403 access denied on tomcat 7.0.42
Solution 1
Remove the manager-script and add "manager-gui,manager-status".
To access the HTML interface, you need to have the manager-gui role, but you must NOT have the manager-script or manager-jmx roles.
<tomcat-users>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="tomcat" roles="manager-gui,manager-status"/>
</tomcat-users>
some information for you about roles from http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html
- manager-gui — Access to the HTML interface.
- manager-status — Access to the "Server Status" page only.
- manager-script — Access to the tools-friendly plain text interface that is described in this document, and to the "Server Status" page.
- manager-jmx — Access to JMX proxy interface and to the "Server Status" page.
Solution 2
Though the answer is already the correct answer, I think maybe someone will be confused about the usage of "manager-script".
The "manager-script" is for accessing the Tomcat Manager API without using Web pages.
For instance, the command below is for requesting undeploy function instead of clicking the undeploy button on Tomcat Manager web app.
curl http://localhost:8080/manager/text/undeploy?path=/app_name
Umair Ayub
** I am currently looking for a Software Engineer opportunity outside Pakistan, preferably Europe ** I am a full time freelancer and I develop Web Scraping applications. You can contact me on iamumairayub AT gmail DOT com if you need my services.
Updated on July 09, 2022Comments
-
Umair Ayub almost 2 years
I am having error 403 access denied on tomcat 7.0.42 while accessing Tomcat Manager App.
This is what I have in tomcat-user.xml file. I have tried changing roles over and over but did not work.
Note: - I start/stop tomcat from NetBeans 7.3.1
<?xml version="1.0" encoding="UTF-8"?> <tomcat-users> <role rolename="manager-script"/> <user username="admin" password="admin" roles="manager-script" /> </tomcat-users>
-
jbarrameda almost 8 yearsYou can have all the roles in the same user. From http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html: If you use web browser to access the Manager application using a user that has either manager-script or manager-jmx roles (for example for testing the plain text or JMX interfaces), you MUST close all windows of the browser afterwards to terminate the session.... It is recommended to never grant the manager-script or manager-jmx roles to users that have the manager-gui role.
-
jpfreire over 7 yearsto me (using eclipse) did not work. tomcat pisses me off >:(
-
Piotr P. Karwasz about 3 yearsThe
manager-status
role is useless in the provided example, since it is implied by any of the remaining roles (cf. application descriptor). -
Piotr P. Karwasz about 3 yearsThe accepted answer does not actually add the
tomcat
user to themanager-script
role,