You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andrew M <bl...@yahoo.com.INVALID> on 2015/09/08 15:21:59 UTC
Unable to get the jmx information for tomcat 8 from command
line(curl command)
Hi Guys,
Any idea why it is saying "401 Unauthorized"
I execute the following command: curl -1 --max-time 10 -s -k -u tomcat_jmx:'eyFW$&$FvSIp#FUk' --url https://pentagon505:8443/deploy/jmxproxy?
I have added the user to tomcat-users.xml configuration file as well
<role rolename="manager-gui"/> <user username="tomcat" password="pass1!" roles="manager-gui"/> <role rolename="manager-jmx"/> <user username="tomcat_jmx" password="passwords!@#" roles="manager-jmx"/></tomcat-users>
Where are the things going wrong?
Please note that I am executing the command from a remote server:
Complete output is as follows:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html> <head> <title>401 Unauthorized</title> <style type="text/css"> <!-- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;} H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} PRE, TT {border: 1px dotted #525D76} A {color : black;}A.name {color : black;} --> </style> </head> <body> <h1>401 Unauthorized</h1> <p> You are not authorized to view this page. If you have not changed any configuration files, please examine the file <tt>conf/tomcat-users.xml</tt> in your installation. That file must contain the credentials to let you use this webapp. </p> <p> For example, to add the <tt>manager-gui</tt> role to a user named <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the config file listed above. </p><pre><role rolename="manager-gui"/><user username="tomcat" password="s3cret" roles="manager-gui"/></pre> <p> Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single <tt>manager</tt> role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access. </p> <ul> <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status pages</li> <li><tt>manager-script</tt> - allows access to the text interface and the status pages</li> <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status pages</li> <li><tt>manager-status</tt> - allows access to the status pages only</li> </ul> <p> The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection: </p> <ul> <li>Users with the <tt>manager-gui</tt> role should not be granted either the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li> <li>If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.</li> </ul> <p> For more information - please see the <a href="/docs/manager-howto.html">Manager App HOW-TO</a>. </p> </body> </html>
Would greatly appreciate your help.
Thanks !
Andrew
Re: Unable to get the jmx information for tomcat 8 from command
line(curl command)
Posted by Neven Cvetkovic <ne...@gmail.com>.
On 9 Sep 2015 17:59, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Andrew,
>
> On 9/8/15 9:21 AM, Andrew M wrote:
> > Any idea why it is saying "401 Unauthorized"
>
> > I execute the following command: curl -1 --max-time 10 -s -k -u
> > tomcat_jmx:'eyFW$&$FvSIp#FUk' --url
> > https://pentagon505:8443/deploy/jmxproxy?
>
> Your shell may do something odd with a partially-quoted
> username/password argument. Try this:
>
> $ curl -1 --max-time 10 -s -k \
> -u 'tomcat_jmx:eyFW$&$FvSIp#FUk' \
> --url https://pentagon505:8443/deploy/jmxproxy?
>
Can you post your <Realm> information? Your password does not match. You
did not provide proper user/pass combination, i.e. did not properly
authenticate, hence 401 error.
> > I have added the user to tomcat-users.xml configuration file as
> > well <role rolename="manager-gui"/> <user username="tomcat"
> > password="pass1!" roles="manager-gui"/> <role
> > rolename="manager-jmx"/> <user username="tomcat_jmx"
> > password="passwords!@#" roles="manager-jmx"/></tomcat-users>
>
> The #1 error with tomcat-users.xml is forgetting to un-comment the
> block of XML.
>
> > Please note that I am executing the command from a remote server:
>
> > Complete output is as follows:<!DOCTYPE html PUBLIC "-//W3C//DTD
> > HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
> > <head> <title>401 Unauthorized</title> <style type="text/css">
> > <!-- BODY
> > {font-family:Tahoma,Arial,sans-serif;color:black;background-color:whit
> e;font-size:12px;}
> >
> >
> H1
> > {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525
> D76;font-size:22px;}
> >
> >
> PRE, TT {border: 1px dotted #525D76} A {color : black;}A.name
> > {color : black;} --> </style> </head> <body> <h1>401
> > Unauthorized</h1> <p> You are not authorized to view this
> > page. If you have not changed any configuration files, please
> > examine the file <tt>conf/tomcat-users.xml</tt> in your
> > installation.
