On 24.05.2016 09:55, Bjørn T Johansen wrote:
On Mon, 23 May 2016 15:25:54 +0200
André Warnier (tomcat) <a...@ice-sa.com> wrote:
On 23.05.2016 15:08, Bjørn T Johansen wrote:
On Mon, 23 May 2016 14:54:14 +0200
André Warnier (tomcat) <a...@ice-sa.com> wrote:
On 23.05.2016 14:48, Bjørn T Johansen wrote:
On Mon, 23 May 2016 14:39:25 +0200
André Warnier (tomcat) <a...@ice-sa.com> wrote:
On 23.05.2016 14:25, Bjørn T Johansen wrote:
On Fri, 20 May 2016 13:49:35 +0200
André Warnier (tomcat) <a...@ice-sa.com> wrote:
On 20.05.2016 12:54, Bjørn T Johansen wrote:
When I access the status page everything works fine but when I try to access
the manager page, I get the following error:
This site can’t be reached
The connection was reset.
Try:
Reloading the page
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_RESET
I can not find any reasons for this in the default config, what am I missing?
And in the Tomcat logfiles ?
Nothing, except for this in the access log:
[23/May/2016:14:23:22 +0200] "GET /manager HTTP/1.1" 302 -
[23/May/2016:14:23:22 +0200] "GET /manager/ HTTP/1.1" 302 -
[23/May/2016:14:23:22 +0200] "GET /manager/html HTTP/1.1" 401 2473
What's strange is that if I try from the same subnet as the Tomcat is installed
in, then it works. But not from another subnet...
I don't remember if you ever posted the Tomcat version which you are using.
In case it is 8.0.x, have a look here :
http://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Configuring_Manager_Application_Access
(The paragraph starting with : "In addition to the password restrictions,..")
Check with the on-line docs relevant to your version, if there isn't something
like that
configured on your system.
Yes, we are using version 8.0.x
And last week I just downloaded the new version 8.0.35 and added my user in the
tomcat-users.xml file and tried on an empty tomcat server and I got
the same result...
And did you really check what I asked you to check above ?
A 401 response (as shown by the above log) means "forbidden".
If you say that from some place you can access it, and from others not, then
there is
somewhere something that makes a difference based on your client's IP address.
Yes, I read the same page last week. I even tried to add a file
where ?
containing:
<Context privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1"/>
</Context>
with my ip address without any change...
And yes, I know the logic behind the error message but I can not find any logic
to why it's happening.. Also if /status works, why wouldn't /manager ?
And sorry, I was wrong above. A 401 response means really this :
quote
10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a
WWW-Authenticate
header field (section 14.47) containing a challenge applicable to the requested
resource.
The client MAY repeat the request with a suitable Authorization header field
(section
14.8). If the request already included Authorization credentials, then the 401
response
indicates that authorization has been refused for those credentials. If the 401
response
contains the same challenge as the prior response, and the user agent has
already
attempted authentication at least once, then the user SHOULD be presented the
entity that
was given in the response, since that entity might include relevant diagnostic
information. HTTP access authentication is explained in "HTTP Authentication:
Basic and
Digest Access Authentication" [43].
unquote
In other words, it means "for accessing this page, you need to authenticate".
So, if your browser is allowed to use HTTP Basic authentication, it should pop
up a login
dialog.
Does it ?
If it does not, then :
- are you inside some company LAN, within a Windows Domain ?
- if yes, is your browser IE, and is it allowed to do HTTP Basic authentication
?
I created a file called "hostname".xml and placed it in conf/Catalina..
And yes, I get the popup asking for username and password, the 401 error
appears after I have logged in...
And the answer to your other questions is no, I am using Linux...
I think that it would save time (for all), if you provided us with a clear description of
your setup, rather than having to pull it out of you little by little like teeth.
Such as :
- server where Tomcat is running
- IP address or similar
- Operating system
- Java version
- Full Tomcat version (8.0.x)
(for the last three, run "version.sh" in the Tomcat/bin directory)
- workstation where "it works"
- same things, + browser used
- workstation where "it does not work"
- same things, + browser used
and what is (maybe) in-between the server and the workstations in both cases.
Regarding "the 401 error appears after I have logged in" and similar statements : can you
make an effort and be somewhat more precise ? we do not have a crystal ball, and we cannot
connect to your network, so what may appear clear to you, is a bit fuzzy here at the moment.
Let's summarise what we know already :
- you are trying to connect to the "manager" application of a Tomcat, from 2 different
workstations
- on one workstation, "it works", on another workstation "it does not work"
- presumably, on the workstation where it works :
- you enter the manager URL in the browser,
- you get a login dialog
- you enter the user name and password in the login dialog and press ok
- and then you get the first page of the manager application
- presumably also, on the workstation where it does not work :
- you enter the same manager URL in the browser,
- you get a login dialog
- you enter the same user name and password in the login dialog and press ok
- and then you get the login dialog again, as if you had entered a bad username
or password
Is the above a correct description ?
And if not, what is wrong or different, precisely ?
I have to say that with the data which you have provided so far, which tends to
imply
- that the manager application is protected by a mandatory HTTP Basic login
- with the authorised users listed in the Tomcat/conf/tomcat-users.xml file, properly
configured
it does not make sense that one workstation would "work", and the other one
"not".
If you get a login dialog in both cases, it means that in both cases the server's 401
response is received by the browser(s) (which causes the browser to popup the login dialog).
And since in both cases, the same Tomcat and the same tomcat-users.xml file are supposed
to be used (and the same user-id/password entered in the login dialog), it makes no sense
that the responses would be different.
So one of the above assumptions is wrong.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
