tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Tinnes" <>
Subject RE: admin user/password
Date Tue, 24 Oct 2000 22:49:41 GMT

Thanks for the reply, but it's still not cooperating.. I've added 'tomcat'
to the web.xml with..


but the login still fails after 3 attempts. I don't have to change the realm
do I?

-----Original Message-----
From: Joe Emenaker []
Sent: Tuesday, October 24, 2000 5:05 PM
Subject: Re: admin user/password

> Hello,
> How do I determine/change/etc. the username and password for the /admin
> security context? I've tried the username/passwords from the
> tomcat-users.xml file, but these must relate to something else.

I don't know why nobody talks about this. I've seen numerous postings from
people trying to find out the name/password and all of the posts go,
curiously, unanswered.

Since I haven't yet been brought into the conspiracy of silence on this
matter, I'll tell you what I've found out so far.

Your tomcat-users.xml file seems to define the users that tomcat will know
*how* to authenticate. It also defines the "roles" that they're allowed to
participate in. The stock file, I believe, comes with three users ("tomcat",
"role1", and "both") and two roles ("tomcat" and "role1").

Then, in your web.xml in your admin directory, you should find a section
called "auth-constraint". This lists the roles that are allowed to use that
webapp. In my stock tomcat installation, the only role listed was "admin", a
role that WASN'T EVEN LISTED in tomcat-users.xml.

So, it would seem that there's no way to get into the admin webapp in the
default installation.

What bugs me is that, if you enter a valid username/password combination,
tomcat gives no indication that they're valid... it behaves as though the
name/password are invalid. I would have expected that it would come up with
a page that said that I didn't have the appropriate rights for that webapp
or something. Oh well....

Anyway, what I ended up doing to get it to work was to add a
<role-name>tomcat</role-name> in the auth-constraint section of the admin
web.xml. Then, I was able to log in as "tomcat"/"tomcat".

Now, lets see if you can help ME. When I go into the contextAdmin servlet
and click on "View All Contexts", I get:

        at ContextAdmin.init(

What do you get?

- Joe

View raw message