I have set up tomcat 8 according to this, and I have the following tomcat-users.xml file:
fade's answer worked for me. I moved from 8.0.30 to 8.5.5 and the difference was the valve in <8.0.30>/manager/META-INF/context.xml was already commented out from the tar file but was uncommented in 8.5.5 tar.
I failed to read this important message in the 403 response:
By default the Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Manager's context.xml file.
And failed to read this too:
Since r1734267 a RemoteAddrValve.is configured by default in Manager and HostManager web applications. This feature is present in 9.0.0.M4 and 8.5.0 onwards.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59672
This may be work.
Find the CATALINA_HOME/webapps/manager/META-INF/context.xml
file and add the comment markers around the Valve.
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
You can find more details at this page.
I foolishly uncommented the default config, which has passwords like "". Tomcat fails to parse this file (becayse of the "<"), and then whatever other config you add won't work-
In my case it was the security constraints defined in web.xml. Make sure they have the same roles you use in your tomcat-users.xml
file.
For example, this is one of the out-of-the-box tags and will work with the standard tomcat-users.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>HTML Manager interface (for humans)</web-resource-name>
<url-pattern>/html/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager-gui</role-name>
</auth-constraint>
</security-constraint>
In my case an admin had used a different role-name which prevented me from accessing the manager.
Useful link here: Access Tomcat Manager App from different host
From Tomcat version 8 onward's, manager/html url won't be accessible to anyone except localhost.
In order to access /manager/html url, you need to do below change in context.xml of manager app. 1. Go to /apache-tomcat-8.5.23/webapps/manager/META-INF location, then edit context.xml
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="^.*$" />
......
</Context>
I follwed the same tutorial but after some months I strangely got the error "403 Access Denied" while tryed to use Manager App. In this case I was using the ipaddress:8080 in the address bar and Tomcat Manager App didin't prompting for user/password. In case of localhost:8080 the error was "401", the dialogbox asking for username and password was displayed but the user not recognized.
I tried all the previous suggestions / solutions without lucky. The only way I found is been to repeat again the entire tutorial overwriting also the files. When finished, I found again the old deployed project into the webapps directory. Now Apache Tomcat/8.5.16 Manager App are working again. I do not know what happened I didn't understand also because I'm a newbie in Tomcat user