I am new to java/tomcat and was trying to basically add a user to the manager-GUI role. But even though I edited on the file conf/tomcat-users.xml and added as it is supposed to be(defining the roles and everything), the server doesn't accept the user. I restarted my server for 10 times and also edited the file that many times, and it still didn't work. I used Atom as XML editor and Eclipse jee oxygen to run the server. What would be the problem here?
Most likely mistake: not un-commenting out the default contents of tomcat-users.xml.
The file that ships with Tomcat has all of the contents commented-out so that the server has no default usernames and passwords enabled. You have to change change the username and password plus remove the <-- and --> delimiters around the users.
*<!--*
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
*-->*
I've added asterisks around the comments you need to remove (I'm not sure how to force-format code in markdown). Remember to remove all <role> and <user> definitions that you do not want to be effective.
Here is a very basic Tomcat config that works in Netbeans, should be the same for Eclipse :
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<user username="root" password="root" roles="admin-gui,manager-gui,manager-script" />
<role rolename="manager-script"/>
It is my understanding that you NEED to ADD a manager-script role for an IDE to be able to manage the server.
When I try to access the manager app on my Tomcat server I run into HTTP 404 status:
The requested resource is not available.
To gain access to the manager app I did the following:
Edited the [TOMCAT_HOME]/conf/tomcat-users.xml and created a new user:
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0">
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>
Edited the [TOMCAT_HOME]/webapps/manager/META-INF/context.xml and allowed access from anywhere:
<Context antiResourceLocking="false" privileged="true" >
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>
Then I restarted my Tomcat server. I can enter the http://server_domain_or_IP:8080 page but when I click on the link to the manager webapp, I'm faced with the HTTP 404 status.
I am using Tomcat 8.5.3 on Linux.
Can anyone help me to create a Tomcat manager GUI link so that I can
access the manager through the server IP?
http://(Domain Ip)/manager/html
It always shows 403 Access denied.
Here is the contents of tomcat-users.xml:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="***" roles="manager-gui"/>
</tomcat-users>
I wanted to reload any project through the GUI's reload button.
I am facing one more problem. Whenever I change my Java files, the
server doesn't reflect the changes until I restart Apache Tomcat or I reload the project.
Go to
/usr/local/apache-tomcat-8.5.3/webapps/manager/META-INF
Open context.xml
and Comment the below line in context.xml
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="some ip" />
-->
I have a strange question, I use Tomcat 8.0.33. I edit the tomcat-user.xml like that :
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="xxx" password="xxx" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
</tomcat-users>
I can login in host manager page using "admin" account, but when I go to "manage app" page and type the same username and password, it shows (in firefox 44):
The connection was reset
The connection to the server was reset while the page was loading.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
I deploy the tomcat server in amazon cloud server, I also deploy the same server in my own server, where everything could correctly work.
I have read a lot of topics in stackoverflow for solve my problem, but none was useful.
When I tried to log in Manager App ([http://localhost:8080/manager/html][1]) using a lot of different configurations, but I always obtained 401 Unauthorized after attempted to log in using the rights credentials.
I restarted the tomcat server a couple of times.
This is my last configuration in conf/tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password="admin" roles="manager-gui, manager-script, manager-jmx, manager-status, admin-gui, admin-script"/>
</tomcat-users>
This is the part related to tomcat-users in server.xml
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
This is my configuration:
Apache Tomcat: Version 7.0.40 64 bit
Tested on Chrome 26
If there is something else useful that I forgot, let me know.
Thanks in advance
From tailing [tomcat-root]/logs/catalina.out, I observed that you are using a locked username "admin"
06-May-2014 16:47:41.828 WARNING [http-nio-192.168.0.51-8080-exec-6] org.apache.catalina.realm.LockOutRealm.authenticate An attempt was made to authenticate the locked user "admin"
You should try with a better(non guessable) username.
<role rolename="manager-gui"/>
<user username="TomcatAdmin" password="secpa55wd" roles="manager-gui"/>
This should definitely work for you.
Configuration looks fine for me . can you please try with below tomacat-users.xml.
<tomcat-users>
<user name="admin" password="admin" roles="admin-gui,manager-gui" />
</tomcat-users>
Please restart the server after change.
Solutions above probably solved your problem.The locked user solution tipped me off on my issue.
Something weird I noticed... Don't know how it happened.
After installing a new tomcat7 I ended up with a "tomcat-users.xml" file owned by user root and group root.
I found out because catalina.out contains a few lines like "javax.naming.NamingException: /var/lib/tomcat7/conf/tomcat-users.xml (Permission denied)"
After changing file ownership to user "root" & group "tomcat7" fixed my login issue.
If you try any of the other Answers and then there is no difference, you may need to clean your Tomcat and then try again. These are my clean commands (not sure how general they are):
rm -R $TOMCAT_HOME/work/Catalina/<host>/*
rm -rf $TOMCAT_HOME/webapps/<app name>
Also verify that the tomcat-users.xml you are editing actually corresponds with the instance of Tomcat you are running. If you have multiple installations, but only one running, make sure you are editing the file at the correct location.
When you run startup.bat (or startup.sh), the script will output the CATALINA_* environmental variables. If the paths do match the current working directory you are running from, it is a good bet that you have been editing the wrong tomcat-users.xml file.
Check syntax and start-ending tag. i did stupid mistake when i started work on java.
This line was working for me.
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
In my case the password had special characters, that needed to be XML encoded before being added to the /opt/tomcat/conf/tomcat-users.xml file.
The tool that I used for the encoding was https://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii
If you are using XAMPP follow the below steps
Go to XAMPP and Click on Config infront of Tomcat
Then select tomcat-users.xml in the popup
And when it opens on an editor paste the following inside
tomcat-users tags with your preferred password. Which will be as follows
<tomcat-users>
<role rolename="manager-gui"/>
<user username="tomcat" password="password" roles="manager-gui"/>
</tomcat-users>
Then restart the tomcat server from XAMPP.
And open the tomcat using the browser and you can give the user name and password as you given in the config file above, In my case, username = tomcat and password = password
Don't change anything. just replace below configurations to /etc/tomcat9/tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="admin-gui,manager-gui,tomcat" /
</tomcat-users>
Then restart tomcat server by using sudo systemctl restart tomcat9
use this url to log manage-app admin http://127.0.0.1:8080/manager/html
**
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcatuser" password="tomcatpassword" roles="admin-gui,manager-gui,tomcat,manager-script,manager-jmx,manager-status"/>
</tomcat-users>
<!-- -->
**
tomacat 7+ version need to set manager rolse as manager-script,manager-jmx, manager-status
Then restart tomcat sudo systemctl restart tomcat8
1.Goto C:\Program Files\Apache Tomcat 7\conf\tomcat-users.xml
open it with notepad
2.and add following tag inside tag
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
3.on browser enter :
http://localhost:9090/manager/html
enter username:tomcat password:tomcat