Search code examples
dockertomcat9tomcat-manager

Tomcat 9 Manager, Docker, and the inability to get passed the login

So I've been having this issue where I cannot get passed the login page of the Tomcat Manager. It seems like others have had this issue too, but none of their solutions have seemed to help me in this case. Here are the files I've changed, and used to help me on this frustrating journey of a seemingly trivial problem. Maybe I just need a fresh pair of eyes.

My problem thus far has been the login will not take my credentials I give them and manager keeps giving me the basic auth login until I cancel and it will send me to the 401 page. My solution I've found is to remove security from the web.xml in the manager/WEB-INF but that isn't exactly a secure nor good thing to do. Any ideas are appreciated!

tomcat-users.xml:

<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="admin"/>
<role rolename="admin-gui"/>
<user username="tomcat" password="tomcat" roles="admin, manager-gui, manager-status, admin-gui"/>
</tomcat-users>

webapps/manager/META-INF/context.xml:

<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
       allow="\d+\.\d+\.\d+\.\d+" />
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

conf/{engine}/{host}/manager.xml:

<Context privileged="true" antiResourceLocking="false"
     docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
       allow="^.*$" />
</Context>

This all runs inside a docker image. When I bash inside all of the needed files are there. Is there some configuration I've missed, something I need to remove? I have tried commenting out the Valve in /manager/META-INF/context.xml but also no luck. Thanks for looking!

Solution

  • Yup, I was right. I was missing the hook for tomcat-users.xml in the server.xml called a Realm.

    You can add it either in the Engine or Host element like so: 

            <Engine>
            <!-- THIS GUY --> 
           <Realm className="org.apache.catalina.realm.MemoryRealm" />
                <Host ...>
                <!-- OR ADD IT HERE  DONT DO BOTH--> 
                    <Realm className="org.apache.catalina.realm.MemoryRealm" />
                    ...
                </Host>
            </Engine>

Hopefully some poor soul stumbles upon this and it helps.