I am using tomcat version 9.0.1. Running on a linux machine using java 9.
in my tomcat-users.xml i have added below
<role rolename="manager-gui"/>
<role rolename="manager"/>
<role rolename="manager-script"/>
<user username="admin" password="admin" roles="manager-gui,manager,manager-script"/>
in my server.xml added below line after googling
<Realm className="org.apache.catalina.realm.MemoryRealm" />
After that i started by tomcat server, while accessing the maneger gui getting below error
403 Access Denied
You are not authorized to view this page.
If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
please help
tomcat-users.xml
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-gui"/>
<role rolename="manager"/>
<role rolename="manager-script"/>
<user username="admin" password="admin" roles="manager-gui,manager,manager-script"/>
</tomcat-users>
I think the solution for the 403 ERROR is adding your IP/IPs to the file
webapps/manager/META-INF/context.xml
in the section:
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="X.X.X.X"/>
I am using Tomcat 8.5.3 on Linux.
Can anyone help me to create a Tomcat manager GUI link so that I can
access the manager through the server IP?
http://(Domain Ip)/manager/html
It always shows 403 Access denied.
Here is the contents of tomcat-users.xml:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="***" roles="manager-gui"/>
</tomcat-users>
I wanted to reload any project through the GUI's reload button.
I am facing one more problem. Whenever I change my Java files, the
server doesn't reflect the changes until I restart Apache Tomcat or I reload the project.
Go to
/usr/local/apache-tomcat-8.5.3/webapps/manager/META-INF
Open context.xml
and Comment the below line in context.xml
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="some ip" />
-->
I have a web application written in java and I want to protect everything that is inside admin folder which is inside WebContet folder. The issue is that the server constantly asks for username and password. My web.xml is:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Constraint</web-resource-name>
<url-pattern>/admin/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administration</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>AdministrationArea</realm-name>
</login-config>
My users xml file is
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="administration"/>
<user username="admin" password="admin" roles="administration,tomcat"/>
<user username="tomcat" password="tomcat" roles="admin-gui,manager-gui"/>
And my server xml file is :
<Context path="/admin" docBase="admin"><Realm className="org.apache.catalina.realm.MemoryRealm"resourceName="AdministrationArea"digest="MD5"/></Context>
I am new to this. Help please.
The problem is not your Tomcat configuration, but just the way HTTP authentication works. The server will ask your browser to verify username and password on every request, which is why most browser will save username and password for at least a short while.
If you want to make your webapp secure you should think about adding your own security to it, including sessions and cookies. How to do that depends on your specific configuration and the frameworks you're using, so I can't really help you more with that.
I have read a lot of topics in stackoverflow for solve my problem, but none was useful.
When I tried to log in Manager App ([http://localhost:8080/manager/html][1]) using a lot of different configurations, but I always obtained 401 Unauthorized after attempted to log in using the rights credentials.
I restarted the tomcat server a couple of times.
This is my last configuration in conf/tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password="admin" roles="manager-gui, manager-script, manager-jmx, manager-status, admin-gui, admin-script"/>
</tomcat-users>
This is the part related to tomcat-users in server.xml
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
This is my configuration:
Apache Tomcat: Version 7.0.40 64 bit
Tested on Chrome 26
If there is something else useful that I forgot, let me know.
Thanks in advance
From tailing [tomcat-root]/logs/catalina.out, I observed that you are using a locked username "admin"
06-May-2014 16:47:41.828 WARNING [http-nio-192.168.0.51-8080-exec-6] org.apache.catalina.realm.LockOutRealm.authenticate An attempt was made to authenticate the locked user "admin"
You should try with a better(non guessable) username.
<role rolename="manager-gui"/>
<user username="TomcatAdmin" password="secpa55wd" roles="manager-gui"/>
This should definitely work for you.
Configuration looks fine for me . can you please try with below tomacat-users.xml.
<tomcat-users>
<user name="admin" password="admin" roles="admin-gui,manager-gui" />
</tomcat-users>
Please restart the server after change.
Solutions above probably solved your problem.The locked user solution tipped me off on my issue.
Something weird I noticed... Don't know how it happened.
After installing a new tomcat7 I ended up with a "tomcat-users.xml" file owned by user root and group root.
I found out because catalina.out contains a few lines like "javax.naming.NamingException: /var/lib/tomcat7/conf/tomcat-users.xml (Permission denied)"
After changing file ownership to user "root" & group "tomcat7" fixed my login issue.
If you try any of the other Answers and then there is no difference, you may need to clean your Tomcat and then try again. These are my clean commands (not sure how general they are):
rm -R $TOMCAT_HOME/work/Catalina/<host>/*
rm -rf $TOMCAT_HOME/webapps/<app name>
Also verify that the tomcat-users.xml you are editing actually corresponds with the instance of Tomcat you are running. If you have multiple installations, but only one running, make sure you are editing the file at the correct location.
When you run startup.bat (or startup.sh), the script will output the CATALINA_* environmental variables. If the paths do match the current working directory you are running from, it is a good bet that you have been editing the wrong tomcat-users.xml file.
Check syntax and start-ending tag. i did stupid mistake when i started work on java.
This line was working for me.
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
In my case the password had special characters, that needed to be XML encoded before being added to the /opt/tomcat/conf/tomcat-users.xml file.
The tool that I used for the encoding was https://coderstoolbox.net/string/#!encoding=xml&action=encode&charset=us_ascii
If you are using XAMPP follow the below steps
Go to XAMPP and Click on Config infront of Tomcat
Then select tomcat-users.xml in the popup
And when it opens on an editor paste the following inside
tomcat-users tags with your preferred password. Which will be as follows
<tomcat-users>
<role rolename="manager-gui"/>
<user username="tomcat" password="password" roles="manager-gui"/>
</tomcat-users>
Then restart the tomcat server from XAMPP.
And open the tomcat using the browser and you can give the user name and password as you given in the config file above, In my case, username = tomcat and password = password
Don't change anything. just replace below configurations to /etc/tomcat9/tomcat-users.xml
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="admin-gui,manager-gui,tomcat" /
</tomcat-users>
Then restart tomcat server by using sudo systemctl restart tomcat9
use this url to log manage-app admin http://127.0.0.1:8080/manager/html
**
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="tomcat"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcatuser" password="tomcatpassword" roles="admin-gui,manager-gui,tomcat,manager-script,manager-jmx,manager-status"/>
</tomcat-users>
<!-- -->
**
tomacat 7+ version need to set manager rolse as manager-script,manager-jmx, manager-status
Then restart tomcat sudo systemctl restart tomcat8
1.Goto C:\Program Files\Apache Tomcat 7\conf\tomcat-users.xml
open it with notepad
2.and add following tag inside tag
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
3.on browser enter :
http://localhost:9090/manager/html
enter username:tomcat password:tomcat
I am trying to put user access level in My Java Web Application.But even I enter the correct username and password which I have declare in the tomcat-user.xml file It is not working. It gong to loginerror page. Basic Authentication Method also Not Accepting Correct Username and password.
This tomcat-users.xml
<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
<role rolename=”Admin”/>
<role rolename=”Member”/>
<role rolename=”Doctor”/>
<role rolename=”Guest”/>
<user username=”sirojan” password=”sirojan” roles=”Admin” />
<user username=”ram” password=”ram123” roles=”Member” />
<user username=”vithu” password=”newbie” roles=”Guest” />
</tomcat-users>
This is a part of server.xml file
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.MemoryRealm" />
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<!-- <Realm className="org.apache.catalina.realm.MemoryRealm" /> -->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/><!--
--> </Realm>
This is My a part of web.xml file
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>Member</role-name>
</security-role>
<security-role>
<role-name>Guest</role-name>
</security-role>
<security-role>
<role-name>Doctor</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login2.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>AdminTasks</web-resource-name>
<url-pattern>/Department.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Member</role-name>
</auth-constraint>
</security-constraint>
<error-page>
<error-code>404</error-code>
<location>/notFoundError.jsp</location>
</error-page>
</web-app>
Did I anything wrong??. If you need further pl comment it. Can you please give the solutions for that??
first check whether the existing roles are working for you or not .
for that u need to uncomment the roles in tomcat-users.xml
if they are working ,and u r able to login in tomcat console, then problem is ur syntax ,
if they are not working then u need to go with the error page documentation and check what u r doing is correct or not because this is kind of easy and works every time for me .