[HOW TO] 403 Access Denied In Tomcat

Hello,



Today I have a problem with Apache Tomcat: What is Tomcat default account? 
I resolved once.

Let's go,

You built Tom Cat to use for hosting website. Once day you need to deploy *.war package and ...

Go to http://heineken.tiger:8080/manager/html and move to Manager App button. You log in with default account (C:\apache-tomcat-7.0.32\conf\tomcat-users) . However you got the error:

403 Access Denied

You are not authorized to view this page.
If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction's HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.


What is happended?

Okay, we are finding the result for this case.

By default, Tomcat does not enable default account or manager access. Therefore, to enable, you need to edit the file configuration at C:\apache-tomcat-7.0.32\conf\tomcat-users

It's simple!

Before:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
After:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
  <role rolename="manager"/> #access the HTML interface               <role rolename="manager-gui"/>
  <role rolename="admin"/>                                            <role rolename="admin-gui"/>
  <user username="admin" password="admin" roles="admin,admin-gui,manager,manager-gui"/>
</tomcat-users>
Saved it and restart Tomcat.


Refresh your browser at http://heineken.tiger:8080/manager/html and move to Manager App button, login with username: admin and password: admin.

Tomcat Web Application Manager appears.

Are you happy? I just help you to resolve the problem. Please pm me if you have any question.
You are welcome,




Thank you for reading this article, please a comment if you are interested.
Tiến Phan - R0039
Knowledge is Endless
Sharing for Success

2 comments:

  1. Excelente post a mi me funcionó de esta forma:
    #access the HTML interface







    ReplyDelete
  2. Excelente post, esta fue mi solución:
    #access the HTML interface






    ReplyDelete