Re: Login appears only once : solved
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anwar, On 8/18/20 17:42, Anwar AliKhan wrote: > It came down to browser privacy and security settings. Cleared all > previous cookies and blocked third party cookies. Now Login appears > every time in Google chrome. None of that is necessary. Just "clear logins" from the site and you are good. At least that's what Firefox calls it when it forgets all HTTP Basic logins. Maybe Chrome doesn't have that. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XucACgkQHPApP6U8 pFgBFQ/8Cmg0sdFBev5CZPr3nDPRj/EdzRcbRShKcckN0ikWPbgAok4QfEzX0uBZ n/w+EOpyrIgGWs7vmjxpftT8f6eQpRsDPGETNzefad8mpNxhTWhTXsyAkKn8wooP CZ7iU91xgE/IpAjxAjHeIaFY1wEXlOWR1mM3njSsQLPfMBN/ITJaUSJjcPCzYJpn VUhrpuOx7K57XF8bf+C4Ucl2A2fJ2LVxj15PmHkH30R34vN3Gk4GYgPvhhxD0Ymv UgSCTqFy5k33YIZ9kprx3fGuuGDRFv2TtZaTTGGP4MKxYW3i3LvNf89D7yFkn/5i 9bN/uQGX7OthzJ4lCUa4gfothT3xGvMiw/QX4dHQsUOOaqIZCYJKPKh0mppK9xHb g0UPnlTcJqdXY+BHEduNOHFLalZYECOqtYd0vXxAJv4MCbkRlswV3/TqBZ0Z2QaU +jLLjBT82oAYEr1oyjzYlRxOVyIxryTnyCgo3S1QTSbs9QY4WHT544M5W+gZChWD 4vSmXfPtkT1I5cizYAH2L2Dcd98vk4LxW97sw00KRRNTu7S5jF1YF7Mv7mJMmcyo PVveoflXu9uF7NVmDV0CeVGEokt3KsrdfzEx+8n50ZcyguCwv36D5rzIXCP2kFsp DaENkjjhevDBK882mLTSOdVXP8sGYC3SrK2KGmNPdJaGJBvX0ww= =pUL9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Login appears only once
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anwar, On 8/18/20 14:45, Anwar AliKhan wrote: > I rebooted the machine , then the login box appeared . Obviously > this is not an ideal solution! Which machine did you reboot? The Tomcat server or your own client (browser)? Neither was necessary to get a login page. Was the password you entered into tomcat-users.xml the same one you provided when you first entered your username and password? Sometimes, browsers don't bother to re-request pages when they think they know the answer to the query (403). So maybe this was a browser-cache issue? SHIFT-CTRL-R / SHIFT-CMD-R to fully-reload maybe? - -chris > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, > wrote: > >> Hi, I deployed an app called tomee using the tomcat manager app. >> >> The first time I selected the app in the tomcat manager to run >> it. a login appeared asking for username and password. >> >> I had not set it up. So it took me to the 403 page . >> >> Now I have set up tomee-admin user. >> >> I stopped restarted tomcat for it to register the contents of >> tomcat-users.xml I no longer get the login Box. It goes straight >> to the 403 page. >> >> *what is the problem ? Thanks for your help* >> >> >> >> >> >> > username="tomee" password="tomee" roles="tomee-admin" /> HTTP >> Status 403 – Forbidden -- >> >> *Type* Status Report >> >> *Message* Access to the requested resource has been denied >> >> *Description* The server understood the request but refuses to >> authorize it. -- Apache >> Tomcat/9.0.37 >> > -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl88XGQACgkQHPApP6U8 pFjtuxAAk7SmX3BVXXrIeJWkANJ0gaef3zmX48nIgewIJMsmQJIZx8Ax05dClaqM F0S5kErMyba8OSo2R/5n1b3R0qCGIB3aFmStqTFY83Uw/cYrpRZA8mfgicvpNPZG He6FBaUoDnRcZbuSpD8jRGnFQpt+gXVD5cNjg4TFd8pOijS0eZo+MtLEGI34iPed fgY7ZFYuDKXge23fWhbeOH25fnEc+4KBivUbTAH34zlBTmRFb2lZxorq9s1rxl+r ioO/mkTk/1ml9e+eGj3hPcUaY0bLuZhIEKjOw5p2jMlPbFNJDGJMpoBOUCNRJaxH RlStmedLTHSlr2zT9Q/jqKfybacTN8ERIxTkhuBW9smBY/fAIo2UYnQS7Rma6U0w 8bN0NLAN/YNz4E3qg9F1Af0DX28gSGlRiL7mbDDjqWwJtT5rjKUpKHf65SqAoMq1 jU2edaQYpdX7wHgI9PT+omUcyRQwOPLn5Cawv7FKyGTA1hiO+DihW10UwlnmAO1s P+dUvP/VA1c90y1FWelO1RS3wu9ElwetMp1hmv5cUkE37EKEVVmZoQY58cFvh+JD kISgXgqVMfXqAb3lmvzLgUlk4rjVKA5v/ikad0bfQCjf8IoMcJnEB1HSArilmgeO Yn0B0Ib+Aw3dsUKGn0fjcATg0TvW8a6YucKWOlOod04OGT7hGfs= =G8E6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Login appears only once : solved
