Apache Tomcat/8.5.3 Manager App 403 error

Question

I have tomcat running on an ubuntu instance on aws and I can successfully get to the If you\'re seeing this, you\'ve successfully installed Tomcat. Congratulations!

Answer 1

I believe another way to resolve this is to edit the context.xml file that exists by default in the app:

$CATALINA_HOME/webapps/manager/META-INF/context.xml

Prior to Tomcat 8.5, the Valve here was commented out:

<Context antiResourceLocking="false" privileged="true" >
  <!--
    Remove the comment markers from around the Valve below to limit access to
    the manager application to clients connecting from localhost
  -->
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
</Context>

But it seems to be uncommented by default in 8.5. As noted in the 8.5x migration guide, https://tomcat.apache.org/migration-85.html#Migrating_from_8.0.x_to_8.5.x:

Migrating from 8.0.x to 8.5.x

This section lists all the known changes between 8.0.x and 8.5.x which may cause backwards compatibility problems when upgrading.

...

Web applications

The Manager and HostManager web applications are configured by default with a RemoteAddrValve that limits access to those applications to connections from localhost.

---

So, bottom line, I think you could adjust the context.xml in the app, or make a new manager.xml file and adjust that context element, as described above.

Answer 2

You need to create a context for the Manager App and allow access from Tomcat 8.5.x

Under your $CATALINA_BASE/conf/Catalina/localhost/ home create a file manager.xml

manager.xml content, note my source is 172.31.254.37 (my computer), change this to your source :

<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="172\.31\.254\.37" />
</Context>

Make sure your User/Roles are defined in $CATALINA_BASE/conf/tomcat-users.xml

<user username="tomcat" password="tomcat" roles="manager-gui,manager-status"/>

Kind Regards,

Jacques de Jager

Answer 3

This helped me to get it working. Tomcat manager never asking me ID/PASSWORD

You need to add the manager.xml to conf/Catalina/localhost

According to the documentation:

"A default Tomcat installation includes the Manager. To add an instance of the Manager web application Context to a new host install the manager.xml context configuration file in the $CATALINA_BASE/conf/[enginename]/[hostname] folder"

In my case for example, I have this path: /opt/tomcat/conf/Catalina/localhost

Example of manager.xml

<Context privileged="true" antiResourceLocking="false" docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" /></Context>