I'm not quite sure what you're asking here.
It sound like you have a working solution but you're hoping for a shortcut?
Roles are defined in web.xml.
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
<user username="tomcat" password="s3cret" roles="manager-gui"/>
Incidentally, one of the reasons that tomcat-users.xml isn't recommended for production environments is that the Realm that uses it (MemoryRealm) loads in the entries when Tomcat starts up and does not monitor for changes to that file. To see the roles change, Tomcat has to be restarted
When a more dynamic Realm is used, such as a JDBCRealm or LDAP Realm, the roles a user has are determined at login time, so to get the changes, Tomcat doesn't have to be restarted.
The tomcat-users.xml file supplied with Tomcat doesn't have any admin stuff set up, and as far as I can remember, that includes the role names, so yes, you'd have to add the ones that people will be using.
I suspect that you may need to define and assign the manager-status role as well as the manager-ui role before you can effectively use the manager app.
If you can login but you get "forbidden" pages, then your role assignments aren't all set up the way you need them to be
your role set doesn't include the URL of the page you're trying to access.
Try removing the LockoutRealm outer Realm definition from server.xml.
Also, make sure that the tomcat-users.xml file hasn't accidentally been given file access rights that keep it from being readable by Tomcat.
You might also find useful messages in the logs/localhost log file or logs/catalina.out file.
Michael Staszewski wrote:Ding, ding, ding. Downloading the official Tomcat distribution and setting it up manually by editing server.xml to resolve a port conflict and setting up tomcat-users.xml works likes a champ.