It came down to browser privacy and security settings. Cleared all previous cookies and blocked third party cookies. Now Login appears every time in Google chrome. On Tue, 18 Aug 2020, 22:13 Anwar AliKhan, wrote: > I have rebooted. > Startup.sh > > Same tomcat-users.xml no other changes . > > > With manager button chrome going straight to 401. > > With Firefox manager button - login box appears works with username > tomgui password tomcat as expected. > > > > > > > > On Tue, 18 Aug 2020, 21:55 Anwar AliKhan, > wrote: > >> >> *With this tomcat-users.xml* >> >> >> >> >> >> >> >> >> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list >> *Result*: >> OK - Listed hosts >> [localhost]:[] >> >> >> I make same username and password for both admin-script & manager-gui >> >> >> >> >> >> >> >> >> >> *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list >> *Result:* >> curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list >> > http://www.w3.org/TR/html4/strict.dtd";> >> >> >> 403 Access Denied >>
Re: Login appears only once
I have rebooted. Startup.sh Same tomcat-users.xml no other changes . With manager button chrome going straight to 401. With Firefox manager button - login box appears works with username tomgui password tomcat as expected. On Tue, 18 Aug 2020, 21:55 Anwar AliKhan, wrote: > > *With this tomcat-users.xml* > > > > > > > > > *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list > *Result*: > OK - Listed hosts > [localhost]:[] > > > I make same username and password for both admin-script & manager-gui > > > > > > > > > > *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list > *Result:* > curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list > http://www.w3.org/TR/html4/strict.dtd";> > > > 403 Access Denied >
Re: Login appears only once
*With this tomcat-users.xml* *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list *Result*: OK - Listed hosts [localhost]:[] I make same username and password for both admin-script & manager-gui *Test*curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list *Result:* curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list http://www.w3.org/TR/html4/strict.dtd";> 403 Access Denied
Re: Login appears only once
*This works* curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list OK - Listed hosts [localhost]:[] I have rebooted and restarted the browser. *BUT with the same tomcat-users.xml * *It is now going straight to 401.* *with all three URL* *http://localhost:8080/manager/status <http://localhost:8080/manager/status>* http://localhost:8080/manager/html http://localhost:8080/host-manager/html *tomcat-usersxml* 401 Unauthorized You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp. For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above. Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access. manager-gui - allows access to the HTML GUI and the status pages manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages manager-status - allows access to the status pages only The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection: Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session. <http://www.backbutton.co.uk/> On Tue, 18 Aug 2020, 20:46 , wrote: > I was going to say it sounds like a persistent cookie... > > > Dream * Excel * Explore * Inspire > Jon McAlexander > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > -Original Message- > From: Mark Thomas > Sent: Tuesday, August 18, 2020 1:57 PM > To: users@tomcat.apache.org > Subject: Re: Login appears only once > > On 18/08/2020 19:45, Anwar AliKhan wrote: > > I rebooted the machine , then the login box appeared . > > Obviously this is not an ideal solution! > > Did you close the browser between tests? > > Mark > > > > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, > wrote: > > > >> Hi, > >> I deployed an app called tomee using the tomcat manager app. > >> > >> The first time I selected the app in the tomcat manager to run it. > >> a login appeared asking for username and password. > >> > >> I had not set it up. So it took me to the 403 page . > >> > >> Now I have set up tomee-admin user. > >> > >> I stopped restarted tomcat for it to register the contents of > >> tomcat-users.xml I no longer get the login Box. It goes straight to > >> the 403 page. > >> > >> *what is the problem ? Thanks for your help* > >> > >> > >> > >> > >> >> rolename="tomee-admin" /> >> roles="manager-gui"/> >> roles="manager"/> >> roles="tomee-admin" /> HTTP Status 403 – Forbidden > >> -- > >> > >> *Type* Status Report > >> > >> *Message* Access to the requested resource has been denied > >> > >> *Description* The server understood the request but refuses to > >> authorize it. > >> -- > >> Apache Tomcat/9.0.37 > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
