Tomcat manager app: not authorized to view page - Plesk

Jelly
January 13, 2020
189 views
2 votes
3 Answers

I try to deploy my app from Docker.
In Dockerfile:

  FROM tomcat:9-jre8-alpine
  ADD config/tomcat-users.xml  /usr/local/tomcat/conf/tomcat-users.xml
  ADD config/settings.xml /usr/local/tomcat/conf/settings.xml
  ADD config/context.xml /usr/local/tomcat/webapps/manager/META-INF/context.xml
  ADD target/author.war /usr/local/tomcat/webapps/ROOT.war
  EXPOSE 8080
  CMD ["catalina.sh","run"]

so, in tomcat-users.xml:

 <tomcat-users xmlns="http://tomcat.apache.org/xml"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd
http://tomcat.apache.org/xml "
          version="1.0">

<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>

in settings.xml:

    <servers>
          <server>
              <id>TomcatServer</id>
              <username>tomcat</username>
              <password>s3cret</password>
          </server>
      </servers>

and in context.xml:

<Context antiResourceLocking="false" privileged="true" >
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
     allow=".*" />
</Context>

But, trying to access Tomcat manager app remotely (domain in plesk), I have got:
“You are not authorized to view this page.By default the Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you’ll need to edit the Manager’s context.xml file….”

Additionally: for localhost-connection its work well! The problem in remote-connection

Answers

this worked for me:

1-get the image:

docker pull tomcat:9.0.46-jdk8-adoptopenjdk-openj9

2-create folder d:folder123

3-copy conftomcat-users.xml and webappsmanagerMETA-INFcontext.xml to d:folder123

4-add below to tomcat-users.xml

<role rolename="manager-gui" />
<role rolename="manager-script"/>
<user username="admin" password="admin" roles="manager-gui,manager-script" />

5-remove below from context.xml

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />

6-create Dockerfile in d:folder123 with this content

FROM tomcat:9.0.46-jdk8-adoptopenjdk-openj9
USER root
RUN mv /usr/local/tomcat/webapps/ /usr/local/tomcat/webapps2/
RUN mv /usr/local/tomcat/webapps.dist/ /usr/local/tomcat/webapps/
COPY tomcat-users.xml /usr/local/tomcat/conf/
COPY context.xml /usr/local/tomcat/webapps/manager/META-INF/
CMD ["catalina.sh","run"]

7-create new image named amirimage1

docker build -t amirimage1:1.0.0 "D:\folder123"

8-run image

docker run --name amirtomcatcontainer1 -p 8889:8080 amirimage1:1.0.0

- user1672382
- July 16, 2021 at 4:08 pm
- 0 votes
0
have you checked the valve value in manager.xml? there was another valve stanza with the IP restriction and I have disabled it. all worked then
/conf/Catalina/localhost/

Login or Signup to reply.

- charlyk
- January 30, 2023 at 10:36 pm
- 0 votes
0
It may be a bit late but I had the same problem. I solved it by editing the password of the user "robot" which says "must-be-changed" and not only the password of the "admin" user:

I’m using tomcat 10 with docker. I was using only the user "admin" and it’s a little weird that you need to change the password of the other user but in the other hand they say "must-be-changed".

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Tomcat manager app: not authorized to view page – Plesk

Answers