Justin,
Assuming that is the entire file, it looks like you do not have a
UserDatabase or a Realm defined. You need to define a UserDatabase
Resource tag and a Realm for the security configuration. This is
required by the manager application perform authentication and
authorization.
This configuration will look something like the following (non-essential
elements removed for brevity)...
<Server..>
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service...>
<Engine...>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Engine>
</Service>
</Server>
For a complete example, grab a fresh copy of Tomcat and take a look at
the server.xml file that is packaged with it. It has both of these
elements defined and some comments which explain how it works.
Dan
On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote:
> I have copied my server.xml file below.
> ______________
>
> <Server port="8405" shutdown="Shutdown.SerenaCommonTomcat">
> <!-- <Listener
> className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"
> /> -->
> <Listener className="org.apache.catalina.core.JasperListener"/>
> <Listener
> className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
> <Listener
> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
>
> <Service name="Catalina">
>
> <Connector connectionTimeout="20000" port="18080"
> protocol="HTTP/1.1" redirectPort="8443" server="Unknown Web Server/1.0"/>
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443, using only
> 128-bit+ encryption (remove ciphers attribute if not needed). -->
> <!-- <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true" clientAuth="false"
> sslProtocol="TLS" ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
> SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA"
> server="Unknown Web Server/1.0"/> -->
>
> <Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
> disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat"
> keystoreFile="conf/sample-ssl.jks" keystorePass="*****"
> maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150"
> minSpareThreads="25" port="8443" scheme="https" secure="true"
> sslProtocol="TLS" strategy="ms" truststoreFile="conf/sample-ssl.jks"
> truststorePass="*****"/>
>
> <Connector SSLEnabled="true" acceptCount="100" clientAuth="true"
> disableUploadTimeout="true" enableLookups="false" keyAlias="tomcat"
> keystoreFile="conf/sample-ssl.jks" keystorePass="*****"
> maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150"
> minSpareThreads="25" port="8543" scheme="https" secure="true"
> sslProtocol="TLS" strategy="ms" truststoreAlgorithm="AnyCert"
> truststoreFile="conf/sample-ssl.jks" truststorePass="*****"/>
>
> <!-- Define an AJP 1.3 Connector on port 8409. -->
> <Connector port="8409" protocol="AJP/1.3" redirectPort="8443"
> server="Unknown Web Server/1.0"/>
>
> <Engine defaultHost="localhost" name="Catalina">
> <Host appBase="webapps" autoDeploy="true" name="localhost"
> unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"/>
> </Engine>
>
> </Service>
> </Server>
>
>
> _______________
>
> Thanks,
> Justin LaRose
> Database & Web Services Administrator
> NEXCOM
> (757) 631-3443
> [email protected]
>
>
>
> From: Daniel Mikusa <[email protected]>
> To: Tomcat Users List <[email protected]>
> Date: 11/14/2011 04:26 PM
> Subject: Re: tomcat manager/status question
>
>
> Justin,
>
> Your "conf/tomcat-users.xml" looks fine to me. I copied and pasted it
> into a stock Tocmat 6.0.33 server on my machine and it worked fine.
>
> At this point, you might want to also post your "conf/server.xml" file.
>
> Dan
>
>
>
> On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote:
> > Yes I have restarted tomcat after editing this file:
> >
> > <?xml version='1.0' encoding='cp1252'?>
> > <tomcat-users>
> > <role rolename="manager-gui"/>
> > <user username="admin" password="********" roles="manager-gui"
> />
> > </tomcat-users>
> >
> >
> >
> > Thanks,
> > Justin LaRose
> > Database & Web Services Administrator
> > NEXCOM
> > (757) 631-3443
> > [email protected]
> >
> >
> >
> > From: Daniel Mikusa <[email protected]>
> > To: Tomcat Users List <[email protected]>
> > Date: 11/14/2011 02:32 PM
> > Subject: Re: tomcat manager/status question
> >
> >
> > Justin,
> >
> > What exactly do you have in your "conf/tomcat-users.xml" file? If you
> > could include the contents of the file inline here, that would be
> > helpful.
> >
> > Don't forget to redact passwords and other sensitive info.
> >
> > Dan
> >
> >
> > On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
> > > Question: I upgraded my Tomcat version to 6.0 using the
> > > apache-tomcat-6.0.33.exe file and I am trying to access the manager
> > > and the status pages here: localhost:port\index.jsp
> > > I get to the default Tomcat page and select "status" and I get a login
> > > prompt. After entering the username and password that I have
> > > configured in the \conf\tomcat-users.xml
> > > file it just asks for the password again and again. After the 3rd
> > > attempt it will default to the 401 page that talks about configuring
> > > the tomcat-users.xml file. I also get the same error after selecting
> > > the "manager" link as well.
> > >
> > > Do I need to install another portion of Tomcat to get this feature to
> > > work?
> > >
> > >
> > >
> > > Thanks,
> > > Justin LaRose
> > > Database & Web Services Administrator
> > > NEXCOM
> > > (757) 631-3443
> > > [email protected]
> > >
> > >
> >
> ******************************************************************************
> > > This email and any files transmitted with it are intended solely for
> > > the use of the individual or agency to whom they are addressed.
> > > If you have received this email in error please notify the Navy
> > > Exchange Service Command e-mail administrator. This footnote
> > > also confirms that this email message has been scanned for the
> > > presence of computer viruses.
> > >
> > > Thank You!
> > >
> >
> ******************************************************************************
> > >
> >
>