>
> That sure looks like a failure to authenticate, coming from Tomcat.
>
+1
Re: Unable to get the jmx information for tomcat 8 from command
line(curl command)
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Andrew,
On 9/8/15 9:21 AM, Andrew M wrote:
> Any idea why it is saying "401 Unauthorized"
> I execute the following command: curl -1 --max-time 10 -s -k -u
> tomcat_jmx:'eyFW$&$FvSIp#FUk' --url
> https://pentagon505:8443/deploy/jmxproxy?
Your shell may do something odd with a partially-quoted
username/password argument. Try this:
$ curl -1 --max-time 10 -s -k \
-u 'tomcat_jmx:eyFW$&$FvSIp#FUk' \
--url https://pentagon505:8443/deploy/jmxproxy?
> I have added the user to tomcat-users.xml configuration file as
> well <role rolename="manager-gui"/> <user username="tomcat"
> password="pass1!" roles="manager-gui"/> <role
> rolename="manager-jmx"/> <user username="tomcat_jmx"
> password="passwords!@#" roles="manager-jmx"/></tomcat-users>
The #1 error with tomcat-users.xml is forgetting to un-comment the
block of XML.
> Please note that I am executing the command from a remote server:
> Complete output is as follows:<!DOCTYPE html PUBLIC "-//W3C//DTD
> HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html>
> <head> <title>401 Unauthorized</title> <style type="text/css">
> <!-- BODY
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:whit
e;font-size:12px;}
>
>
H1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525
D76;font-size:22px;}
>
>
PRE, TT {border: 1px dotted #525D76} A {color : black;}A.name
> {color : black;} --> </style> </head> <body> <h1>401
> Unauthorized</h1> <p> You are not authorized to view this
> page. If you have not changed any configuration files, please
> examine the file <tt>conf/tomcat-users.xml</tt> in your
> installation.
That sure looks like a failure to authenticate, coming from Tomcat.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV8Fc0AAoJEBzwKT+lPKRYxQsP/0zPdIrgunYxBlRX13qZSC2X
lokaa68oi49wsLyMrHW/H8E2fBpdkkiqnHEF2r9OPSyfFzE39+iXOk3lnEajOpvg
YZmGNEdVb+OrOY3apg9t5EZbviCbGJPvYRvC+peR8Gv0z/6ty9SpDAqinROOZxhk
QiH38bIA43bsJzbxKKPYeedSv2FAq8tKccuvZ6P76Nob5Q/ye/JLSxQJTvOjdZ4j
lVkegjw9W4a6ZkByUQUJmBtuyUUQWpBX3jzvtlI3mZcxmR8/9nTBzdHUGNMRxACH
kKJx19t1k3mjRHCYQrU9hY7GdZjl26pARsDk3FxHvr155Mx+T2iKOD6FZMetgxoj
uf5wkh2MsqbV1X2BFrYMiYJGk5NRgQr81UHEuhE66R82zJ9q9b3/O4v0S+cz78Wg
/sZN/d9+s4IT7CWFbzOVYvDKc6Al0pu+LAFCx+Crpt+kdZgXEnEYGDOsqExNjV7b
aZJdwlViJzZ16E6oOX94aU+NtTiipIAyAXC6UxoHqWCvj20Xeby+ajWcVstJ9WTj
QXtFUyx8KtE3Zp+60k6Ematcl9IhEkMXR/GfWDURnZewXn870gqejAyns9dKw6E7
x1r8G6/YJJIsyTKTu5ju9enkjLyWfbW0JtfpspcWfLeDqC2rG8bWe4JBQBqX6yGM
UgCMMInuEYOHynWjeLpE
=ctld
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org