Win a copy of Java 9 Modularity: Patterns and Practices for Developing Maintainable Applications this week in the Java 9 forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Cannot login to Tomcat 8 Manager App  RSS feed

 
Mike London
Ranch Hand
Posts: 1494
11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I've been beating my head against the desk for an hour now trying to make Tomcat 8 happy so I can log into the Manager HTML app.

In my tomcat-users.xml file I have the following defined (outside the quoted xml)
.
.
.
<role rolename="manager-gui"/>
<user username="admin" password="secret" roles="manager-gui"/>


</tomcat-users>

---
But, it never works. I have restarted Tomcat 2^n times (where n is large) but no matter, the login for the manager application always comes back and asks for the password once entered.

I also checked server.xml to make sure it was pointing to the right conf folder. All OK there.

What's the secret here? I struggle with this with every Tomcat installation, but forget what I did years ago to finally get it working.

Thanks,

- mike
 
Tim Holloway
Bartender
Posts: 18774
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mike, I thought you'd been around here long enough to know we have a Tomcat-specific forum.

Well, if you didn't, you do now - I'm moving this thread over there.
 
Tim Holloway
Bartender
Posts: 18774
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OK. Whatever you did years ago probably doesn't work now anyway.

The Tomcat Manager isn't an "HTML App", it's a full-blown J2EE web application (WAR). Although it knows how to tap into Tomcat's internal control mechanisms, it's otherwise just like any user-written Tomcat webapp.

Because it's secured using J2EE-standard Container-Managed Security, you have to define a Realm for it. That's done in server.xml, using the Realm element, and there should be a sample Realm (commented out) that came with the Tomcat installation files. So first you have to uncomment the Realm definition.

The supplied sample uses a descendant of the MemoryRealm as a Realm manager. As of Tomcat7, they used the UserDatabaseRealm. This particular Realm uses the TOMCAT_HOME/conf/tomcat-users.xml file as its credentials and roles database. It comes with some sample definitions, but they are commented out. You have to either uncomment them or add your own. Note: Realms can be aggregated in recent releases. My working Tomcat7 server config has a LockoutRealm wrapped around the MemoryDatabaseRealm so that users rejected by the MemoryDataBase will be locked out.

Every secured user has a user ID and password, defined in the "user" elements of the tomcat-users file. A user can be assigned zero or more roles. Roles are actually realm-wide, not application-specific, although a given application may indicate one or more roles in its web.xml file and map them to certain URL patterns (and/or check roles in application logic via the isUserInRole() method). That's why you have role elements in tomcat-users.xml.

Finally, depending on which version of Tomcat you are running, the Manager app may have something like 5 different roles defined. You'll have to consult the detailed documentation for the version of Tomcat you're using to see what roles control what.

So, in summary:

1. Ensure that the Host has a Realm defined
2. Make sure that you have proper user and role definitions in your tomcat-users.xml file

AND, most likely you'll also need to set up SSL since anything that logs in usually doesn't want to blather user credentials and secure app data over unencrypted channels. Which means defining a security database (keystore), adding a key/cert to it and activating the SSL Connector for SSL (by default it's port 8443).
 
Mike London
Ranch Hand
Posts: 1494
11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:Mike, I thought you'd been around here long enough to know we have a Tomcat-specific forum.

Well, if you didn't, you do now - I'm moving this thread over there.


Sorry about getting the forum wrong. I looked quickly for the Tomcat section but missed it.

In any case, I was going to post back a bit later as I solved the problem.

First of all, the "basic" format of the file IS the same. The documentation in that file, that is, what's commented, is a bit different, and how you assign permissions has changed, but the basic flow is the same for what I needed.

OK, so here's the problem. The editor I used had "smart-quotes" enabled. I didn't notice. And, as is often the case, I wait way too long to just look at the darn log file. That log file stated a "quote" XML parsing problem. Though initially puzzling, it was clear that the quotes were angled. Once I replaced these quotes done in the editor with regular quotes, all was good.

Thanks for your reply and I'll be extra careful to get the forum right next time. You're right, I have been around here a while.

Thanks again,

- mike

 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!