>any suggestions would be welcome. Thank you. I have dome some play around and I found if the tomcat-user.xml has
* <role rolename="manager-gui"/> <user username="admin" password="admin" roles="manager-gui"/>* * <role rolename="manager-script"/> <user username="admin" password="admin" roles="manager-script"/>* Then with url http://localhost:8080/manager gives 403 Access Denied error page. if the tomcat-user.xml only has * <role rolename="manager-gui"/> <user username="admin" password="admin" roles="manager-gui"/>* then url http://localhost:8080/manager shows the Tomcat Web Application Manager page without asking me to login. As you know syntax is unforgiving It must be exact. The change I would suggest is this :- At the url http://localhost:8080/manager initially a 403 access denied page was displayed with instructions on how to rectify it. So I did. BUT with url http://localhost:8080/manager/text the 403 access denied page does not show how to add a second element, manager-script to manager-gui. <role rolename="manager-gui"/> *<role rolename="manager-script"/>* <user username="admin" password="admin" roles="manager-gui *,manager-script*"/> So first I made some guesses which didn't work based my common sense, my common sense was doing it. then I had to google to find the syntax for adding second , third , so elements. CHANGE@I believe the 403 page should show how to add a second element syntax. On Fri, 20 Dec 2019 at 14:21, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Zahid, > > On 12/19/19 16:36, Zahid Rahman wrote: > > *SUCCESSS...SSSS* > > > > Buildfile: /home/kub18/myapp/build.xml Trying to override old > > definition of task javac Trying to override old definition of > > datatype resources > > > > prepare: > > > > compile: > > > > install: [deploy] OK - Deployed application at context path > > [/myapp] > > > > BUILD SUCCESSFUL Total time: 0 seconds > > Glad you got it working. If you think there are some changes to the > documentation that would be helpful, any suggestions would be welcome. > > > with these changes in tomcat-users.xml <role > > rolename="manager-gui"/> <role rolename="manager-script"/> <role > > rolename="manager-jmx"/> <role rolename="manager-status"/> <role > > rolename="admin-gui"/> <role rolename="admin-script"/> <user > > username="admin" password="admin" > > roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui > ,admin-script"/> > > That's > > > all of the privileges, which may be considered more than > necessary. Only the "manager-script" role should be necessary for the > ant task. > > The manager-gui would be necessary to login to /manager and not just > to use the services provided by /manager/text > > - -chris > > > On Thu, 19 Dec 2019 at 20:20, Zahid Rahman <zahidr1...@gmail.com > > <mailto:zahidr1...@gmail.com>> wrote: > > > > I updated tomcat-users.xml and I am able to login at > > http://localhost:8080/manager with tomcat & s3cret but at the url > > http://localhost:8080/manager/text > > > > > > 403 Access Denied > > > > You are not authorized to view this page. > > > > By default the Manager is only accessible from a browser running > > on the same machine as Tomcat. If you wish to modify this > > restriction, you'll need to edit the Manager's context.xml file. > > > > If you have already configured the Manager application to allow > > access and you have used your browsers back button, used a saved > > book-mark or similar then you may have triggered the cross-site > > request forgery (CSRF) protection that has been enabled for the > > HTML interface of the Manager application. You will need to reset > > this protection by returning to the main Manager page > > <http://localhost:8080/manager/html>. Once you return to this > > page, you will be able to continue using the Manager application's > > HTML interface normally. If you continue to see this access denied > > message, check that you have the necessary permissions to access > > this application. > > > > If you have not changed any configuration files, please examine > > the file conf/tomcat-users.xml in your installation. That file > > must contain the credentials to let you use this webapp. > > > > For example, to add the manager-gui role to a user named tomcat > > with a password of s3cret, add the following to the config file > > listed above. > > > > <role rolename="manager-gui"/> <user username="tomcat" > > password="s3cret" roles="manager-gui"/> > > > > Note that for Tomcat 7 onwards, the roles required to use the > > manager application were changed from the single manager role to > > the following four roles. You will need to assign the role(s) > > required for the functionality you wish to access. > > > > * manager-gui - allows access to the HTML GUI and the status pages > > * manager-script - allows access to the text interface and the > > status pages * manager-jmx - allows access to the JMX proxy and the > > status pages * manager-status - allows access to the status pages > > only > > > > The HTML interface is protected against CSRF but the text and JMX > > interfaces are not. To maintain the CSRF protection: > > > > * Users with the manager-gui role should not be granted either the > > manager-script or manager-jmx roles. * If the text or jmx > > interfaces are accessed through a browser (e.g. for testing since > > these interfaces are intended for tools not humans) then the > > browser must be closed afterwards to terminate the session. > > > > For more information - please see the Manager App How-To > > <http://localhost:8080/docs/manager-howto.html>. > > > > > > > > On Thu, 19 Dec 2019 at 19:51, Christopher Schultz > > <ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > > > Zahid, > > > > On 12/19/19 14:47, Zahid Rahman wrote: > >> CVS is working fine. > > > > LOL okay > > > >> build.properties # Context path to install this application on > >> app.path=/myapp > > > >> # Tomcat installation directory > >> catalina.home=/home/kub18/apache-tomcat-9.0.30 > > > >> # Manager webapp username and password > > manager.username=myusername > >> manager.password=mypassword > > > > Is your manager available at this URL: > > > > http://localhost:8080/manager/text > > > > ?? > > > > Try using your web browser to see if it works. > > > > -chris > > > >> On Thu, 19 Dec 2019 at 18:48, Christopher Schultz > >> <ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net> > >> <mailto:ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>>> wrote: > > > >> Zahid, > > > >> On 12/19/19 12:57, Zahid Rahman wrote: > >>> I'm religiously following the instructions. > > > >> :) Are you using CVS as your revision-control system? > > > >> Someone brought that to our attention recently; that page is > >> sorely out of date, unfortunately. > > > >>> The build script is the template provided. I have made only > >>> one change. Added one tag following warning. warning: > >>>> 'includeantruntime' was not set, defaulting to > > > >>> There is only one jsp in the application. > > > >>> I am trying to go through all the documents step by step. > > > >> What do you have in your build.properties file? Please > > remember to > >> remove all secrets. > > > >> -chris > > > >>> On Thu, 19 Dec 2019, 17:32 Christopher Schultz, < > >>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net> > >> <mailto:ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>>> wrote: > > > >>> Zahid, > > > >>> On 12/19/19 10:09, Zahid Rahman wrote: > >>>>>> tomcat document page: > >>>>>> https://tomcat.apache.org/tomcat-8.5-doc/appdev/processes.html > >>>>>> > >>>>>> > >>>>>> > > > >>>>>> > >>>>>> > > BEFORE TOMCAT STARTED > >>>>>> > >>>>>> KONSOLE OUTPUT > >>>>>> > >>>>>> kub18@UB18:~/myapp$ ant install Buildfile: > >>>>>> /home/kub18/myapp/build.xml Trying to override old > >>>>>> definition of datatype resources > >>>>>> > >>>>>> > >>>>>> prepare: > >>>>>> > >>>>>> > >>>>>> compile: [javac] /home/kub18/myapp/build.xml:293: > >>>>>> warning: 'includeantruntime' was not set, defaulting to > >>>>>> build.sysclasspath=last; set to false for repeatable > >>>>>> builds > >>>>>> > >>>>>> install: > >>>>>> > >>>>>> BUILD FAILED /home/kub18/myapp/build.xml:369: > >>>>>> java.net.ConnectException: Connection refused > >>>>>> (Connection refused) at > >>>>>> java.net.PlainSocketImpl.socketConnect(Native Method) > >>>>>> > >>>>>> AFTER TOMCAT STARTED > >>>>>> kub18@UB18:~/apache-tomcat-9.0.30/bin$ ./startup.sh > >>>>>> Using CATALINA_BASE: /home/kub18/apache-tomcat-9.0.30 > >>>>>> Using CATALINA_HOME: /home/kub18/apache-tomcat-9.0.30 > >>>>>> Using CATALINA_TMPDIR: > >>>>>> /home/kub18/apache-tomcat-9.0.30/temp Using JRE_HOME: > >>>>>> /usr Using CLASSPATH: > >>>>>> > > /home/kub18/apache-tomcat-9.0.30/bin/bootstrap.jar:/home/kub18/apa > > c > > > >>>>>> > > he- > > > >>>>>> > >> tomcat-9.0.30/bin/tomcat-juli.jar > >>>>>> > >>>>>> > >>>>>> > >>>>>> Tomcat started. > >>>>>> > >>>>>> KONSOLE OUTPUT kub18@UB18:~/myapp$ ant install > >>>>>> Buildfile: /home/kub18/myapp/build.xml Trying to override > >>>>>> old definition of datatype resources > >>>>>> > >>>>>> prepare: > >>>>>> > >>>>>> compile: [javac] /home/kub18/myapp/build.xml:293: > >>>>>> warning: 'includeantruntime' was not set, defaulting to > >>>>>> build.sysclasspath=last; set to false for repeatable > >>>>>> builds > >>>>>> > >>>>>> install: > >>>>>> > >>>>>> BUILD FAILED /home/kub18/myapp/build.xml:369: > >>>>>> java.net.ProtocolException: Server redirected too many > >>>>>> times (20) at > >>>>>> > > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpUR > > L > > > >>>>>> > > Con > > > >>>>>> > >> nection.java:1908) > >>>>>> > >>>>>> After inserting > >>>>>> > >>>>>> <presetdef name="javac"> <javac > >>>>>> includeantruntime="false" /> </presetdef> > >>>>>> > >>>>>> KONSOLE OUTPUT > >>>>>> > >>>>>> ant install Buildfile: /home/kub18/myapp/build.xml > >>>>>> Trying to override old definition of task javac Trying to > >>>>>> override old definition of datatype resources > >>>>>> > >>>>>> prepare: > >>>>>> > >>>>>> compile: > >>>>>> > >>>>>> install: > >>>>>> > >>>>>> BUILD FAILED /home/kub18/myapp/build.xml:372: > >>>>>> java.net.ProtocolException: Server redirected too many > >>>>>> times (20) at > >>>>>> > > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpUR > > L > > > >>>>>> > > Con > > > >>>>>> > >> nection.java:1908) > > > >>> It > >>>>>> > >>> looks like something isn't working with your ant build script, > >>> or with your application. > > > >>> -chris > >>>> > >>>> > > -------------------------------------------------------------------- > > > > > - - > >>>> > >>>> > > > >>>> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > <mailto:users-unsubscr...@tomcat.apache.org> > >> <mailto:users-unsubscr...@tomcat.apache.org > > <mailto:users-unsubscr...@tomcat.apache.org>> > >>>> For additional commands, e-mail: > > users-h...@tomcat.apache.org <mailto:users-h...@tomcat.apache.org> > >> <mailto:users-h...@tomcat.apache.org > > <mailto:users-h...@tomcat.apache.org>> > >>>> > >>>> > > > > > > > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl382MwACgkQHPApP6U8 > pFgtLBAAgJ0zxXhO3SR9KfvuH1keqpHooH/MunrKHJi19oHE0w2MVk50N5Ja6Cj1 > qH64upK8MbyJl8W4gPEGbAZ27nPNDaTnj1lmcHiDVQL/QcGTSKVQMO3rEzuJWtk6 > ODEUFUy1gnBDWeT8s83kU9L7wmIJiQ3kjQaBtqWYtTpB4tWhpXJJbsXzGAbNbNSb > +N8lk9Q6V3tjSe4i/EpkFPjTFPUIM7Lo4w7JI28dRWWWMoHHXp1n1jfChVKkU0Ah > jkWCWir4zm4BpHStAcstxh7LybX6/Q0p4qLqWW6ArKR1QkBxjIKX9y+ZtvChnVxI > Fg2s6ehgQxXq3xniUEgnSfgUGusx6ZB9QhlC364+mMYMusvjRv5Nt5uUzw2QrNB0 > LcZNfA7gw77ec0RG6wZwmc1hSPDxOODmpec4SSViLcLV44+SscjoPwOQ3NK4iODN > AnKMTQF704rfiIUGVUnAfyM46hjWNzBlOAjOzmL6Ma/Pabiv79qGTPLU09xNxujZ > 9v3F2gLtAgRj8NHvCQvlHoQWaAxS6Ljg4fHy40Sftw62LKs2COocS1s4yZw0vy4I > 8a3CTn6ZqrfaL5SkalUqxEmkxK4QOLXPN4XJgBV2Ypk4fiHgNAXb/gCiEM4nnY+1 > 81sWca47xaQgtW+tt0My/7G2I1+rE0zNEp2YqKVBCgA5UoSm2Gw= > =D1We > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
