I just deployed SpringBoot App WAR file to tomcat 8 server and need to check app status. However,I'm getting:401 Unauthorized while trying to access Tomcat App Manager:
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
I've restarted server after adding roles to tomcat-users.xsd.Below is my tomcat-users.xsd:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,manager-gui"/>
<user username="manager-gui" password="tomcat" roles="manager-gui"/>
</tomcat-users>
I'm having a problem accessing to tomcat manager app on localhost. As I installed tomcat to my mac, it didn't ask to set username or password (as it does on windows). But if I try to login to manager app it requires both of them.
What I've tried so far:
1) I took the username and password from tomcat-user.xml and tried to login
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
2) Then I uncommented role and user tags (by default they are commented) and tried to login
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
3) Then I added some extra lines to xml, that are described here https://wiki.apache.org/tomcat/TomcatOnMacOS under step 3 and tried to login
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="tomcat,admin,manager"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
but so far nothing has helped. Any suggestions how to solve this problem?
If you press cancel on the basic authentication that pops up it should list the roles you're missing/are needing.
I have this config for my tomcat 8:
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<role rolename="manager-script"/>
<user username="admin" password="password" roles="manager-gui,admin-gui,manager-script"/>
It's been a while since I've actively and willingly used the manager application, but there are two common caveats. One is written in the snippet that you copied in your question
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
e.g. you might need a manager-gui role. However, due to my abstinence of using this app, I'm not 100% sure that this is indeed the case, manager might be sufficient.
The other common problem is something that you don't mention: tomcat-users.xml will only be read once at startup. If you change it while tomcat runs, you need to restart tomcat in order to pick up the changes - or configure a different realm that uses a proper database. tomcat-users.xml is just a quick-and-dirty implementation of a realm, that's not really good for production use IMHO (unless limitations like this are fine for you).
Try setting the manager-gui role. This would work
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="password1" roles="tomcat, manager-gui"/>
</tomcat-users>
I have the following code from tomcat-users.xml
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
I want to add following new role and new user into it from shell script.
<role rolename="manager-gui"/>
<user username="t" password="t" roles="manager-gui”/>
How to do this in shell script?
You should know the risk if you try to handle xml/html file with regex.
Here is the dirty and quick way with gnu sed:
sed -ir '/<tomcat-users>/s#.*#&\n<role rolename=".../>\n<user....#' tomcat-users.xml
I am trying to access the manager app in tomcat7. However it doesnot even ask for credentials and shows 403 access denied directly. I have already set my conf/tomcat-users.xml file. Here is a snapshot :
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manger-script"/>
<user password="user1" roles="admin-gui" username="user1"/>
<user password="user1" roles="manager-gui" username="user1"/>
<user password="tomcat" roles="tomcat" username="tomcat"/>
<user password="user1" roles="manager" username="user1"/>
<user password="tomcat" roles="tomcat,role1" username="both"/>
<user password="tomcat" roles="role1" username="role1"/>
<user password="user1" roles="manager-script,admin,tomcat" username="user1"/>
</tomcat-users>
It was working fine for me a few days ago, though! Also, this is not a duplicate of this link or any other as I am not even getting a prompt for credentials.
In my tomcat-users.xml, I have
<tomcat-users>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="pass" roles='admin-gui,manager-gui'/>
</tomcat-users>
When I try to access http://localhost:8080/manager/html using the username and password, it does not log me in. The same authentication box appears again.
Put your roles in double quotes:
<user username="admin" password="pass" roles="admin-gui,manager-gui"/>
I found it was necessary to restart the tomcat server and restart/close/reopen the browser after changing the tomcat-user.xml.
This then worked.
when restarting the tomcat server I use the ./shutdown.sh wait a couple of seconds then use the ./startup.sh from the tomcat bin directory. This gives the server a chance to reload.