403 Access Denied on tomcat 7 to access host manager

Question

I am added user and roles as follows on my linux(fedora 17) machine with tomcat 7, but still i am getting 403 access denied error. How to resolve this?

<role rolename="tomcat"/>
<role rolename="manager"/>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>  
<user username="tomcat" password="tomcat" roles="admin_gui,manager_gui"/> 
<user username="admin" password="admin" roles="admin,manager,admin_gui,manager_gui"/> 
<user username="hextek" password="123456" roles="admin,admin_gui,manager,manager_gui"/>  

Answer 1

Check role names that you use in use definition. They are different from standard, and those you define.
Should be manager-gui

Note that for Tomcat 6.0.30 onwards, the roles required to use the manager application were changed from the single manager role to add the following four roles. (The manager role is still available but should not be used as it avoids the CSRF protection). You will need to assign the role(s) required for the functionality you wish to access.

manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only

Answer 2

I had same problem with manager access denied and couldn't enter into manager GUI but after adding these lines to server.xml in conf folder

LINE 103.. add after

<Engine name="Catalina" defaultHost="localhost"> 

<Realm className="org.apache.catalina.realm.MemoryRealm" />

and tomcat-users.xml file

<tomcat-users>
  <role rolename="manager-gui"/>
  <user name="manager" password="password" roles="manager-gui" />
</tomcat-users>`

.... now good to go..