Cannot access to Apache Tomcat/8.0.32 Manager App on OSX

Question

I'm having a problem accessing to tomcat manager app on localhost. As I installed tomcat to my mac, it didn't ask to set username or password (as it does on windows). But if I try to login to manager app it requires both of them.

What I've tried so far:

1) I took the username and password from tomcat-user.xml and tried to login

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>

2) Then I uncommented role and user tags (by default they are commented) and tried to login

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->

  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

</tomcat-users>

3) Then I added some extra lines to xml, that are described here https://wiki.apache.org/tomcat/TomcatOnMacOS under step 3 and tried to login

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->

  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="tomcat,admin,manager"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>

</tomcat-users>

but so far nothing has helped. Any suggestions how to solve this problem?

Answer 1

If you press cancel on the basic authentication that pops up it should list the roles you're missing/are needing.

I have this config for my tomcat 8:

<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<role rolename="manager-script"/>
<user username="admin" password="password" roles="manager-gui,admin-gui,manager-script"/>

Answer 2

It's been a while since I've actively and willingly used the manager application, but there are two common caveats. One is written in the snippet that you copied in your question

<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->

e.g. you might need a manager-gui role. However, due to my abstinence of using this app, I'm not 100% sure that this is indeed the case, manager might be sufficient.

The other common problem is something that you don't mention: tomcat-users.xml will only be read once at startup. If you change it while tomcat runs, you need to restart tomcat in order to pick up the changes - or configure a different realm that uses a proper database. tomcat-users.xml is just a quick-and-dirty implementation of a realm, that's not really good for production use IMHO (unless limitations like this are fine for you).