I just deployed SpringBoot App WAR file to tomcat 8 server and need to check app status. However,I'm getting:401 Unauthorized while trying to access Tomcat App Manager:
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
I've restarted server after adding roles to tomcat-users.xsd.Below is my tomcat-users.xsd:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,manager-gui"/>
<user username="manager-gui" password="tomcat" roles="manager-gui"/>
</tomcat-users>
I have the following code from tomcat-users.xml
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
I want to add following new role and new user into it from shell script.
<role rolename="manager-gui"/>
<user username="t" password="t" roles="manager-gui”/>
How to do this in shell script?
You should know the risk if you try to handle xml/html file with regex.
Here is the dirty and quick way with gnu sed:
sed -ir '/<tomcat-users>/s#.*#&\n<role rolename=".../>\n<user....#' tomcat-users.xml
I am trying to access the manager app in tomcat7. However it doesnot even ask for credentials and shows 403 access denied directly. I have already set my conf/tomcat-users.xml file. Here is a snapshot :
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manger-script"/>
<user password="user1" roles="admin-gui" username="user1"/>
<user password="user1" roles="manager-gui" username="user1"/>
<user password="tomcat" roles="tomcat" username="tomcat"/>
<user password="user1" roles="manager" username="user1"/>
<user password="tomcat" roles="tomcat,role1" username="both"/>
<user password="tomcat" roles="role1" username="role1"/>
<user password="user1" roles="manager-script,admin,tomcat" username="user1"/>
</tomcat-users>
It was working fine for me a few days ago, though! Also, this is not a duplicate of this link or any other as I am not even getting a prompt for credentials.
I am added user and roles as follows on my linux(fedora 17) machine with tomcat 7, but still i am getting 403 access denied error. How to resolve this?
<role rolename="tomcat"/>
<role rolename="manager"/>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="admin_gui,manager_gui"/>
<user username="admin" password="admin" roles="admin,manager,admin_gui,manager_gui"/>
<user username="hextek" password="123456" roles="admin,admin_gui,manager,manager_gui"/>
Check role names that you use in use definition. They are different from standard, and those you define.
Should be manager-gui
Note that for Tomcat 6.0.30 onwards, the roles required to use the
manager application were changed from the single manager role to add
the following four roles. (The manager role is still available but
should not be used as it avoids the CSRF protection). You will need to
assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
I had same problem with manager access denied and couldn't enter into manager GUI but after adding these lines to server.xml in conf folder
LINE 103..
add after
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.MemoryRealm" />
and tomcat-users.xml file
<tomcat-users>
<role rolename="manager-gui"/>
<user name="manager" password="password" roles="manager-gui" />
</tomcat-users>`
.... now good to go..
I got the same problem as Raman, I add "admin-gui" role and able to get host-manager pages.
Here's the ref: http://www.gayward-concepts.com/cannot-access-host-manager-in-tomcat7/
Add following to the "tomcat-users.xml" under "tomcat-users" tag. (Better to comment existings in between "tomcat-users" tag)
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin" password="admin" roles="manager-gui,admin-gui"/>
Save and restart tomcat!!
If you are still receiving 403 despite having configured tomcat-users.xml properly, do take a look at the content.xml within manager.
Example,
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
Notice it requires you to use 127.0.0.1 or [::1], so modify this according to your security requirements.
It often happens when you modify the config file in your Tomcat directory installation, but if you are using Tomcat with NetBeans for example, the conf file to be modiefied is not that one:
For Window User go to:
C:\Users\YOURACCOUNTNAME.netbeans\7.1.2\apache-tomcat-7.0.22.0_base\conf
To use the web administration gui you have to add the gui role :
<tomcat-users>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="tomcat" roles="manager-gui,manager-status"/>
</tomcat-users>
In my tomcat-users.xml, I have
<tomcat-users>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="pass" roles='admin-gui,manager-gui'/>
</tomcat-users>
When I try to access http://localhost:8080/manager/html using the username and password, it does not log me in. The same authentication box appears again.
Put your roles in double quotes:
<user username="admin" password="pass" roles="admin-gui,manager-gui"/>
I found it was necessary to restart the tomcat server and restart/close/reopen the browser after changing the tomcat-user.xml.
This then worked.
when restarting the tomcat server I use the ./shutdown.sh wait a couple of seconds then use the ./startup.sh from the tomcat bin directory. This gives the server a chance to reload.