12.1 Web Viewer / HTTP Status 403- Forbidden on Login / sign-on

book

Article ID: 144609

calendar_today

Updated On:

Products

CA Output Management Web Viewer

Issue/Introduction

Trying to bring up 12.1 Web Viewer for the first time on a new system. TOMCAT (9.0.14 from Common Services) seems to be working. The webapp for CAOMWV launches, but when I type in my ID and password, I get a HTTP Status 403- Forbidden. There is nothing helpful in TOMCAT log. The CAOMWV Audit and JDBC traces have messages about DRAS.  Audit has errors about LMP keys, but SYSVIEW shows the same LMP keys are AUTH as another system where CAOMWV is working. The DRAS task is running and no error messages. The JDBC trace has error messages about DRASCCI. We have CCI running.  The CCITRACE is empty. 

Environment

Release : 12.1

Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Resolution

The 403-Forbidden did NOT occur with the Web Viewer distributed Tomcat. Research revealed the root of the problem was in CCSTomcat/CCS/tpv/tomcat/conf/Web.xml and the instructions RESTRICTing PUSH and POST. Commenting out the instructions and recycling the CCS Tomcat resolved the problem.
9.0.14 - The HTTP methods below will be disabled by default
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>
<strong>restricted methods</strong>
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>OPTIONS</http-method>
<http-method>PUT</http-method>
<!-- <http-method>POST</http-method> -->
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
</web-app>

Additional Information

As of February 2020, there's no other release prior to CCS Apache Tomcat 9.0.14 that uses the <security-constraint> - meaning the web.xml from the Common Services distributed Tomcat 9.0.14 is the only one where the POST instruction near the bottom of the file needs to be commented out. 
...or you can install the Tomcat distributed with Web Viewer or from Web Viewer maintenance (see solution 108 TOMCAT 9.0.22(RESOLVES TOMCAT 8.5.32 VULNERABILITIES) :so09736).