1

I am trying to run Tomcat 9. I have configured it to run with SSL. So when I am accessing the tomcat URL with:

https://localhost:8443/manager/html

It works fine. But when I try to run it with my computer name I get the 403 error saying I should rectify my tomcat-users.xml. I have the XML fine setup just fine. But not sure what to do in this case. I have setup the hosts file with my computer name entry.

Is there any more setting that i need to do in order get it to work?

My users file has these entries:

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-script"/>
<role rolename="manager-status"/>

<user password="admin" roles="manager-gui,admin-gui" username="admin"/>

I have attached the error screen as well.

Tomcat error

hell_storm2004
  • 145
  • 2
  • 11
  • Possible duplicate of [Why can't I access Tomcat externally?](https://serverfault.com/questions/98436/why-cant-i-access-tomcat-externally) – Lenniey Sep 06 '19 at 13:04
  • I cant really say! I just tried the first two answers, but they didn't work. I am checking, if its a firewall issue. My McAfee firewall is disabled. But I will try to change it to the WebSphere port and see if it works, that one i am able to access with the computer name. – hell_storm2004 Sep 06 '19 at 13:17
  • You did change the IP binds to `0.0.0.0`, for example? This is almost always the error, please post your configs. – Lenniey Sep 06 '19 at 13:20
  • Yeah i did. Should i remove it? `` This is my connector in server.xml – hell_storm2004 Sep 06 '19 at 13:22
  • Also changing the port, didn't help. – hell_storm2004 Sep 06 '19 at 13:22
  • If you need any other configs, let me know. Although I don't have much change else where to be honest. – hell_storm2004 Sep 06 '19 at 13:29
  • Ah, sorry, you're talking about the manager gui. I'll add an answer. – Lenniey Sep 06 '19 at 13:36

1 Answers1

2

You need to allow access to the manager GUI explicitly for hosts other than localhost by changing the Valve in ../webapps/manager/META-INF/context.xml:

Original:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> 
</Context>

Either comment it out like this:

<Context antiResourceLocking="false" privileged="true" >
  <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" -->
         <!-- allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->
  <!-- <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> -->
</Context>

Or change the IP inside the Valve to the IP you need, or add it to the list.

Lenniey
  • 5,090
  • 2
  • 17
  • 28