I'm having problem in accessing the Tomcat6-admin web page, here's what I did:
##########################################################################################################
root#ISUZU:/etc/tomcat6# cat tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
**<role rolename="manager"/>
<user username="admin" password="nimda" roles="manager"/>**
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
</tomcat-users>
##########################################################################################################
root#ISUZU:/etc/tomcat6# /etc/init.d/tomcat6 restart
* Stopping Tomcat servlet engine tomcat6 [ OK ]
* Starting Tomcat servlet engine tomcat6 Using CATALINA_BASE: /var/lib/tomcat6
Using CATALINA_HOME: /usr/share/tomcat6
Using CATALINA_TMPDIR: /tmp/tomcat6-tmp
Using JRE_HOME: /usr/lib/jvm/java-6-sun
Using CLASSPATH: /usr/share/tomcat6/bin/bootstrap.jar
##########################################################################################################
The Hello World page is working fine from http://isuzu:8080/ but the admin page is still inaccessible.
The admin application is not available at Tomcat 6. If you mean the manager application, then your tomcat-users.xml is correctly using the manager role. Check that the manager application isn't removed from the webapps directory.
The correct rolename is admin for the admin gui, manager is for tomcat manager.
http://linux-sxs.org/internet_serving/c516.html
Related
Hello I'm trying to setup a list of users to access the MFPF Operations Console using the different role. I changed the server.xml as follow but without positive result.
basicRegistry added group and users:
<group name="mfpdeployergroup"/>
<member name="guest"/>
<member name="demo"/>
</group>
<user name="guest" password="guest"/>
<user name="demo" password="demo"/>
Added for Administration service and Operations console applications the role mapping:
<security-role name="mfpdeployer">
<group name="mfpdeployergroup"/>
</security-role>
Still receiving the error:
[12/2/16 17:36:11:368 CET] 000000fb .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl A CWWKS9104A: Authorization failed for user demo while invoking mfpconsole on /index.html. The user is not granted access to any of the required roles: [mfpadmin, mfpmonitor, mfpoperator, mfpdeployer].
Can you help?
Thanks
It's not really clear if you're trying to add a user in the devkit or in liberty or what...?
In the devkit I have edited the mfpserver\usr\servers\mfp\server.xml file.
In <basicRegistry> I've added: <user name="idan" password="idan"/>
In <application id="mfpconsole" name="mfpconsole" location="mfp-admin-ui.war" type="war">, under <security-role name="mfpdeployer"> I've added: <user name="idan"/>.
I was then able to login using idan\idan.
I have installed tomcat 8 in a linux server.
From another host browser I was able to open the tomcat admin console but not able to open /manager/html.
I have made the changes in tomcat-users.xml and manager.xml and context.html.
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="tomcat" password=“password123" roles="manager-gui"/>
In /opt/tomcat8/apache-tomcat-8.5.8/webapps/host-manager
the changes were made in manager.xml
<Context docBase="${catalina.home}/webapps/manager"
privileged="true" antiResourceLocking="false" >
<Valve className="org.apache.catalina.valves.RemoteHostValve" allow="(*.).abc.corp.company.com"/
>
</Context>
I was getting the pop up to enter credentials to log into manager/html but the credentials were not getting validated and I am getting 401 unauthorized error.
Please throw some light.
Thanks
(Maybe a shot to the air, but...)
Check your tomcat-users.xml format: The double-quote after password= is a typographical quote, not a standard quote.
I have defined LDAP user registry and made a custom form login page in my Dynamic Web Application which running at Websphere Liberty Profile 8.5.5
How can I bind my form from login page to LDAP user registry, so all user's credentials will be checked against this LDAP registry?
Thank you.
1) One way is to define mapping in server.xml - see Setting up BasicRegistry and role mapping on the Liberty profile, although it says about Basic registry, defining mapping is the same:
<application type="war" id="myWebApp" name="myWebApp"
location="${server.config.dir}/apps/myWebApp.war">
<application-bnd>
<security-role name="user">
<user name="Bob" />
<user name="user1" />
<group name="mygroup" />
</security-role>
</application-bnd>
</application>
2) If you don't want to change server.xml you can define these mappings in the application in the binding file - ibm-application-bnd.xml - like this:
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd
xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"
version="1.0">
<security-role name="user">
<user name="user1" />
<group name="mygroup" />
</security-role>
</application-bnd>
If you are packaging app in the EAR, put that file in the META-INF folder.
If you are deploying war, create META-INF folder and put it there (this is currently undocumented feature, but is working at least in 8.5.5.6).
Here is the information to configure LDAP registry
https://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_sec_ldap.html
In addition to that, you may also need to set the realm-name in your form-login declaration. For example,
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyRegistryRealmName</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
I have set up roles and username for tomcat manger and when I run it I am always promted for credentials and after I input them I am promted again. What is the problem?
Here is my tomcat-users.xml:
<role rolemane="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin" password="admin" roles"manager-gui,admin-gui"/>
does anyone knows if tomcat is able to password protect file (like apache .htaccess )?
i mean when user request a file from tomcat webapp its prompt a dialogue to enter user-name and password and made this using configuration.
or protect the file depend on its IP address .
hope someone can help me ?
regads
you can set basic authentication in tomcat.
Add your user to tomcat-users.xml. Something like :
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="tomcat"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="myname" password="mypassword" roles="tomcat"/>
<user username="test" password="test"/>
</tomcat-users>
And Add configuration to your apps web.xml. like:
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/references/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>your-role</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Application</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>your-role</role-name>
</security-role>
links to understand more:
http://www.avajava.com/tutorials/lessons/how-do-i-use-basic-authentication-with-tomcat.html