I manage a web application that uses REST Web Services. After upgrading from
8.5.30 to 8.5.58, the web services return 403 messages.
Commenting out the <role-name> and <user-auth-constraing> sections below allows
the web services to run again, but it does remove the security constraints.
How can I get it working securely again?
<auth-constraint>
<role-name>admin</role-name>
<role-name>readonly</role-name>
<role-name>user</role-name>
<role-name>CN=ISSWA-MyWebsiteName-Admin,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
<role-name>CN=ISSWA-MyWebsiteName-Readonly,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
<role-name>CN=ISSWA-MyWebsiteName-User,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The server that does not works has
==========================================
Tomcat Version: Apache Tomcat/8.5.58
JVM Version: 11.0.12+7-LTS
JVM Vendor: Red Hat, Inc.
OS Name: Linux
OS Version: 3.10.0-1160.36.2.el7.x86_64
OS Architecture: amd64
The server that does not work has
====================================
Tomcat version: Apache Tomcat/8.5.30
JVM Version: 11.0.11+9-LTS
JVM Vendor: Red Hat, Inc.
OS Name: Linux
OS Version: 3.10.0-1160.31.1.el7.x86_64
OS Architecture: amd64
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
