Weblogic Error 403--Forbidden

Question

I am trying to run a Java EE application on weblogic. The application works fine on Tomcat. I have customized the war file to include weblogic.xml. This file includes the fo

Answer 1

If you miss adding corresponding security configuration in weblogic.xml you will get "403 Forbidden. The server understood the request, but is refusing to fulfill it." error.

Thus make sure that besides having configured your web.xml with "security-constraint", "login-config" and "security-role" settings, you have also "security-role-assignment" configuration in weblogic.xml, like the following:

<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.8/weblogic-web-app.xsd">
     <wls:weblogic-version>12.2.1</wls:weblogic-version>
     <wls:context-root>SomeApp</wls:context-root>
     ***************
     ***************
     <wls:security-role-assignment>
         <wls:role-name>someGroupeDefinedInWebLogicServer</wls:role-name>
         <wls:principal-name>someUserDefinedInWebLogicServer</wls:principal-name>
     </wls:security-role-assignment>
     ***************
     ***************
</wls:weblogic-web-app>

Hope, this hepls.