RE: Login appears only once
I was going to say it sounds like a persistent cookie... Dream * Excel * Explore * Inspire Jon McAlexander Asst Vice President Middleware Product Engineering Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: Mark Thomas Sent: Tuesday, August 18, 2020 1:57 PM To: users@tomcat.apache.org Subject: Re: Login appears only once On 18/08/2020 19:45, Anwar AliKhan wrote: > I rebooted the machine , then the login box appeared . > Obviously this is not an ideal solution! Did you close the browser between tests? Mark > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, wrote: > >> Hi, >> I deployed an app called tomee using the tomcat manager app. >> >> The first time I selected the app in the tomcat manager to run it. >> a login appeared asking for username and password. >> >> I had not set it up. So it took me to the 403 page . >> >> Now I have set up tomee-admin user. >> >> I stopped restarted tomcat for it to register the contents of >> tomcat-users.xml I no longer get the login Box. It goes straight to >> the 403 page. >> >> *what is the problem ? Thanks for your help* >> >> >> >> >> > rolename="tomee-admin" /> > roles="manager-gui"/> > roles="manager"/> > roles="tomee-admin" /> HTTP Status 403 – Forbidden >> -- >> >> *Type* Status Report >> >> *Message* Access to the requested resource has been denied >> >> *Description* The server understood the request but refuses to >> authorize it. >> -- >> Apache Tomcat/9.0.37 >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Login appears only once
On 18/08/2020 19:45, Anwar AliKhan wrote: > I rebooted the machine , then the login box appeared . > Obviously this is not an ideal solution! Did you close the browser between tests? Mark > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, wrote: > >> Hi, >> I deployed an app called tomee using the tomcat manager app. >> >> The first time I selected the app in the tomcat manager to run it. >> a login appeared asking for username and password. >> >> I had not set it up. So it took me to the 403 page . >> >> Now I have set up tomee-admin user. >> >> I stopped restarted tomcat for it to register the contents of >> tomcat-users.xml >> I no longer get the login Box. It goes straight to the 403 page. >> >> *what is the problem ? Thanks for your help* >> >> >> >> >> >> >> >> >> >> HTTP Status 403 – Forbidden >> -- >> >> *Type* Status Report >> >> *Message* Access to the requested resource has been denied >> >> *Description* The server understood the request but refuses to authorize >> it. >> -- >> Apache Tomcat/9.0.37 >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Login appears only once
I rebooted the machine , then the login box appeared . Obviously this is not an ideal solution! On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, wrote: > Hi, > I deployed an app called tomee using the tomcat manager app. > > The first time I selected the app in the tomcat manager to run it. > a login appeared asking for username and password. > > I had not set it up. So it took me to the 403 page . > > Now I have set up tomee-admin user. > > I stopped restarted tomcat for it to register the contents of > tomcat-users.xml > I no longer get the login Box. It goes straight to the 403 page. > > *what is the problem ? Thanks for your help* > > > > > > > > > > HTTP Status 403 – Forbidden > -- > > *Type* Status Report > > *Message* Access to the requested resource has been denied > > *Description* The server understood the request but refuses to authorize > it. > -- > Apache Tomcat/9.0.37 >
Login appears only once
Hi, I deployed an app called tomee using the tomcat manager app. The first time I selected the app in the tomcat manager to run it. a login appeared asking for username and password. I had not set it up. So it took me to the 403 page . Now I have set up tomee-admin user. I stopped restarted tomcat for it to register the contents of tomcat-users.xml I no longer get the login Box. It goes straight to the 403 page. *what is the problem ? Thanks for your help* HTTP Status 403 – Forbidden -- *Type* Status Report *Message* Access to the requested resource has been denied *Description* The server understood the request but refuses to authorize it. -- Apache Tomcat/9.0.37
