• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Unable to login to manager GUI

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,

Tomcat 7.0.14 installed via NetBeans 7 installation.

I'm receiving HTTP 401 errors attempting to login to the manager GUI "http://localhost:8084/manager/html." At the prompt I enter tomcat/password as my login credentials. My tomcat-users.xml file is...



I've scoured the Internet looking for solutions and the setup above appears to be correct. I've seen another post on this forum that suggests the <role> elements specified above are not needed as they are predefined roles so I've tried again with the following tomcat-users.xml file.



And also with only the manager-gui role.



And...



None of the above formats is working for me. I continually get the login prompt after entering tomcat/password and clicking OK. When I click Cancel I see the HTTP 401 error page with suggestions to setup my tomcat-users.xml to be exactly as I've done. I've been restarting the server after each edit of the XML file. Any ideas?

Thanks,
Michael
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Michael!

I'm not quite sure what you're asking here. It sound like you have a working solution but you're hoping for a shortcut?

Roles are defined in web.xml. The tomcat-users.xml file, however, is used to assign roles to a user. One of the great flexibilities of the role-based access control architecture can be demonstrated as follows:

Mary is the "it" person the for accounting webapp. Her login is authorized for the "data-entry" and "report-printing" roles and for the "app-administrator" roles

Catherine runs reports. Her login is only authorized for "report-printing"

Claude is the data entry clerk. His login is only authorized for "data entry".

Claude is going on vacation. Someone has to take over data entry. Mary dumps the job on Catherine, has the system administrator add the "data-entry" role to Catherine's login definition. So now Catherine's tomcat-users.xml entry now has 'roles="report-printing,data-entry". When Claude returns, the system administrator removes "data-entry" from Catherine's roles.

Incidentally, one of the reasons that tomcat-users.xml isn't recommended for production environments is that the Realm that uses it (MemoryRealm) loads in the entries when Tomcat starts up and does not monitor for changes to that file. To see the roles change, Tomcat has to be restarted. When a more dynamic Realm is used, such as a JDBCRealm or LDAP Realm, the roles a user has are determined at login time, so to get the changes, Tomcat doesn't have to be restarted. All that's required is for the user to log out and then log back in again. It could get really messy trying to program for role changes that happened while logged in, so that level of flexibility isn't available.

Now you see (I hope) why the complete set of credentials for a user - including roles for that user - have to be explicitly defined in tomcat-users.xml.
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I'm not quite sure what you're asking here.



I'm just trying to login to the Tomcat manager GUI and am unable to. I'm new to web service development in Java and the Tomcat application server and I'm just poking around trying to familiarize myself with it.

It sound like you have a working solution but you're hoping for a shortcut?



No, I don't have anything working at the moment. In my original message, all of those XML snippets are failed attempts at setting up tomcat-users.xml so that I can login to the manager app (http://localhost:8084/manager/html).

Roles are defined in web.xml.



Thanks, I see that the roles are defined in the following location in my installation. C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.14\webapps\manager\WEB-INF\web.xml. However, the web.xml file in the conf directory does not have defined roles. In which location should the roles be defined? The error message returned by Tomcat when I fail to login is an HTTP 401 and specifically says the following.

You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.

<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>



It seems that the manager-gui role must be defined in the tomcat-users.xml file unless the message is incorrect. Note in my original message that I did have my tomcat-users.xml setup as follows and this does not work in my installation.



Incidentally, one of the reasons that tomcat-users.xml isn't recommended for production environments is that the Realm that uses it (MemoryRealm) loads in the entries when Tomcat starts up and does not monitor for changes to that file. To see the roles change, Tomcat has to be restarted



I have been restarting the server after each modification to tomcat-users.xml without success.

When a more dynamic Realm is used, such as a JDBCRealm or LDAP Realm, the roles a user has are determined at login time, so to get the changes, Tomcat doesn't have to be restarted.



For my web service application, this is what I will use. In Glassfish I am already setup to use JDBCRealm where it validates users against tables in an Oracle DB. At the moment; however, I'm not at the deployment phase. I simply want to see what the Tomcat manager GUI has within so that I can start playing with it in order to setup the JDBCRealm and what not.

I'm a complete newbie at this stuff so please assume that I know absolutely nothing with respect to Tomcat and using the management console. All that I want to do it get into it and do some hands on experimenting to setup my web service application. This is a sandbox server that I'm getting my feet wet in.

Thanks,
Michael
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK. Makes sense.

The TOMCAT_HOME/con/web.xml file is something that you shouldn't touch. It's the background definitions for all J2EE apps. The security roles for specific webapps such as the tomcat Manager are defined in the WEB-INF/web.xml of that app.

The tomcat-users.xml file supplied with Tomcat doesn't have any admin stuff set up, and as far as I can remember, that includes the role names, so yes, you'd have to add the ones that people will be using. And in case you were wondering, the role namespace covers all deployed webapps, so the total set of role names in tomcat-users,xml is the union of the sets of the role names of all the deployed apps with roles that you will use.

I suspect that you may need to define and assign the manager-status role as well as the manager-ui role before you can effectively use the manager app. If you can login but you get "forbidden" pages, then your role assignments aren't all set up the way you need them to be - your role set doesn't include the URL of the page you're trying to access. If you can't login at all, then the user ID and password are at fault. They're both case-sensitive, incidentally.
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the reply.

The tomcat-users.xml file supplied with Tomcat doesn't have any admin stuff set up, and as far as I can remember, that includes the role names, so yes, you'd have to add the ones that people will be using.



This is correct, there is nothing in the XML file by default other than comments including a template for specifying roles and users which I've followed.

