Tomcat Console - 401 Unauthorized

2024-05-22 Thread Garber, Frank 
Hello Group,

I've just installed Tomcat 9.0.89.

First a the first few lines on the Catalina log:
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED 
--add-opens=java.base/java.io=ALL-UNNAMED 
--add-opens=java.base/java.util=ALL-UNNAMED 
--add-opens=java.base/java.util.concurrent=ALL-UNNAMED 
--add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ 
-nonaming ] [ -generateCode [ {pathname} ] ] [ -useGeneratedCode ] { -help | 
start | stop }
22-May-2024 11:16:47.794 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version name:   
Apache Tomcat/9.0.89

Tomcat runs, and I can get to the console at http://localhost:8080/ but, when I 
click on "Server Status" I get the 401 Unauthorized page.

I've been editing the conf\tomcat-users.xml file and have tried MANY different 
combinations of entries but, can't get past the 401 problem. I know editing the 
correct file as I see Tomcat logging:
22-May-2024 11:30:00.479 INFO [Catalina-utility-1] 
org.apache.catalina.users.MemoryUserDatabase.backgroundProcess Reloading memory 
user database [UserDatabase] from updated source 
[file:/C:/myProgs/apache-tomcat-9.0.89/conf/tomcat-users.xml]

Regardless, I stop and restart Tomcat to make sure it's picking up the changes.

Here's my current file contents:



http://tomcat.apache.org/xml
  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
  xsi:schemaLocation=http://tomcat.apache.org/xml 
tomcat-users.xsd
  version="1.0">

  
  

   




Thanks in advance,
F

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.

Re: Tomcat Console - 401 Unauthorized

2024-05-22 Thread Chuck Caldarale 

> On May 22, 2024, at 10:51, Garber, Frank 
>  wrote:
> 
> I've just installed Tomcat 9.0.89.





> Tomcat runs, and I can get to the console at http://localhost:8080/ but, when 
> I click on "Server Status" I get the 401 Unauthorized page.





> I've been editing the conf\tomcat-users.xml file and have tried MANY 
> different combinations of entries but, can't get past the 401 problem.





> Here's my current file contents:
> 
> 
> 
> http://tomcat.apache.org/xml
>  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
>  xsi:schemaLocation=http://tomcat.apache.org/xml 
> tomcat-users.xsd
>  version="1.0">


If the above is what you actually have in the .xml file, you should also be 
seeing parsing errors in the catalina.out log file, since it’s not valid XML. 
Once corrected to the following, access to the server status pages worked 
properly.

http://tomcat.apache.org/xml";
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
  xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
  version="1.0">

Note the missing quotes and seriously munged-up xsi:schemaLocation attribute in 
your posting.

If you’re using an editor that thinks it’s clever to convert http:// references 
into HTML, get a better editor.

  - Chuck

Re: Tomcat Console - 401 Unauthorized

2024-05-22 Thread Chuck Caldarale 

> On May 22, 2024, at 13:31, Garber, Frank 
>  wrote:
> 
> Not knowing how it’s supposed to behave, here’s another clue. When I click on 
> the “Server Status” button, I never get prompted for credentials.


This sounds like a browser configuration problem. On the first attempt to 
access a protected resource, the server will return a 401 status with a 
WWW-Authenticate header listing the acceptable authentication mechanisms; for 
Tomcat, "Basic" is the default. The browser is then supposed to take the 
specified action to determine the credentials - for Basic, that’s the typical 
dialog box prompt.

If you’re using Edge (my condolences if so), go to edge://policy and look at 
the AuthSchemes entry; if it doesn’t include “basic”, you’ll never get the 
prompt.

Can you correct the Edge config or try a different browser?

  - Chuck

RE: Re: Tomcat Console - 401 Unauthorized

2024-05-22 Thread Garber, Frank 
I’m not sure how the URLs got munged up.

What I have on my side is valid XML, so I’m not worried about that. I’m really 
just concerned that the following isn’t working:

  
  
  

   


Thanks in advance,

From: Chuck Caldarale 
Sent: Wednesday, May 22, 2024 2:16 PM
To: Tomcat Users List 
Subject: {EXTERNAL} Re: Tomcat Console - 401 Unauthorized

> On May 22, 2024, at 10: 51, Garber, Frank  com. INVALID> wrote: > > I've just installed Tomcat 9. 0. 89.  > 
> Tomcat runs, and I can get to the console at https: //urldefense. 
> com/v3/__http: //localhost: 
> 8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$




> On May 22, 2024, at 10:51, Garber, Frank 
> mailto:francis.gar...@elevancehealth.com.INVALID>>
>  wrote:

>

> I've just installed Tomcat 9.0.89.











> Tomcat runs, and I can get to the console at 
> https://urldefense.com/v3/__http://localhost:8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$<https://urldefense.com/v3/__http:/localhost:8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$>
>  but, when I click on "Server Status" I get the 401 Unauthorized page.











> I've been editing the conf\tomcat-users.xml file and have tried MANY 
> different combinations of entries but, can't get past the 401 problem.











> Here's my current file contents:

>

> 

>

>  xmlns=https://urldefense.com/v3/__http://tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$>

>  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

>  xsi:schemaLocation=http://tomcat.apache.org/xml 
> tomcat-users.xsd<https://urldefense.com/v3/__http://tomcat.apache.org/xml*20tomcat-users.xsd__;JQ!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFtPXhfv-$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml*20tomcat-users.xsd__;JQ!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFtPXhfv-$>>

>  version="1.0">





If the above is what you actually have in the .xml file, you should also be 
seeing parsing errors in the catalina.out log file, since it’s not valid XML. 
Once corrected to the following, access to the server status pages worked 
properly.



https://urldefense.com/v3/__http://tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$>"

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

  xsi:schemaLocation="http://tomcat.apache.org/xml 
tomcat-users.xsd<http://tomcat.apache.org/xml%20tomcat-users.xsd>"

  version="1.0">



Note the missing quotes and seriously munged-up xsi:schemaLocation attribute in 
your posting.



