I forgot to mention that I added manager-gui role, but it didn't help - login
window doesn't appear.
Here is extract from tomcat-users.xml:
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-----Original Message-----
From: David kerber [mailto:dcker...@verizon.net]
Sent: vendredi 27 mars 2015 21:28
To: Tomcat Users List
Subject: Re: can't access to Manager Application in Eclipse
As Eldon said, you need to set the manager-gui role for the user you're trying
to use.
On 3/27/2015 4:19 PM, Pavel Yermolenko wrote:
> Here below – the content of error page.
>
> What I can't understand is: after uncommenting of the "login parameters" in
> tomcat-users.xml, the login window no more appear.
>
> When all "login parameters" were commented in tomcat-users.xml, login window
> appeared, but what values specify for username/password should I specify in
> this case?
>
>
>
>
>
> You are not authorized to view this page.
>
>
>
> If you have already configured the Manager application to allow access and
> you have used your browsers back button, used a saved book-mark or similar
> then you may have triggered the cross-site request forgery (CSRF) protection
> that has been enabled for the HTML interface of the Manager application. You
> will need to reset this protection by returning to the main Manager page.
> Once you return to this page, you will be able to continue using the Manager
> appliction's HTML interface normally. If you continue to see this access
> denied message, check that you have the necessary permissions to access this
> application.
>
>
>
> If you have not changed any configuration files, please examine the file
> conf/tomcat-users.xml in your installation. That file must contain the
> credentials to let you use this webapp.
>
>
>
> For example, to add the manager-gui role to a user named tomcat with a
> password of s3cret, add the following to the config file listed above.
>
> <role rolename="manager-gui"/>
>
> <user username="tomcat" password="s3cret" roles="manager-gui"/>
>
>
>
>
>
> Note that for Tomcat 7 onwards, the roles required to use the manager
> application were changed from the single manager role to the following four
> roles. You will need to assign the role(s) required for the functionality you
> wish to access.
>
> •manager-gui - allows access to the HTML GUI and the status pages
>
> •manager-script - allows access to the text interface and the status pages
>
> •manager-jmx - allows access to the JMX proxy and the status pages
>
> •manager-status - allows access to the status pages only
>
>
>
> The HTML interface is protected against CSRF but the text and JMX interfaces
> are not. To maintain the CSRF protection:
>
> •Users with the manager-gui role should not be granted either the
> manager-script or manager-jmx roles.
>
> •If the text or jmx interfaces are accessed through a browser (e.g. for
> testing since these interfaces are intended for tools not humans) then the
> browser must be closed afterwards to terminate the session.
>
>
>
>
>
>
>
> -----Original Message-----
> From: Eldon Olmstead [mailto:eldon.olmst...@newnet.com]
> Sent: vendredi 27 mars 2015 20:44
> To: users@tomcat.apache.org
> Subject: Re: can't access to Manager Application in Eclipse
>
>
>
>
>
> On 15-03-27 04:00 PM, Pavel Yermolenko wrote:
>
>> Hello,
>
>>
>
>>
>
>>
>
>> After "activating" of management accounts in tomcat-users.xml I still
>
>> can't access to "Manager App" page (please see extract from
>
>> tomcat-users.xml below).
>
>>
>
>> Once the server stoped/run, the login window doesn't appear when
>
>> clicking on "Manager App", but instead error window "403 Access denied".
>
>>
>
> When you received a 403 you probably got a page that described why you can't
> access the tomcat manager.
>
> Read it carefully and you will noticed that it tells you what to do, that is
> you have to add manager-gui to the roles attribute in tomcat-users.xml.
>
>>
>
>>
>
>> Thanks in advance
>
>>
>
>>
>
>>
>
>> Pavel
>
>>
>
>>
>
>>
>
>> Extract from tomcat-users.xml:
>
>>
>
>>
>
>>
>
>> <role rolename="tomcat"/>
>
>>
>
>> <role rolename="role1"/>
>
>>
>
>> <user username="tomcat" password="tomcat" roles="tomcat"/>
>
>>
>
>> <user username="both" password="tomcat" roles="tomcat,role1"/>
>
>>
>
>> <user username="role1" password="tomcat" roles="role1"/>
>
>>
>
>>
>
>>
>
>> ---
>
>> L'absence de virus dans ce courrier électronique a été vérifiée par le
>> logiciel antivirus Avast.
>
>> <http://www.avast.com> http://www.avast.com
>
>>
>
>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> This e-mail is intended only for the named recipient(s) and may contain
> information that is otherwise privileged, confidential and/or exempt from
> disclosure under applicable law. No waiver of privilege, confidence, or
> otherwise is intended by virtue of communication via the internet. Any
> unauthorized use, dissemination or copying is strictly prohibited. If you
> have received this e-mail in error, or are not the named as a recipient,
> please immediately notify the sender and destroy all copies of this e-mail.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
> ---------------------------------------------------------------------
>
> To unsubscribe, e-mail: <mailto:users-unsubscr...@tomcat.apache.org>
> users-unsubscr...@tomcat.apache.org
>
> For additional commands, e-mail: <mailto:users-h...@tomcat.apache.org>
> users-h...@tomcat.apache.org
>
>
>
> ---
> L'absence de virus dans ce courrier électronique a été vérifiée par le
> logiciel antivirus Avast.
> http://www.avast.com
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel
antivirus Avast.
http://www.avast.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
