Mike, On 9/13/21 10:56, Mike Webb wrote:
I manage a web application that uses REST Web Services. After upgrading from 8.5.30 to 8.5.58, the web services return 403 messages.Commenting out the <role-name> and <user-auth-constraing> sections below allows the web services to run again, but it does remove the security constraints. How can I get it working securely again? <auth-constraint> <role-name>admin</role-name> <role-name>readonly</role-name> <role-name>user</role-name> <role-name>CN=ISSWA-MyWebsiteName-Admin,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> <role-name>CN=ISSWA-MyWebsiteName-Readonly,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> <role-name>CN=ISSWA-MyWebsiteName-User,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> The server that does not works has ========================================== Tomcat Version: Apache Tomcat/8.5.58 JVM Version: 11.0.12+7-LTS JVM Vendor: Red Hat, Inc. OS Name: Linux OS Version: 3.10.0-1160.36.2.el7.x86_64 OS Architecture: amd64 The server that not work has ==================================== Tomcat version: Apache Tomcat/8.5.30 JVM Version: 11.0.11+9-LTS JVM Vendor: Red Hat, Inc. OS Name: Linux OS Version: 3.10.0-1160.31.1.el7.x86_64 OS Architecture: amd64
Are you able to segregate that non-working machine to run some tests against it? Can you increase the logging for the authenticator / realm to see what is happening?
-chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
