Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Tomcat manager does not ask to login

Tags:

tomcat

I have Tomcat v9 installed in Linux. When I try to access Manager App - it does not ask for any login, and shows an 403 Access Denied error in the next page.

The tomcat-users.xml file shows the users entry as below-

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">

  <role rolename="manager-gui"/>
  <role rolename="admin-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-status"/>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="admin" password="admin" roles="admin-gui,manager-gui"/>
  <user username="tomcat" password="tomcat" roles="tomcat,manager-gui"/>
  <user username="both" password="both" roles="tomcat,role1"/>
  <user username="role1" password="role1" roles="role1"/>

</tomcat-users>

Also from server.xml, the tomcat-users.xml file is mapped properly.

>

   <GlobalNamingResources>
    <!-- Editable user database that can also be used by
         UserDatabaseRealm to authenticate users
    -->
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

I dont understand why it is not asking me to login. Until it does so, I can not validate its getting proper role or not. What may be the issue?

like image 821
Dimitry Khan Avatar asked Jul 22 '16 21:07

Dimitry Khan


3 Answers

There is a new ip address restriction in the manager app itself. Take a look at the configuration file TOMCAT_HOME\webapps\manager\META-INF\context.xml. There should be something like this:

<Context antiResourceLocking="false" privileged="true" >
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

I would suggest to add your remote ip address, e.g. allow the private network 192.168.0.0:

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.0\.\d+" />

PS: Same settings need to be changed for the host-manager.

like image 60
beendr Avatar answered Oct 13 '22 09:10

beendr


Please check if </tomcat-users> tag is used twice in your 'tomcat-users.xml'. This is common mistake I seen people do. Normally people do write </tomcat-users> tag after they finished writing their own code and don't notice that at the end of the file, there is already existence of it.

Else, your code looks good. I just ran it, works perfect!

like image 31
Sirsendu Avatar answered Oct 13 '22 11:10

Sirsendu


I was running into the same error just now. I determined that it was, as previously listed, an IP restriction issue.

The documentation states that by default you should be able to access management from the local server where the software is installed. What I found worked to allow the authentication popup was instead of using http://servername:8080 using http://127.0.0.1:8080.

When I used the loopback address instead of the servername or actual IP address in the URL I was correctly prompted for the credentials and could access what I needed. That way you don't have to open up the management page from other nodes on your network.

like image 24
Kevin Graber Avatar answered Oct 13 '22 10:10

Kevin Graber