Reputation: 9952
tomcat 7 manager app access denied
When I first go to the manager app http://localhost:8080/manager/html, there was a browser prompt login window asking for username and password. By entering the wrong username and password, the page returned 403(access denied).
So I googled a bit and setup as follows:
<role rolename="manager-gui" />
<user username="admin" password="tomcat" roles="manager-gui"/>
<!-- these 2 lines was there before my editing -->
<user password="tom" roles="manager-script,admin" username="tom"/>
<user password="tomcat" roles="manager-script,admin" username="tomcat"/>
After restarting tomcat, the manager app this time shows 403 page directly without asking for username and password. So I'm a bit confused. What kind of authentication is this manager app using? And how can I login to the manager app?
Upvotes: 5
Views: 10853
Answers (3)
Reputation: 11
Old, but this happend to me now and i struggled until i found the problem. As described in the question, i had the tomcat-users.xml correctly configured, but the credentials were never asked by the browser.
In a new installation of Tomcat 7, the manager/META-INF/context.xml contains a filter to allow only localhost.
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
After adding the network IP it worked.
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.0\.\d+" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
In previous versions this Valve were commented.
Upvotes: 0
Reputation: 29
By default Tomcat 7 uses
LockOutRealm
: This means the username is locked out after 5 failed log ins.
SOLUTION
Add another user to tomcat-users.xml.
<?xml version='1.0' encoding='cp1252'?>
<tomcat-users>
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
I suggest keep the XML file clean, like the above example. Hope it helps.
Upvotes: -1
Reputation: 585
This has to do with the browser and its policy to preserve active logins. For Firefox you can go to ''Tools'' -> ''Clear Recent History...'' and clear ''Active Logins''. Refreshing your manager app after that will pop up the prompt you were asking for.
Cheers, β
Upvotes: 6
Related Questions
- 401 Unauthorized error while logging in Manager-App of Tomcat
- 403 Access Denied on Tomcat 8 Manager App without prompting for user/password
- Apache Tomcat 9 unable to access manager webapp
- Accessing Tomcat manager throws 404
- tomcat 9 Host Manager 403 Access Denied
- 403 Access Denied on tomcat 7 to access host manager
- Can't log into tomcat manager
- Unable to access Manager app on Tomcat 7.0.39
- Tomcat 7.0.x Manager login problem
- Tomcat 7.1.1: Access denied