Recently i've installed an apache tomcat 8. my tomcat-users.xml contains this:
<tomcat-users>
<role rolename="admin-gui"/>
<user username="tomcat" password="pass1234" roles="admin-gui"/>
</tomcat-users>
I want to enable openning manager app and server status on this user too. can anyone help me on this ?
Adding multiple roles might be achieved by the following in tomcat-users XML file
<user username="craigmcc" password="secret" roles="standard,manager-script" />
The manager GUI is given access via the role "manager-gui". The server status is given via role "manager-script".
But the manager-script role is not provided with CSRF. Hence, it is not advisable to have one user with both GUI and SCRIPT roles.
In your Tomcat- check the error pages for 403. It has most of the details that i provided above.
NOTE: This is in reference to Tomcat 7.