access tomcat manager from different host - tomcat8

I have installed tomcat 8 in a linux server.
From another host browser I was able to open the tomcat admin console but not able to open /manager/html.
I have made the changes in tomcat-users.xml and manager.xml and context.html.
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="tomcat" password=“password123" roles="manager-gui"/>
In /opt/tomcat8/apache-tomcat-8.5.8/webapps/host-manager
the changes were made in manager.xml
<Context docBase="${catalina.home}/webapps/manager"
privileged="true" antiResourceLocking="false" >
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="(*.).abc.corp.company.com"/
>
</Context>
I was getting the pop up to enter credentials to log into manager/html but the credentials were not getting validated and I am getting 401 unauthorized error.
Please throw some light.
Thanks

(Maybe a shot to the air, but...)
Check your tomcat-users.xml format: The double-quote after password= is a typographical quote, not a standard quote.

Related

Infinispan Server CLI authentification

I tries to start Infinispan 10.1.3 in server mode. But after security configuration I have following error in CLI:
[disconnected]> connect
Username: admin
Password: ********
The user is not allowed to access the server resource: ISPN000287: Unauthorized access: subject 'null' lacks 'ADMIN' permission
In result I can't connect to my Infinspan server via CLI :(
I created all Infinispan configuration exactly according documentation:
in file infinispan.xml I added:
<security>
<authorization>
<identity-role-mapper />
<role name="all" permissions="ALL" />
<role name="reader" permissions="READ" />
<role name="writer" permissions="WRITE" />
<role name="supervisor" permissions="READ WRITE EXEC"/>
</authorization>
</security>
...
<endpoints socket-binding="default" security-realm="default">
<hotrod-connector name="hotrod">
<authentication>
<sasl mechanisms="SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256
SCRAM-SHA-1 DIGEST-SHA-512 DIGEST-SHA-384
DIGEST-SHA-256 DIGEST-SHA DIGEST-MD5 PLAIN"
server-name="infinispan"
qop="auth"/>
</authentication>
</hotrod-connector>
<rest-connector name="rest">
<authentication mechanisms="DIGEST BASIC"/>
</rest-connector>
</endpoints>
In file users.properties I added:
admin=123
In file groups.properties I added:
admin=admin
The CLI uses the REST API. I'm not sure if your configuration is correct, but I'm fixing some issues that might be related just now. Will be probably released in the next 10.1.x version
https://issues.redhat.com/browse/ISPN-11525
Update:
If you upgrade your 10.1.x version, it should work now

MFPF V8 Operations Console user authentication

Hello I'm trying to setup a list of users to access the MFPF Operations Console using the different role. I changed the server.xml as follow but without positive result.
basicRegistry added group and users:
<group name="mfpdeployergroup"/>
<member name="guest"/>
<member name="demo"/>
</group>
<user name="guest" password="guest"/>
<user name="demo" password="demo"/>
Added for Administration service and Operations console applications the role mapping:
<security-role name="mfpdeployer">
<group name="mfpdeployergroup"/>
</security-role>
Still receiving the error:
[12/2/16 17:36:11:368 CET] 000000fb .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A CWWKS9104A: Authorization failed for user demo while invoking mfpconsole on /index.html. The user is not granted access to any of the required roles: [mfpadmin, mfpmonitor, mfpoperator, mfpdeployer].
Can you help?
Thanks
It's not really clear if you're trying to add a user in the devkit or in liberty or what...?
In the devkit I have edited the mfpserver\usr\servers\mfp\server.xml file.
In <basicRegistry> I've added: <user name="idan" password="idan"/>
In <application id="mfpconsole" name="mfpconsole" location="mfp-admin-ui.war" type="war">, under <security-role name="mfpdeployer"> I've added: <user name="idan"/>.
I was then able to login using idan\idan.

Apache Tomcat 8 always promts for password

I have set up roles and username for tomcat manger and when I run it I am always promted for credentials and after I input them I am promted again. What is the problem?
Here is my tomcat-users.xml:
<role rolemane="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin" password="admin" roles"manager-gui,admin-gui"/>

Unable to enter the Tomcat6-admin page after defining new role

I'm having problem in accessing the Tomcat6-admin web page, here's what I did:
##########################################################################################################
root#ISUZU:/etc/tomcat6# cat tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
**<role rolename="manager"/>
<user username="admin" password="nimda" roles="manager"/>**
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
##########################################################################################################
root#ISUZU:/etc/tomcat6# /etc/init.d/tomcat6 restart
* Stopping Tomcat servlet engine tomcat6 [ OK ]
* Starting Tomcat servlet engine tomcat6 Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-sun
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
##########################################################################################################
The Hello World page is working fine from http://isuzu:8080/ but the admin page is still inaccessible.
The admin application is not available at Tomcat 6. If you mean the manager application, then your tomcat-users.xml is correctly using the manager role. Check that the manager application isn't removed from the webapps directory.
The correct rolename is admin for the admin gui, manager is for tomcat manager.
http://linux-sxs.org/internet_serving/c516.html

Tomcat Protect files

does anyone knows if tomcat is able to password protect file (like apache .htaccess )?
i mean when user request a file from tomcat webapp its prompt a dialogue to enter user-name and password and made this using configuration.
or protect the file depend on its IP address .
hope someone can help me ?
regads
you can set basic authentication in tomcat.
Add your user to tomcat-users.xml. Something like :
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
And Add configuration to your apps web.xml. like:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/references/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>your-role</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>your-role</role-name>
</security-role>
links to understand more:
http://www.avajava.com/tutorials/lessons/how-do-i-use-basic-authentication-with-tomcat.html