403 Access Denied in Tomcat

Question

I have the following in the tomcat-users.xml:

<tomcat-users>
<role rolename="admin"/>
<role rolename="manager"/>
<user username="aname" password="apassword" roles="admin,manager"/>
</tomcat-users>

If I go to http://localhost:8080/manager/html, I'm asked about username and password (as far as I understand, about these from the tomcat-users.xml), but when I enter them, I get:

403 Access Denied
You are not authorized to view this page.

If you have already configured the Manager application to allow access and you have used your browsers back button...

What could be a reason of such a behavior? Thanks in advance.

Answer 1

To use the web administration gui you have to add the gui role.

In [Tomcat installation path]/conf/tomcat-users.xml you can define role and affect them to user. For example :

<tomcat-users>
    <role rolename="admin"/>
    <role rolename="admin-gui"/>
    <role rolename="manager"/>
    <role rolename="manager-gui"/>

    <user username="name" password="pwd" roles="admin,admin-gui,manager,manager-gui"/>
</tomcat-users>

---

Note :

You may not have any default username and password defined here so it's always good to take the time to do this configuration or you'll encounter issue when using Tomcat integrated in IDE like NetBeans. Indeed it will require these credentials in order to use it properly.