I have an HTTPD server which does the LDAP Authentication in front of Tomcat server. My application resides in the Tomcat.
I am proxying the authenticated requests via AJP connector of tomcat to my application. Now I want to close the HTTP connector. But the manager app is not accessible (saying 403 error).
- When I am accessing http://localhost/my_app. Everything works fine.
- When I am accessing http://localhost/manager/ , it gives me 403 error.
- With HTTP connector is open ie, http://localhost:port/manager, it is accessible.
This is an educated guess. I think this might be a case of both the Manager part and Apache using HTTP authentication headers for authentication.
When the client connects to
http://localhost/manager, Apache asks for authentication credentials for LDAP authentication. The client will then send the authentication information to Apache, which accepts the requests and passes it to Tomcat's manager part.However, since the credentials are not what were defined for the manager, it returns 403 error.
The solution would be to exclude
/managerpart from the LDAP authentication. Unfortunately I don't know how that would be done within Apache.based on https://stackoverflow.com/questions/5808206/how-to-fix-tomcat-http-status-403-access-to-the-requested-resource-has-been-den
it seems that you are missing a role definition.
In the tomcat-users.xml file add a user with the role
manager: