I just installed tomcat 9.0.37 on my ubuntu 20.04 system. The install worked just fine, no errors of any kind.
I modified the tomcat-users.xml file to have the following content <?xml version="1.0" encoding="UTF-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"> <!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. It is strongly recommended that you do NOT use one of the users in the commented out section below since they are intended for use with the examples web application. --> <!-- NOTE: The sample user and role entries below are intended for use with the examples web application. They are wrapped in a comment and thus are ignored when reading this file. If you wish to configure these users for use with the examples web application, do not forget to remove the <!.. ..> that surrounds them. You will also need to set the passwords to something appropriate. --> <!-- <role rolename="tomcat"/> <role rolename="role1"/> <user username="tomcat" password="<must-be-changed>" roles="tomcat"/> <user username="both" password="<must-be-changed>" roles="tomcat,role1"/> <user username="role1" password="<must-be-changed>" roles="role1"/> --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="manager-status"/> <role rolename="manager-jmx"/> <user username="my_username" password="my-secret-password" roles="admin-gui,manager-gui,manager-script,manager-jmx,manager-status/> </tomcat-users> I stopped and restarted tomcat When I visit http://localhost:8080 I see the expected page. When I click on the "Manager App" button I enter the username and password I entered into my tomcat users file. But it never accepts my username/password, it just keeps re-issuing the prompt. I looked at the files in the logs directory and in the cataline logfile I saw the following message 11-Jul-2020 11:31:12.804 WARNING [http-nio-8080-exec-2] org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt was made to authenticate the locked user [my_username] There were no other messages in the logfile pertaining to my user. How do I resolve this issue ? Thanks. ================== Barry Kimelman Winnipeg, Manitoba, Canada