Reputation: 1816
Tomcat 8 manager user for specific Virtual host
I have two virtual host, and each host has the manager app deployed. Also a user with manager-gui role is added in Tomcat 8.0\conf\tomcat-users.xml This user is able to access manager app of both the host. Is there any way to restrict a manager user to a specific host ?
Upvotes: 2
Views: 437
Answers (2)
Reputation: 737
First of all, create a new users xml database file inside [tomcat_home]/conf, lets call it tomcat-users-2.xml.
Add the following entry into the tomcat-users-2.xml file:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="[$yourUsername]" password="[$yourPassword]" roles="tomcat,manager-gui"/>
</tomcat-users>
Notice that you can add more than one user tags in the <tomcat-users>
Then in your [tomcat_home]/conf/server.xml file, find <GlobalNamingResources> tag and add (inside it):
<Resource name="UserDatabase2" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users-2.xml" />
Place the following code inside the <Host ...></Host> tags of the app you want to restrict the user to:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase2"/>
Finally you must Restart Tomcat for the changes to take effect.
Upvotes: 0
Reputation: 1744
You may define a Realm for each context in [tomcat_home]/conf/Catalina/[hostname]/manager.xml
<Context docBase="${catalina.home}/webapps/manager">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="userDatabase_2"/>
<Context>
Then in server.xml add an extra resource pointing to an alternative tomcat-users.xml file for each context:
<Resource name="userDatabase_2" auth="Container"
type="org.apache.catalina.UserDatabase"
description="another user database"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="/conf/tomcat-users-2.xml" />
I must confess that I have not thoroughly tested this. Even though it might work it's not adviced to use the UserDatabaseRealm on production systems.
If you prefer to use, for instance, form based authentication using a DataSourceRealm you may change the login-config in [tomcat_home]/webapps/host-manager/WEB-INF/web.xml to use FORM based authentication and include a datasource Resource in the Context elements. https://tomcat.apache.org/tomcat-8.0-doc/realm-howto.html
Upvotes: 0
Related Questions
- Access Tomcat Manager App from different host
- 403 Access Denied on Tomcat 8 Manager App without prompting for user/password
- Virtual Host in Tomcat 8
- tomcat 9 Host Manager 403 Access Denied
- Unable to log in in Tomcat 8.5.24 Manager even without user and password set
- how to add multiple roles to an admin user in Apache tomcat 8?
- tomcat management interface gives 403 forbidden error
- Getting Tomcat user in Java
- Unable to access Tomcat 8 manager when Tomcat is running through Apache Server
- user / pwd to tomcat 7 manager