I'm fairly new to using Tomcat so I'm sure I'm missing something.
I have managed to run Tomcat on Ubuntu 18.04 and opened up the manager page, added a .war file which extracted perfectly and got displayed in the manager page(running=true)
However when I try to open up the app from the browser using the exact path it returns a 403 forbidden error with this in the description The server understood the request but refuses to authorize it.
What do I do to get it working
I have tried chown tomcat8:tomcat8 <foldername> and when I tried to refresh the browser the error message changed to 404 not found.
This is likely not a filesystem issue. What is most likely happening is the application requires authentication. Couple of ways to determine this... the best is to read the documentation. You can also look at the source code. Unzip the war and look in the WEB-INF directory, and you should see a web.xml. In that you'll see a security-constraint and roles sections. You'll need a user with those roles.
Tomcat can authenticate against a local database. In the conf directory, there will be a tomcat-users.xml you can add users to (there is examples in that file). Once you've created users, restart tomcat and try logging in with one of those users.
I have a spring app built with maven and hosted on WebLogic server with a context-root of /myApp. To access the app you must enter the URL: myserver:7001/myApp. Is there any way to keep the context root at /myApp, but when a user goes to https://myserver:7001 they are redirected to https://myserver:7001/myApp? The Spring app is a single page app, using index.html as the base of the page so I can't (or havent been able to) successfully use a welcome-page to redirect to the context-root.
I need to login a web application(internet) from another web application(intranet) deployed internal having only the username and without share the password.
I'd like to login like a customer from the internal help desk web site in order to give support in realtime and see the same things that the customer see from home.
Is there away to use the security of the internal website based on active directory and Weblogic to login on the another web application accessible from internet and deployed on weblogic?
"Oracle Co Browsing " helps you..check here
I have deployed my j2ee webapplication in tomcat(running in Ubuntu server 14.04). Ubuntu server has some users ie. user1, user2, user3, public(with sudo rights). Now these users needs to access folders in their home directory remotely(using Web UI from webapplication). I don't know which api to use or to implement it.
I will like to explain by example.
1. If I am a normal user of ubuntu server with credential i.e. username - user1 and password- 12345. Now I would like to fill these credentials in login page of webapplication deployed in that server and would like to get list of directories present in my home directory of server. Also, I will like open/edit files present.
2. If user1 belongs to some group then how to get access of all the resources present there.
Any help is really appreciated.
Thanks in advance.
I have the following problem. In one server, I have a folder /protected/ that requires authentication using a SAML token.
When I try to access resources in this folder, I get redirected to a log-in page first, and after login I can access the resource.
Now, I added a .jnlp file inside the /protected/ folder with all resources required. When I try to access the .jnlp file, I get the login page as expected. After logging in Java Web Start initializes and tries to download the resources.
However, Smart Start fails immediately, complaining that it couldn't parse the .jnlp file. When I look into the debug console, I see that Java downloaded, instead of the jnlp file, the log-in page. So it seems that the Java Web Start application does not share the credentials of the browser, so it requires a new log-in
My identity provider is ZXID, and we are using SAML. I would assume that Java Web Start must somehow use the same SAML token as the browser, right? Is this correct? is it possible?
So far in my investigations, it seems that when the browser finds a .jnlp file, it starts Java immediately and the Java Application will try to download the jnlp, creating this issue. I did find out that the JNLP file must not contain the codebase entry. Otherwise the Java VM will try to re-download the file, but because it is not authenticated it will get the login page.
However, if the JNLP can be read, the resources can not be in the protected area either, because again JWS is not authenticated.
So I guess what is needed is that the JWS VM somehow gets the session id from the browser, so it is considered Authenticated.
Any ideas?
So far, I haven't found a proper solution to this problem. I did the following, and it worked:
Created a protected area on my server, and added a servlet behind it
My servlet creates a JNLP file on the fly, with a session id.
JNLP file is used to download the JARs from a public location
The session id is used by the web start application to load resources from the protected area.