Skip to Content.
Sympa Menu

grouper-users - Re: [grouper-users] Error 403, but logged in anyway

Subject: Grouper Users - Open Discussion List

List archive

Re: [grouper-users] Error 403, but logged in anyway


Chronological Thread 
  • From: "GW Brown, Information Systems and Computing" <>
  • To:
  • Cc: Grouper Users Mailing List <>
  • Subject: Re: [grouper-users] Error 403, but logged in anyway
  • Date: Thu, 19 Mar 2009 11:24:42 +0000

Hi Loris,

Have you got Apache in front of Tomcat - and is it doing the authentication? If so does it blanket protect grouper-dev? Otherwise are you using a servlet filter?

If you are using Apache can you isolate and post the relevant section of the access log?

In the web.xml there is a security constraint:
<security-constraint>
<web-resource-collection>
<web-resource-name>Tomcat login</web-resource-name>
<url-pattern>/login.do</url-pattern>
</web-resource-collection>
<auth-constraint>
<!-- NOTE: This role is not present in the default users file -->
<role-name>grouper_user</role-name>
</auth-constraint>
</security-constraint>

Which may not be necessary if the authentication is through Apache.

Thanks,

Gary

--On 19 March 2009 11:34 +0100 Loris Bennett <> wrote:

Hi Gary,

My webapp is actually "grouper-dev" - "grouper" just comes from me
having tweaked the logfile in a half-baked manner.

I am authenticating against an LDAP server.

Cheers,

Loris

On Thu, 2009-03-19 at 09:07 +0000, GW Brown, Information Systems and
Computing wrote:
Hi Loris,

Looking at the log I see:

Caught '403' for /grouper-dev/login.do

but the urls you gave /grouper/login.do. Is there actually a difference?
If so doing a clean build may help.

What authentication are you using?

Gary




--On 19 March 2009 09:37 +0100 Loris Bennett
<>
wrote:

> Hi,
>
> Most, but not all, users get error 403 on logging into grouper. The URL
> displayed is
>
> https://host.fu-berlin.de:1234/grouper/login.do
>
> If they then delete the "login.do" bit of the URL, they get redirected
> to
>
> https://host.fu-berlin.de:1234/grouper/home.do
>
> and everything is fine. A log extract for the login is attached.
>
> Cheers
>
> Loris
>
>
>
>
> --
> Dr. Loris Bennett (Mr.)
> Freie Universität Berlin
> ZEDAT - Zentraleinrichtung für Datenverarbeitung / Computer Center
> Compute & Media Service
> Fabeckstr. 32, Room 221
> D-14195 Berlin
> Tel ++49 30 838 51024
> Fax ++49 30 838 56721
> Email

> Web www.zedat.fu-berlin.de



----------------------
GW Brown, Information Systems and Computing

--
Dr. Loris Bennett (Mr.)
Freie Universität Berlin
ZEDAT - Zentraleinrichtung für Datenverarbeitung / Computer Center
Compute & Media Service
Fabeckstr. 32, Room 221
D-14195 Berlin
Tel ++49 30 838 51024
Fax ++49 30 838 56721
Email

Web www.zedat.fu-berlin.de




----------------------
GW Brown, Information Systems and Computing




Archive powered by MHonArc 2.6.16.

Top of Page