tomcat 9 Host Manager 403 Access Denied

2
votes

I've setup tomcat 9 on a centos 7.2 server. The 'Server Status' and 'Manager App' buttons are working. But the 'Host Manager' button gives a 403 access denied when you click it.

I have this in my tomcat-users.xml:

<tomcat-users>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="my-admin" password="secret" roles="manager-gui,manager-status"/>
</tomcat-users>

And this is what I have in my manager context.xml file. In /usr/local/tomcat/webapps/manager/META-INF/context.xml I have:

<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
-->
</Context>

I commented out the IP restriction that says you can only access tomcat from the local IP (127.0.0.1).

I also tried disabling SELinux temporarily to see if that was the problem. But I still get the same result.

Why isn't this working? How can I correct that?

1
tomcat
Possible duplicate of 403 Access Denied on tomcat 9 to access host managerOlaf Kock
You've already asked exactly the same question here: stackoverflow.com/questions/45126840/…. Please delete this second question and rather edit the first when you have additional informationOlaf Kock
Ok, I deleted the duplicate post.bluethundr

1 Answers

1
votes

Change your tomcat/webapps/manager/META-INF/context.xml file like this: 

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
     allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|66.66.66.666" />

Where 66.66.66.666 is your remote IP address. For more details see the documentation - http://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Remote_Address_Valve