp
l
DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"testrole" to this user Principal's roles
DEBUG org.apache.catalina.realm.JAASRealm - Checking Principal "user"
[org.apache.jetspeed.security.impl.RolePrincipalImpl
DEBUG org.apache.catalina.realm.JAASRealm - Adding role Principal
"user" to this user Principal's roles
DEBUG org.apache.catalina.realm.JAASRealm - Username "tester"
successfully authenticated as Principal "{1}" -- Subject was cr
eated too
DEBUG org.apache.catalina.authenticator.FormAuthenticator -
Authentication of 'tester' was successful
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Redirecting
to original '/jetspeed/login/redirector'
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
authenticate() test ??/jetspeed/login/j_security_check
DEBUG org.apache.catalina.connector.CoyoteAdapter - Requested cookie
session id is E3C7DBE736DB74705622495DCE3A7D55
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Security
checking request GET /jetspeed/login/redirector
DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Login
DEBUG org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Manager
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
hasUserDataPermission()
DEBUG org.apache.catalina.realm.RealmBase - User data constraint has
no restrictions
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
authenticate()
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Restore
request from session 'E3C7DBE736DB74705622495DCE3A7D55'
DEBUG org.apache.catalina.authenticator.AuthenticatorBase -
Authenticated 'tester' with type 'FORM'
DEBUG org.apache.catalina.authenticator.FormAuthenticator - Proceed to
restored request
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Calling
accessControl()
DEBUG org.apache.catalina.realm.RealmBase - Checking roles
GenericPrincipal[tester(testrole,user,)
DEBUG org.apache.catalina.realm.RealmBase - Username tester does NOT
have role admin
DEBUG org.apache.catalina.realm.RealmBase - No role found: admin
DEBUG org.apache.catalina.authenticator.AuthenticatorBase - Failed
accessControl() test
The index page under /Jetspeed
<form method="POST" action='/jetspeed/login/proxy'>
Username
<input type="text" size="30"
name="org.apache.jetspeed.login.username" value="">
Password
<input type="password" size="30"
name="org.apache.jetspeed.login.password">
<input type="submit" value="Login">
</form>
