RE: 403 Errors for REST Web Services after upgrade from 8.5.30 to 8.5.58

Mon, 13 Sep 2021 08:23:52 -0700 

I'm sorry the bottom section of the below email should instead be 

The server that does work has
====================================
Tomcat version: Apache Tomcat/8.5.30    
JVM Version: 11.0.11+9-LTS
JVM Vendor: Red Hat, Inc.
OS Name: Linux
OS Version: 3.10.0-1160.31.1.el7.x86_64
OS Architecture: amd64



-----Original Message-----
From: Mike Webb <mrw2...@soton.ac.uk> 
Sent: 13 September 2021 3:57 PM
To: users@tomcat.apache.org
Subject: FW: 403 Errors for REST Web Services after upgrade from 8.5.30 to 
8.5.58

I manage a web application that uses REST Web Services.  After upgrading from 
8.5.30 to 8.5.58, the web services return 403 messages.

Commenting out the <role-name> and <user-auth-constraing> sections below allows 
the web services to run again, but it does remove the security constraints.  
How can I get it working securely again?


<auth-constraint>
        <role-name>admin</role-name>
        <role-name>readonly</role-name>
        <role-name>user</role-name>
        
<role-name>CN=ISSWA-MyWebsiteName-Admin,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
 Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
        
<role-name>CN=ISSWA-MyWebsiteName-Readonly,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
 Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
        
<role-name>CN=ISSWA-MyWebsiteName-User,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate
 Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name>
</auth-constraint>
                <user-data-constraint>
                                
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
                </user-data-constraint>
</security-constraint>

The server that does not works has
==========================================
Tomcat Version:  Apache Tomcat/8.5.58   
JVM Version: 11.0.12+7-LTS
JVM Vendor: Red Hat, Inc.
OS Name: Linux  
OS Version: 3.10.0-1160.36.2.el7.x86_64
OS Architecture: amd64


The server that does not work has
====================================
Tomcat version: Apache Tomcat/8.5.30    
JVM Version: 11.0.11+9-LTS
JVM Vendor: Red Hat, Inc.
OS Name: Linux
OS Version: 3.10.0-1160.31.1.el7.x86_64
OS Architecture: amd64


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to