Thank you for your response Chris. I am able to segregate a working machine from a non-working machine.
I found that debugging and logging can be increased. I will check the logs and let you know if I can find a solution from reading them. -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: 14 September 2021 4:02 PM To: users@tomcat.apache.org Subject: Re: FW: 403 Errors for REST Web Services after upgrade from 8.5.30 to 8.5.58 CAUTION: This e-mail originated outside the University of Southampton. Mike, On 9/13/21 10:56, Mike Webb wrote: > I manage a web application that uses REST Web Services. After upgrading from > 8.5.30 to 8.5.58, the web services return 403 messages. > > Commenting out the <role-name> and <user-auth-constraing> sections below > allows the web services to run again, but it does remove the security > constraints. How can I get it working securely again? > > > <auth-constraint> > <role-name>admin</role-name> > <role-name>readonly</role-name> > <role-name>user</role-name> > > <role-name>CN=ISSWA-MyWebsiteName-Admin,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate > Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> > > <role-name>CN=ISSWA-MyWebsiteName-Readonly,OU=ISSWA-AppRoles,OU=WebApps,OU=Corporate > Information Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> > > <role-name>CN=ISSWA-MyWebsiteName-User,OU=ISSWA-AppRoles,OU=WebApps,OU > =Corporate Information > Services,OU=cp,OU=Services,DC=mywebsitename,DC=com</role-name> > </auth-constraint> > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > The server that does not works has > ========================================== > Tomcat Version: Apache Tomcat/8.5.58 > JVM Version: 11.0.12+7-LTS > JVM Vendor: Red Hat, Inc. > OS Name: Linux > OS Version: 3.10.0-1160.36.2.el7.x86_64 OS Architecture: amd64 > > > The server that not work has > ==================================== > Tomcat version: Apache Tomcat/8.5.30 > JVM Version: 11.0.11+9-LTS > JVM Vendor: Red Hat, Inc. > OS Name: Linux > OS Version: 3.10.0-1160.31.1.el7.x86_64 > OS Architecture: amd64 Are you able to segregate that non-working machine to run some tests against it? Can you increase the logging for the authenticator / realm to see what is happening? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
