You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Karen Goh <ka...@yahoo.com.INVALID> on 2018/12/22 09:12:11 UTC
Tomcat Manager keeps asking for Authentication
I am running Netbean 8.2 and am trying to study a web project from github.
It was stated that certain pages are constrained by the Tomcat Role, in order to view the Admin panel.
So, what I did was to alter the Tomcat C:\Program Files\Apache Software Foundation\Apache Tomcat 8.0.27\conf\tomcat-user.xml
And here's what I added:
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<user password="tomcat" roles="tomcat,manager-gui" username="tomcat"/>
<user password="tomcat" roles="tomcat,role1" username="both"/>
<user password="tomcat" roles="role1" username="role1"/>
<user password="pass" roles="manager-script, administrator" username="me"/>
</tomcat-users>
Error message :
Deployment error: Access to Tomcat server has not been authorized. Set the correct username and password with the "manager-script" role in the Tomcat customizer in the Server Manager.
See the server log for details.
I also tried below but it can't work also.
<tomcat-users>
<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="administrator"/>
<user password="tomcat" roles="tomcat,administrator" username="tomcat"/>
<user password="tomcat" roles="tomcat,role1" username="both"/>
<user password="tomcat" roles="role1" username="role1"/>
<user password="pass" roles="manager-script, administrator" username="me"/>
</tomcat-users>
Here's the constraint that is imposed at the web.xml under WEB/INF:
-- You can restrict access to admin pages by uncommenting the code below-->
<security-role>
<description>administrator of the website</description>
<role-name>administrator</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin Login</web-resource-name>
<url-pattern>/admin_panel/*</url-pattern>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Admin Login</realm-name>
</login-config> -->
Please let me know what I have done wrong.
Tks.
Here's the screenshot of
https://ibb.co/0V3CCcs
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat Manager keeps asking for Authentication
Posted by Mark Thomas <ma...@apache.org>.
On 22/12/2018 09:12, Karen Goh wrote:
>
> I am running Netbean 8.2 and am trying to study a web project from github.
>
> It was stated that certain pages are constrained by the Tomcat Role, in order to view the Admin panel.
>
> So, what I did was to alter the Tomcat C:\Program Files\Apache Software Foundation\Apache Tomcat 8.0.27\conf\tomcat-user.xml
Note: 8.0.x has reached end of life and is no longer supported.
>
> And here's what I added:
>
> <tomcat-users>
> <role rolename="tomcat"/>
> <role rolename="role1"/>
> <role rolename="manager-gui"/>
> <user password="tomcat" roles="tomcat,manager-gui" username="tomcat"/>
> <user password="tomcat" roles="tomcat,role1" username="both"/>
> <user password="tomcat" roles="role1" username="role1"/>
> <user password="pass" roles="manager-script, administrator" username="me"/>
> </tomcat-users>
Are you sure the above is not commented out?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org