JDBC Tomcat auth 403 after login / role not taken in account
I have set up my environnement like follows but after the login it says access denied like if the role wasn't set up correctly.
Here some infos:
- I use BASIC auth and as long as I type in wrong username or password, the browser login form reappears. When I type in the right username and pass it goes away and I get the access denied message
- If I configure
<role-name>*</role-name>I don't get the 403 and after the login I can access the protected page - The console doesn't show any error message
web.xml
<security-role>
<role-name>USER</role-name>
</security-role>
<security-role>
<role-name>ADMIN</role-name>
</security-role>
<!--<security-role>
<role-name>*</role-name>
</security-role>-->
<security-constraint>
<display-name>IndexPage</display-name>
<web-resource-collection>
<web-resource-name>start</web-resource-name>
<url-pattern>/pages/protected/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<!--<role-name>*</role-name> -->
<role-name>USER</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
server.xml
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.JDBCRealm"
connectionURL="jdbc:mysql://localhost:3306/jsfdb?user=root"
driverName="com.mysql.jdbc.Driver"
roleNameCol="role_name"
userCredCol="password"
userNameCol="username1"
userRoleTable="user_role"
userTable="user"
/>
Database
user data
user_role data
Solution
The problem was that in the username field from the user_role table the value the primary key of the user table was. Expected is the actual username so I fixed it in changing the PK from id to the username. The db looks like this now:
God I hate Java
- Postgres / hibernate operator does not exist: text = bytea
- Spring boot not loading log4j2.xml
- How to verify 'Open xdg-open popup' in Chrome via Selenium Webdriver?
- Junit is throwing error with the com.fasterxml.jackson.databind.exc.InvalidDefinitionException
- @Repository not necessary when implementing JpaRepository?
- Implementing custom methods of Spring Data repository and exposing them through REST
- How to add custom method to Spring Data JPA
- How to use the Netbeans Profiler programmatically?
- Unknown entity: com.sun.proxy.$Proxy87
- What is an object graph in the Java garbage collector?
- Why does the paging library stop loading data after several calls?
- What is the fastest way to create a 2GB file containing random bytes in Java?
- SAXParseException; src-resolve: Cannot resolve the name '...' to a(n) 'type definition' component
- Is it good idea to use the DAO design pattern with spring Boot, instead of using repository design pattern provided by spring data jpa?
- Can i sum two String values without using Wrapper Class in java if yes than how ?
- How to debug the below flux code when expected log is missing?
- Implementing a simple turn-based game in Java using the wait-notify approach
- Why is Spring initialising my Aspect twice?
- AndroidManifest.xml - specified for property 'manifest' does not exist
- java.lang.RuntimeException: Duplicate class org.intellij.lang.annotations.Flow found in modules annotations-16.0.1.jar and annotations-java5-15.0.jar
- JFrame doesn't appear with ActionListener
- Escaping special character when generating an XML in Java
- Is it possible to override package path of Maven dependency?
- IntelliJ gradle add module dependency
- Paging Compile Issue : Not sure how to convert a Cursor to this method's return type
- Weird behaviour of Java MethodHandle.invokeExact
- How do I use a custom Serializer with Jackson?
- loadInitial method not getting called in PositionalDataSource<Item>
- How to use "=toString" in modify-overwrite-beta operation in input with objects?
- Ignore unused local variable warnings in VS Code