*This works* curl -u tomcat:tomcat http://localhost:8080/host-manager/text/list OK - Listed hosts [localhost]:[]
I have rebooted and restarted the browser. *BUT with the same tomcat-users.xml * *It is now going straight to 401.* *with all three URL* *http://localhost:8080/manager/status <http://localhost:8080/manager/status>* http://localhost:8080/manager/html http://localhost:8080/host-manager/html *tomcat-usersxml* <role rolename="manager-gui"/> <role rolename="manager-script"/> <role rolename="admin-gui"/> <role rolename="tomee-admin" /> <!-- Activate/create these lines to get access to TomEE GUI --> <role rolename="manager"/> <user username="tomcat" password="tomcat" roles="manager-gui,admin-script,admin-gui,tomee-admin,manager"/> 401 Unauthorized You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp. For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above. <role rolename="manager-gui"/> <user username="tomcat" password="s3cret" roles="manager-gui"/> Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access. manager-gui - allows access to the HTML GUI and the status pages manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages manager-status - allows access to the status pages only The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection: Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session. <http://www.backbutton.co.uk/> On Tue, 18 Aug 2020, 20:46 , <jonmcalexan...@wellsfargo.com.invalid> wrote: > I was going to say it sounds like a persistent cookie... > > > Dream * Excel * Explore * Inspire > Jon McAlexander > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > -----Original Message----- > From: Mark Thomas <ma...@apache.org> > Sent: Tuesday, August 18, 2020 1:57 PM > To: users@tomcat.apache.org > Subject: Re: Login appears only once > > On 18/08/2020 19:45, Anwar AliKhan wrote: > > I rebooted the machine , then the login box appeared . > > Obviously this is not an ideal solution! > > Did you close the browser between tests? > > Mark > > > > On Tue, 18 Aug 2020, 19:07 Anwar AliKhan, <anwaralikhan...@gmail.com> > wrote: > > > >> Hi, > >> I deployed an app called tomee using the tomcat manager app. > >> > >> The first time I selected the app in the tomcat manager to run it. > >> a login appeared asking for username and password. > >> > >> I had not set it up. So it took me to the 403 page . > >> > >> Now I have set up tomee-admin user. > >> > >> I stopped restarted tomcat for it to register the contents of > >> tomcat-users.xml I no longer get the login Box. It goes straight to > >> the 403 page. > >> > >> *what is the problem ? Thanks for your help* > >> > >> > >> > >> <role rolename="manager-gui"/> > >> <!-- Activate/create these lines to get access to TomEE GUI --> <role > >> rolename="tomee-admin" /> <user username="tomcat" password="s3cret" > >> roles="manager-gui"/> <user username="admin" password="" > >> roles="manager"/> <user username="tomee" password="tomee" > >> roles="tomee-admin" /> HTTP Status 403 – Forbidden > >> ------------------------------ > >> > >> *Type* Status Report > >> > >> *Message* Access to the requested resource has been denied > >> > >> *Description* The server understood the request but refuses to > >> authorize it. > >> ------------------------------ > >> Apache Tomcat/9.0.37 > >> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
