403 Access Denied on Tomcat 8 Manager App without prompting for user/password

Question

I have set up tomcat 8 according to this, and I have the following tomcat-users.xml file:

Answer 1

1. Go and Check if a user is created or not if no please create a user by opening a file in /apache-tomcat-9.0.20/tomcat-users.xml add a line into it

   <user username="tomcat" password="tomcat" roles="admin-gui,manager-gui,manager-script" />

2. Goto /apache-tomcat-9.0.20/webapps/manager/META-INF/ open context.xml comment everything in context tag example:

<Context antiResourceLocking="false" privileged="true" >
     <!--Valve className="org.apache.catalina.valves.RemoteAddrValve"
            allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /-->
   </Context>

Answer 2

---

Correct answer can be found here

---

Looks like this issue can be reproduced while folowing mentioned tutorial on unix machines. Also noticed that author uses TC 8.0.33
Win (and OSX) do not have such issue, at least on my env:

Server version:        Apache Tomcat/8.5.4
Server built:          Jul 6 2016 08:43:30 UTC
Server number:         8.5.4.0
OS Name:               Windows 8.1
OS Version:            6.3
Architecture:          amd64
Java Home:             C:\TOOLS\jdk1.8.0_101\jre
JVM Version:           1.8.0_101-b13
JVM Vendor:            Oracle Corporation
CATALINA_BASE:         C:\TOOLS\tomcat\apache-tomcat-8.5.4
CATALINA_HOME:         C:\TOOLS\tomcat\apache-tomcat-8.5.4

After tomcat-users.xml is modified by adding role and user Tomcat Web Application Manager can be accessed on Tomcat/8.5.4.

Answer 3

The correct answer is as @JaKu pointed out. Tomcat is confining the access to localhost to make it secure. This is as it should be. Port forwarding to tomcat is the correct thing to do, preferably under something secure like SSH.

Answer 4

I was having same problem while installing tomcat in docker. I have solved by adding "^.*$" instead of "127.\d+.\d+.\d+|::1|0:0:0:0:0:0:0:1|123.123.123.123"

Restart the tomcat.