Search code examples

HTTP 403 when attempt to perform Action

I've got an action on form

<form action="" method="POST">
            <div id="table"
                class="ui-widget-header ui-corner-all ui-widget-content">
                <table align="center" style="width: 100%">
                        <td align="center"><span
                            style="color: white; font-size: 20px;"><fmt:message
                                    key="lg" /></span></td>
                        <td align="right"><input type="text" id="login" name="login" />
                        <td align="center"><span
                            style="color: white; font-size: 20px;"><fmt:message
                                    key="paswd" /></span></td>
                        <td align="right"><input type="text" id="password"
                            name="password" /></td>
                        <td align="right" colspan="2"><input type="submit"
                            id="approve" style="font-size: 10px;"
                            value="<fmt:message key='enter'/>" /></td>

When I press the button It should perform LoginAction

HttpSession session = req.getSession();
log.debug("attempt to checkuser");
String page = req.getRequestURI();
String login = req.getParameter("login");
String password = req.getParameter("password");
loginService = new LoginServiceImpl();
if (loginService.checkExists(login, password)) {
     session.setAttribute("enterAttr", true);
     session.setAttribute("loginame", login);
     return page;
session.setAttribute("enterAttr", false);
return "redirect:" + page;

In ActionServet it should check the result of Action and then redirect to a certain page.

String name = getActionName(req);
Action action = (Action) factory.getAction(name, getClass()
String view = action.exec(req, resp);
if (view.startsWith("redirect:")) {
} else {
                "/WEB-INF/jsp/" + view + ".jsp").forward(req, resp);


But instead of it I've got HTTP Status 403 - Access to the requested resource has been denied when I try to press the button.

Where is the problem? Something with tomcat users?

Here is web.xml

<?xml version="1.0" encoding="Cp1251"?>
<web-app xmlns="" xmlns:xsi=""




    <description>Role for administrator's actions</description>




  • You are implementing your own authentication mechanism but using containers web.xml file to specify security constraints. If I were you I could try to move my authentication code to a filter and remove security constraint from web.xml file.