Access Tomcat Manager App from different host

Question

I have installed tomcat 9 on a remote sever and after starting it  it was brought up fine  I can access http   host name port num and see tomcat hello page  But when I try to open manager app to see my deployed apps  I get 403 access denied  I already add roles in tomcat user xml as following    lt role rolename  manager   gt   lt role rolename  manager-gui   gt   lt role rolename  admin   gt   lt user username  user  password  password  roles  admin manager manager-gui   gt    The error messages I saw is   By default the Host Manager is only accessible from a browser running on the same machine as Tomcat  If you wish to modify this restriction  you ll need to edit the Host Manager s context xml file   How should I change context xml file and get access to manager app

User · Answer

Following two configuration is working for me   1  tomcat-users xml details --------------------------------    lt role rolename  manager-gui   gt     lt role rolename  manager-script   gt     lt role rolename  manager-jmx   gt     lt role rolename  manager-status   gt     lt role rolename  admin-gui   gt     lt role rolename  admin-script   gt     lt role rolename  tomcat   gt       lt user  username  tomcat   password  tomcat  roles  tomcat   gt      lt user  username  admin   password  admin  roles  admin-gui   gt      lt user  username  adminscript   password  adminscrip  roles  admin-script   gt      lt user  username  tomcat   password  s3cret  roles  manager-gui   gt     lt user  username  status   password  status  roles  manager-status   gt      lt user  username  both     password  both    roles  manager-gui manager-status   gt      lt user  username  script   password  script  roles  manager-script   gt     lt user  username  jmx      password  jmx     roles  manager-jmx   gt   2  context xml  of  lt tomcat gt  webapps manager META-INF context xml and   lt tomcat gt  webapps host-manager META-INF context xml ------------------------------------------------------------------------  lt Context antiResourceLocking  false  privileged  true   gt      lt Valve className  org apache catalina valves RemoteAddrValve           allow        gt     lt Manager sessionAttributeValueClassNameFilter  java  lang     Boolean Integer Long Number String  org  apache  catalina  filters  CsrfPreventionFilter  LruCache     1   java  util     Linked  HashMap   gt

User · Answer

To access the tomcat manager from different machine you have to follow bellow steps  1  Update conf tomcat-users xml file with user and some roles   lt role rolename  quot manager-gui quot   gt    lt role rolename  quot manager-script quot   gt    lt role rolename  quot manager-jmx quot   gt    lt role rolename  quot manager-status quot   gt    lt user username  quot admin quot  password  quot admin quot  roles  quot manager-gui manager-script manager-jmx manager-status quot   gt   Here admin user is assigning roles  quot manager-gui manager-script manager-jmx manager-status quot   Here tomcat user and password is   admin 2  Update webapps manager META-INF context xml file  Allowing IP address   Default configuration   lt Context antiResourceLocking  quot false quot  privileged  quot true quot   gt        lt Valve className  quot org apache catalina valves RemoteAddrValve quot           allow  quot 127   d    d    d    1 0 0 0 0 0 0 0 1 quot    gt        lt Manager sessionAttributeValueClassNameFilter  quot java  lang     Boolean Integer Long Number String  org  apache  catalina  filters  CsrfPreventionFilter  LruCache     1   java  util     Linked  HashMap quot   gt   lt  Context gt   Here in Valve it is allowing only local machine IP start with 127  d   d   d    2 a   Allow specefic IP   lt Valve className  quot org apache catalina valves RemoteAddrValve quot           allow  quot 127   d    d    d    1 0 0 0 0 0 0 0 1 YOUR IP ADDRESS HERE quot    gt   Here you just replace  YOUR IP ADDRESS HERE with your IP address 2 b   Allow all IP   lt Valve className  quot org apache catalina valves RemoteAddrValve quot           allow  quot    quot    gt   Here using allow  quot    quot  you are allowing all IP  Thanks

User · Answer

For Tomcat v8 5 4 and above  the file  lt tomcat gt  webapps manager META-INF context xml has been adjusted    lt Context antiResourceLocking  false  privileged  true   gt       lt Valve className  org apache catalina valves RemoteAddrValve           allow  127   d    d    d    1 0 0 0 0 0 0 0 1    gt   lt  Context gt    Change this file to comment the Valve    lt Context antiResourceLocking  false  privileged  true   gt       lt  --      lt Valve className  org apache catalina valves RemoteAddrValve           allow  127   d    d    d    1 0 0 0 0 0 0 0 1    gt      -- gt   lt  Context gt    After that  refresh your browser  not need to restart Tomcat   you can see the manager page

User · Answer

Each deployed webapp has a context xml file that lives in  CATALINA BASE conf  enginename   hostname    conf Catalina localhost by default   and has the same name as the webapp  manager xml in this case    If no file is present  default values are used  So  you need to create a file conf Catalina localhost manager xml and specify the rule you want to allow remote access   For example  the following content of manager xml will allow access from all machines   lt Context privileged  quot true quot  antiResourceLocking  quot false quot            docBase  quot   catalina home  webapps manager quot  gt       lt Valve className  quot org apache catalina valves RemoteAddrValve quot  allow  quot  YOUR IP ADDRESS HERE  quot    gt   lt  Context gt   Note that the allow attribute of the Valve element is a regular expression that matches the IP address of the connecting host    So substitute your IP address for YOUR IP ADDRESS HERE  or some other useful expression   Other Valve classes cater for other rules  e g  RemoteHostValve for matching host names    Earlier versions of Tomcat use a valve class org apache catalina valves RemoteIpValve for IP address matching  Once the changes above have been made  you should be presented with an authentication dialog when accessing the manager URL   If you enter the details you have supplied in tomcat-users xml you should have access to the Manager

[tomcat] Access Tomcat Manager App from different host

Examples related to tomcat