Problem with "tomcat-user.xml"

[Stefan Ram]

I have recently installed »Apache Tomcat Version 6.0.18«,
and I have no experience with Tomcat yet.

The server runs, and I also can run the example servlets.

I have added a user to »tomcat-users.xml« as follows:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="TomcatAdmin" password="tcpass" roles="admin,manager"/>
</tomcat-users>

When I try to log in via a web client to access parts of the
site that require a certain role, the password is accepted.
Then, I get a »401« status code, complaining that this user
has insufficient rights to access this page.

Maybe now you think that you know how to solve this problem
and might be inclined to tell me to add two role elements.
But this is were my problem starts. Whenever I add two role
elements as follows, the password will not be accepted anymore:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="TomcatAdmin" password="tcpass" roles="admin,manager"/>
</tomcat-users>

I removed the two lines, and I can log in again, but lack
the rights, I add the two lines, and I cannot log in anymore
with the given password. I repeated this test several times
and never changed anything else except adding or removing the
two role elements.

 

[John B. Matthews]

I have recently installed »Apache Tomcat Version 6.0.18«,
and I have no experience with Tomcat yet.

The server runs, and I also can run the example servlets.

I have added a user to »tomcat-users.xml« as follows:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="TomcatAdmin" password="tcpass" roles="admin,manager"/>
</tomcat-users>

When I try to log in via a web client to access parts of the
site that require a certain role, the password is accepted.
Then, I get a »401« status code, complaining that this user
has insufficient rights to access this page.

Maybe now you think that you know how to solve this problem
and might be inclined to tell me to add two role elements.
But this is were my problem starts. Whenever I add two role
elements as follows, the password will not be accepted anymore:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="TomcatAdmin" password="tcpass" roles="admin,manager"/>
</tomcat-users>

I removed the two lines, and I can log in again, but lack
the rights, I add the two lines, and I cannot log in anymore
with the given password. I repeated this test several times
and never changed anything else except adding or removing the
two role elements.

I did a clean install of apache-tomcat-6.0.18.tar.gz and started with
this conf/tomcat-users.xml:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<user username="tomcat" password="tomcat" roles="admin,manager"/>
</tomcat-users>

On startup, tomcat changed it to

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="tomcat" password="tomcat" roles="admin,manager"/>
</tomcat-users>

I was able to login to the manager webapp

<http://localhost:8080/manager/html>

and reload a modified example:

<http://localhost:8080/examples/servlets/servlet/HelloWorldExample>

$ curl http://localhost:8080/examples/servlets/servlet/HelloWorldExample
....
<title>Hello World!1234540352338</title>
....

[I see UNIX time will reach 1234567890 today:
<http://tech.slashdot.org/article.pl?sid=09/02/08/2043206>]

 

[Stefan Ram]

I did a clean install of apache-tomcat-6.0.18.tar.gz and started with
this conf/tomcat-users.xml:

Thanks for your efforts!

I just did several more test, inspired by your comments.
More than a dozen times, I tried several examples of what
one might write into this file.

Eventually, I had the idea to try d to save the XML file from
within my Windows text editor with the setting for »UNIX« file
format (i.e., »UNIX« line endings«). The problem persisted.
Then I restarted Tomcat, and for the first time, I saw the
application manager in my web browser.

I saved:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager" />
<user username="a" password="b" roles="manager" />
</tomcat-users>

On restart, Tomcat rewrote this to:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<user username="a" password="b" roles="manager"/>
</tomcat-users>

(I.e., Tomcat just removed two spaces in front of slashes.)

In this file, line endings are marked with 0D 0A (hex),
IIRC, this /is/ the DOS/Windows convention and was also
used before.

Next, I changed this to:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="aa" password="bb" roles="admin,manager"/>
</tomcat-users>

I restarted Tomcat, and it did not even ask for a password.

I terminated Tomcat, I deleteed all Cookies of my web browser,
I terminated my browser, I restarted Tomcat, I restarted my
browser, I tried to access the Application Manager, Tomcat
asked for username and password, I provided both and was
granted access.

So, now everything works fine, while I am still not sure about
the cause of the previous problem. While it is true that
things start to work the moment I set my editor to save using
»UNIX« file format and restarted Tomcat (which I did several
times before), this had no visible effect on the file in a
binary file editor, and so I do not know, why it is working,
now. Thanks, again.

 

[John B. Matthews]

Then I restarted Tomcat, and for the first time, I saw the
application manager in my web browser.

Excellent! It is immensely convenient to be able to reload an
application from the manager, without having to bounce the server.

[...]

(I.e., Tomcat just removed two spaces in front of slashes.)

Indeed, I was surprised when my editor warned me that the file had
changed.

In this file, line endings are marked with 0D 0A (hex), IIRC,
this /is/ the DOS/Windows convention and was also used before.

I see the distribution file has UNIX line endings (LF). I changed
to DOS line endings (CRLF), but I could not reproduce the anomaly.

I terminated Tomcat, I deleteed all Cookies of my web browser,
I terminated my browser, I restarted Tomcat, I restarted my
browser, I tried to access the Application Manager, Tomcat
asked for username and password, I provided both and was
granted access.

I was surprised by the cookies. Apparently, one must set cookies to
false explicitly in order to get URL rewriting for sessions:

<http://tomcat.apache.org/tomcat-6.0-doc/config/context.html>

 

[Mike Schilling]

So, now everything works fine, while I am still not sure about
the cause of the previous problem. While it is true that
things start to work the moment I set my editor to save using
»UNIX« file format and restarted Tomcat (which I did several
times before), this had no visible effect on the file in a
binary file editor, and so I do not know, why it is working,
now.

Since XML is, by definiton agnostic to line endings (both LF and CRLF
are supposed to be turned into plain LF by XML parsers), I hope that
wasn't the problem.