12.1 Web Viewer / HTTP Status 403- Forbidden on Login / sign-on
Article ID: 144609
Updated On:
Products
Issue/Introduction
Trying to bring up OM Web Viewer 12.1 for the first time on a new system. Apache Tomcat® TOMCAT (9.0.14 from Common Services) seems to be working. The webapp for OM Web Viewer launches, but when I type in my ID and password, I get a HTTP Status 403- Forbidden. There is nothing helpful in Apache Tomcat® log. The OM Web Viewer Audit and JDBC traces have messages about DRAS. Audit has errors about LMP keys, but SYSVIEW shows the same LMP keys are AUTH as another system where OM Web Viewer is working. The DRAS task is running and no error messages. The JDBC trace has error messages about DRASCCI. We have CCI running. The CCITRACE is empty.
Environment
- Common Services for z/OS MVS 15.0
- Output Management Web Viewer 12.1
- DRAS 14.0
- CCS Apache Tomcat®
Resolution
The 403-Forbidden did NOT occur with the OM Web Viewer distributed Apache Tomcat®. Research revealed the root of the problem was in CCSTomcat/CCS/tpv/tomcat/conf/Web.xml and the instructions RESTRICTing PUSH and POST. Commenting out the instructions and recycling the CCS Apache Tomcat® resolved the problem.
Additional Information
As of February 2020, there's no other release prior to CCS Apache Tomcat® 9.0.14 that uses the <security-constraint> - meaning the web.xml from the Common Services distributed Apache Tomcat® 9.0.14 is the only one where the POST instruction near the bottom of the file needs to be commented out.
...or you can install the Apache Tomcat® distributed with OM Web Viewer and apply maintenance to it. Scroll down if needed to find the latest Apache Tomcat® version.
Feedback