I suspect that you may need to define and assign the manager-status role as well as the manager-ui role before you can effectively use the manager app.



Perhaps, but I have tried that as well with no success. One of the permutations I attempted was giving my user all available roles (even though Tomcat advises to not do so as it violates some security protocol or something) and that too failed. The XML for that attempt is...



If you can login but you get "forbidden" pages, then your role assignments aren't all set up the way you need them to be



I cannot login. I enter my username and password correctly, in the exact case (all lower) as specified in the tomcat-users.xml file and every time I click OK at the login dialog, it does not load. It only shows the login dialog again, and again, and again, ... until I get fed up and click Cancel. At this point I am shown the error page showing HTTP 401 with the text I included in my previous reply.

your role set doesn't include the URL of the page you're trying to access.



I do not understand what you mean here. Can you expand on this? At no point have I specified a URL in the role definitions or in my user/role mapping. Perhaps this is an issue? The web.xml file that does contain role names is located at this location, C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.14\webapps\manager\WEB-INF\web.xml and the URL I am attempting to access is located at http://localhost:8084/manager/html. This URL is for the Tomcat manager page from what I can tell, but it's a dark and mysterious place that I cannot access.

The entire contents of that web.xml file is...



Thanks,
Michael
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Aha. If you cannot login, you probably don't have the Realm defined in TOMCAT_HOME/conf/server.xml. As shipped, the Realm is commented out, so there's no Realm to process logins.
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks, getting closer hopefully. I appreciate your time as even though I can't get in, I'm learning more about the Tomcat setup. Here is my server.xml. It appears as though the Realm is available and is defined as a child element of the LockOutRealm. It points to the UserDatabase resource which is also specified and indicates the tomcat-users.xml file as the source.



Thanks,
Michael
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hmmm. I wonder when they put THAT in?

Try removing the LockoutRealm outer Realm definition from server.xml. That will eliminate one of the ways that logins could fail. Also, make sure that the tomcat-users.xml file hasn't accidentally been given file access rights that keep it from being readable by Tomcat.

You might also find useful messages in the logs/localhost log file or logs/catalina.out file.
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Try removing the LockoutRealm outer Realm definition from server.xml.



I tried the following, no luck.



Also, make sure that the tomcat-users.xml file hasn't accidentally been given file access rights that keep it from being readable by Tomcat.



Everything should be OK here. It's read-write and I've closed the file from my text editor to release any lock the editor may have placed on it that prevents it from being opened. I still see the same behavior.

You might also find useful messages in the logs/localhost log file or logs/catalina.out file.



My logs directory is empty.

I've viewed some other tutorials online and this should really be somewhat simple. Seeing that it is not, I'm going to uninstall it and reinstall it. Tomcat was bundled with NetBeans 7 installer and although I should have no reason to doubt the success of the installation, it appears that some links are broken in my Tomcat installation which raises doubt. For example, when I navigate to the Tomcat admin homepage I see the message that the installation was successful. I also see various links to how-to pages and the like. Those links are all broken. I get 404 errors. I'll go down this road a bit and see where it leads.

Thanks,
Michael
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK. I don't know about NetBeans, but the Eclipse WTP plugin does nasty things to the Tomcat configuration including making a copy of it and using the copy instead of the "real" server.xml. Which is why I use an alternate plugin (sysdeo) to run Tomcat in Eclipse. It's possible that NetBeans is also pulling stunts like that, meaning that your changes are being made to the wrong config file.

Good luck! I gotta earn my keep, so I probably won't be back until tomorrow morning!
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the help. I'll post back here if I get somewhere or send pics of my broken laptop if I toss it out of the window.
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ding, ding, ding. Downloading the official Tomcat distribution and setting it up manually by editing server.xml to resolve a port conflict and setting up tomcat-users.xml works likes a champ. Arghh. Thanks for the help.
 
Ranch Hand
Posts: 90
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Michael Staszewski wrote:Ding, ding, ding. Downloading the official Tomcat distribution and setting it up manually by editing server.xml to resolve a port conflict and setting up tomcat-users.xml works likes a champ.



Hey Michael .. I have the exact same problem and it is driving me nuts .. Can you please elaborate on you solved this ??
I have followed all the steps that Tim suggested .. No luck
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I just did as I mentioned in my last post. I downloaded the official Tomcat installation from the web and stopped using the one installed by NetBeans. That resolved all of my issues. It's been several weeks and I'm using Glassfish so I don't really have anything else to offer other than the official installation allowed me to login.
 
Dhaval J. Patel
Ranch Hand
Posts: 90
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okay .. I think I should try downloading a fresh copy of tomcat ..
I am using eclipse and I have linked to it the tomcat copy that I already had before installing eclipse. Doesnt work.
I will try reintalling tomcat and will post again.

Thanks for your reply
 
Michael Staszewski
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry that I can't be of more help. I'm a Delphi developer and have just been exploring this hell called Java. :-) I don't really know much at all as far as application servers and the like are concerned and what I do know has been from trial and error and this forum, but I've been using NetBeans as I find it more intuitive than Eclipse.
 
Dhaval J. Patel
Ranch Hand
Posts: 90
Eclipse IDE Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey Michael,
Its fine. Thanks for the wonderful thread though. I got to learn a lot. I tried reinstalling tomcat. Still doesnt work .. I hope Tim can give me some suggestions

Thanks.
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Try this,

In NetBean IDE-7,
1. right click the Apache tomcat->properties.
2. the server window opens up
3. In that, select Connection tab and see the credentials...mention this credentails in tomcat-user.xml for username/password.
4. restart server

-Joseph
 
A feeble attempt to tell you about our stuff that makes us money
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic