Hash: SHA256


On 12/18/18 00:10, Bo wrote:
> I do a clean install of the tomcat7 folder and rename it to just 
> tomcat, and without changing ANYTHING and without adding any old 
> files yet, I start the tomcat service and try to get to the status 
> page, but this time it won't even let me log into anything at all 
> either, no matter what I try.
By default, Tomcat does not allow users to view the status (manager,
right?) page.

You have to specifically edit the tomcat-users.xml file in order to
allow access.

> This is the tomcat7 fresh download links I used
> https://tomcat.apache.org/download-70.cgi
> http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.92/bin/apache-tomca
>  https://tomcat.apache.org/tomcat-7.0-doc/appdev/deployment.html
> I unzip the apache-tomcat-7.0.92-windows-x86.zip and put it in the 
> root of a custom web app that I have and then I use the
> service.bat install to trigger the services install, this is on
> windows server so I start it up in services.msc
> I can go to localhost fine, but it won't let me login
> I checked the tomcat user xml file a trillion times to triple check
>  to make sure I have it right, but no matter what, even after 
> multiple restarts, it won't even let me login to the status 
> page!!!!!

When you say you "checked it", do you mean you /edited/ it, or is it
still the same file that shipped with Tomcat?

> 401 Unauthorized
> You are not authorized to view this page. If you have not changed
> any configuration files, please examine the file
> conf/tomcat-users.xml in your installation. That file must contain
> the credentials to let you use this webapp.
> For example, to add the manager-gui role to a user named tomcat
> with a password of s3cret, add the following to the config file
> listed above.
> <role rolename="manager-gui"/> <user username="tomcat"
> password="s3cret" roles="manager-gui"/>
> Note that for Tomcat 7 onwards, the roles required to use the
> manager application were changed from the single manager role to
> the following four roles. You will need to assign the role(s)
> required for the functionality you wish to access.
> manager-gui - allows access to the HTML GUI and the status pages 
> manager-script - allows access to the text interface and the status
> pages manager-jmx - allows access to the JMX proxy and the status
> pages manager-status - allows access to the status pages only
> The HTML interface is protected against CSRF but the text and JMX
> interfaces are not. To maintain the CSRF protection:
> Users with the manager-gui role should not be granted either the
> manager-script or manager-jmx roles. If the text or jmx interfaces
> are accessed through a browser (e.g. for testing since these
> interfaces are intended for tools not humans) then the browser must
> be closed afterwards to terminate the session.
> For more information - please see the Manager App HOW-TO.

Without revealing any passwords, can you post your ENTIRE (again,
redacted) tomcat-users.xml file?

- -chris
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to