I have tomcat running on an ubuntu instance on aws and I can successfully get to the If you're seeing this, you've successfully installed Tomcat. Congratulations! page but when I click on Manager App I immediately get navigated to the 403 Access Denied page.
I've edited the tomcat-users.xml file to have a manager-gui role and even made the user have manager-status, manager-script, as well.
Then I shut down the server using bin/shutdown.sh, navigated to the page to check that it was actually shut down then did bin/startup.sh to restart it.
But whenever I click on that Manager App button it doesn't even bring up the username/password box it just goes straight to the 403 page.
Am I missing something else?
Edit: Here is my entire users xml file
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="myPassword" roles="manager-gui,manager-status,manager-script"/>
</tomcat-users>
This helped me to get it working. Tomcat manager never asking me ID/PASSWORD
You need to add the manager.xml to conf/Catalina/localhost
According to the documentation:
"A default Tomcat installation includes the Manager. To add an instance of the Manager web application Context to a new host install the manager.xml context configuration file in the $CATALINA_BASE/conf/[enginename]/[hostname] folder"
In my case for example, I have this path: /opt/tomcat/conf/Catalina/localhost
Example of manager.xml
<Context privileged="true" antiResourceLocking="false" docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" /></Context>
I believe another way to resolve this is to edit the context.xml file that exists by default in the app:
$CATALINA_HOME/webapps/manager/META-INF/context.xml
Prior to Tomcat 8.5, the Valve here was commented out:
<Context antiResourceLocking="false" privileged="true" >
<!--
Remove the comment markers from around the Valve below to limit access to
the manager application to clients connecting from localhost
-->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
But it seems to be uncommented by default in 8.5. As noted in the 8.5x migration guide, https://tomcat.apache.org/migration-85.html#Migrating_from_8.0.x_to_8.5.x:
Migrating from 8.0.x to 8.5.x
This section lists all the known changes between 8.0.x and 8.5.x which may cause backwards compatibility problems when upgrading.
...
Web applications
The Manager and HostManager web applications are configured by default with a RemoteAddrValve that limits access to those applications to connections from localhost.
So, bottom line, I think you could adjust the context.xml in the app, or make a new manager.xml file and adjust that context element, as described above.
You need to create a context for the Manager App and allow access from Tomcat 8.5.x
Under your $CATALINA_BASE/conf/Catalina/localhost/ home create a file manager.xml
manager.xml content, note my source is 172.31.254.37 (my computer), change this to your source :
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="172\.31\.254\.37" />
</Context>
Make sure your User/Roles are defined in $CATALINA_BASE/conf/tomcat-users.xml
<user username="tomcat" password="tomcat" roles="manager-gui,manager-status"/>
Kind Regards,
Jacques de Jager
来源:https://stackoverflow.com/questions/38172756/apache-tomcat-8-5-3-manager-app-403-error