Monday, March 21, 2016

Tomcat Administrator Login and Password

Tomcat web server has several web applications bundled with it which supply nice GUI to perform administrative tasks. In order to access them you need to authenticate with login and password. Where to get them from?

Here is the solution which was tested with the following Tomcat versions:
  • apache-tomcat-6.0.45
  • apache-tomcat-7.0.68
  • apache-tomcat-8.0.32

Tomcat web server doesn't define any user by default. Hence nobody can access its administrative pages. In order to change this a user with an appropriate role should be created. Tomcat users are defined in the following file:
$CATALINA_HOME/conf/tomcat-users.xml
There are two important roles to remember:
  • manager-gui - grants access to the web application manager;
  • admin-gui - grants access to the virtual host manager.

So, in order to create a user who can access web application manager add the following lines to the tomcat-users.xml:
<tomcat-users>
  <user username="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
Similarly use the following lines to create a user for accessing virtual host manager:
<tomcat-users>
  <user username="admin" password="admin" roles="admin-gui"/>
</tomcat-users>
Finally you can combine two roles to create a user who can access both managers:
<tomcat-users>
  <user username="admin" password="admin" roles="manager-gui,admin-gui"/>
</tomcat-users>
Save the file, restart Tomcat and you're done.

No comments:

Post a Comment