If you’re using an editor that thinks it’s clever to convert http:// references 
into HTML, get a better editor.



  - Chuck



CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.

RE: Re: Tomcat Console - 401 Unauthorized

2024-05-22 Thread Garber, Frank 
Not knowing how it’s supposed to behave, here’s another clue. When I click on 
the “Server Status” button, I never get prompted for credentials. Is it a 
permissions problem on the server itself. Like the server doesn’t have rights 
to the HTML pages?

Thanks in advance,

From: Garber, Frank
Sent: Wednesday, May 22, 2024 2:26 PM
To: Tomcat Users List 
Subject: RE: {EXTERNAL} Re: Tomcat Console - 401 Unauthorized

I’m not sure how the URLs got munged up.

What I have on my side is valid XML, so I’m not worried about that. I’m really 
just concerned that the following isn’t working:

  
  
  

   


Thanks in advance,

From: Chuck Caldarale mailto:n82...@gmail.com>>
Sent: Wednesday, May 22, 2024 2:16 PM
To: Tomcat Users List mailto:users@tomcat.apache.org>>
Subject: {EXTERNAL} Re: Tomcat Console - 401 Unauthorized

> On May 22, 2024, at 10: 51, Garber, Frank  com. INVALID> wrote: > > I've just installed Tomcat 9. 0. 89.  > 
> Tomcat runs, and I can get to the console at https: //urldefense. 
> com/v3/__http: //localhost: 
> 8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$




> On May 22, 2024, at 10:51, Garber, Frank 
> mailto:francis.gar...@elevancehealth.com.INVALID>>
>  wrote:

>

> I've just installed Tomcat 9.0.89.











> Tomcat runs, and I can get to the console at 
> https://urldefense.com/v3/__http://localhost:8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$<https://urldefense.com/v3/__http:/localhost:8080/__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFvzyQAcQ$>
>  but, when I click on "Server Status" I get the 401 Unauthorized page.











> I've been editing the conf\tomcat-users.xml file and have tried MANY 
> different combinations of entries but, can't get past the 401 problem.











> Here's my current file contents:

>

> 

>

>  xmlns=https://urldefense.com/v3/__http://tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$>

>  xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance

>  xsi:schemaLocation=http://tomcat.apache.org/xml 
> tomcat-users.xsd<https://urldefense.com/v3/__http://tomcat.apache.org/xml*20tomcat-users.xsd__;JQ!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFtPXhfv-$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml*20tomcat-users.xsd__;JQ!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFtPXhfv-$>>

>  version="1.0">





If the above is what you actually have in the .xml file, you should also be 
seeing parsing errors in the catalina.out log file, since it’s not valid XML. 
Once corrected to the following, access to the server status pages worked 
properly.



https://urldefense.com/v3/__http://tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$<https://urldefense.com/v3/__http:/tomcat.apache.org/xml__;!!IZ3lH8c!yts7ZdG2lLWkLHZXnQFxUeyJeHbX_NxqieI-zv0Ui8nBlMzfnQ_mbT_M5evoEof6o-OZ5azA1nAyFqswncMY$>"

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";

  xsi:schemaLocation="http://tomcat.apache.org/xml 
tomcat-users.xsd<http://tomcat.apache.org/xml%20tomcat-users.xsd>"

  version="1.0">



Note the missing quotes and seriously munged-up xsi:schemaLocation attribute in 
your posting.



If you’re using an editor that thinks it’s clever to convert http:// references 
into HTML, get a better editor.



  - Chuck



CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.

RE: Re: Tomcat Console - 401 Unauthorized

2024-05-23 Thread Garber, Frank 
And the winner is: Chuck 😉

I tried Chrome (instead of the Corporate mandated browser Edge) and I was right 
away challenged for credentials.

Thanks for all those who responded.


From: Chuck Caldarale 
Sent: Wednesday, May 22, 2024 4:36 PM
To: Tomcat Users List 
Subject: {EXTERNAL} Re: Tomcat Console - 401 Unauthorized

> On May 22, 2024, at 13: 31, Garber, Frank  com. INVALID> wrote: > > Not knowing how it’s supposed to behave, here’s 
> another clue. When I click on the “Server Status” button, I never get prompted




> On May 22, 2024, at 13:31, Garber, Frank 
> mailto:francis.gar...@elevancehealth.com.INVALID>>
>  wrote:

>

> Not knowing how it’s supposed to behave, here’s another clue. When I click on 
> the “Server Status” button, I never get prompted for credentials.





This sounds like a browser configuration problem. On the first attempt to 
access a protected resource, the server will return a 401 status with a 
WWW-Authenticate header listing the acceptable authentication mechanisms; for 
Tomcat, "Basic" is the default. The browser is then supposed to take the 
specified action to determine the credentials - for Basic, that’s the typical 
dialog box prompt.



If you’re using Edge (my condolences if so), go to edge://policy and look at 
the AuthSchemes entry; if it doesn’t include “basic”, you’ll never get the 
prompt.



Can you correct the Edge config or try a different browser?



  - Chuck



CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipient(s) and may contain confidential
and privileged information or may otherwise be protected by law. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender by reply e-mail
and destroy all copies of the original message and any attachment thereto.