tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mirek.Su...@intax.cz
Subject Re: admin user/password
Date Wed, 25 Oct 2000 08:24:29 GMT

Hi Mike,

I had (under Tomcat 3.2 beta 3, Tomcat 3.2 beta 5 and Tomcat 3.2 beta 6)
the same problem with contextAdmin.html as you. There are in fact two
problems: problem of security (= problem with calling contextAdmin.html)
and problem of java.lang.NullPointerException (when you want to see
contexts from contextAdmin.html and so on).

I found different solutions of these problems.

There are 3 "players" in the "game":

1) file conf/server.xml;
2) file webapps/admin/WEB-INF/web.xml;
3) file conf/tomcat-users.xml.

What must you do with file server.xml?
*************************************

You will find context definition for path="/admin" and then you MUST change
trusted attribute from trusted="false" to trusted="true".

What can you do with file web.xml?
*********************************

You CAN do one of three alternatives:

A) to let web.xml without any change;
B) to modify web.xml:
      to delete <security-constraint>...</security-constraint> and
                <login-config>...</login-config> inside web.xml,
      so at web.xml will then remain only 4 lines:
      <?xml ... ?>
      <!DOCTYPE ... >
      <web-app>
      </web-app>
C) to delete (or rename) web.xml.

What can you do with file tomcat-users.xml?
******************************************

You CAN do one of two alternatives:

X) to let tomcat-users.xml without any change;
Y) to change tomcat-users.xml:
   here you have two subalternatives:
   Y1) to include new user-line with role="admin"
       into <tomcat-users> block, for example:
       <user name="mike" password="tinnes" roles="admin" />
   Y2) to include new role into user "tomcat"
       <user name="tomcat" password="tomcat" roles="tomcat,admin" />

And why? Because at web.xml is line <role-name>admin</role-name> (if you
have not deleted (renamed) or modified file web.xml).

But now, I will not difference between alternatives Y1 and Y2, it will be
alternative Y.

What are the correct combinations of these actions?
**************************************************

I suppose, that you have correct server.xml. Then you have 5 correct
combinations betwen actions for web.xml and tomcat-users.xml.

And now, what happens when you call
http://localhost:8080/admin/contextAdmin/contextAdmin.html ??

It depends on these combinations:
--------------------------------

Combination: ==> behavior:

  A + Y      ==> displays security window, you fill in and then
                 displays contexAdmin.html and it works correctly;
  B + X      ==> displays contexAdmin.html and it works correctly;
  B + Y      ==> displays contexAdmin.html and it works correctly;
  C + X      ==> displays contexAdmin.html and it works correctly;
  C + Y      ==> displays contexAdmin.html and it works correctly.

I hope it help you.

     Mirek Subrt



                                                                                  
                    "Mike Tinnes"                                                 
                    <tinnes@eclipti        To:                                    
                    ctech.com>             <tomcat-user@jakarta.apache.org>     
 
                                           cc:                                    
                    24.10.2000             Subject:     admin user/password       
                    20:32                                                         
                    Please respond                                                
                    to tomcat-user                                                
                                                                                  
                                                                                  





Hello,
How do I determine/change/etc. the username and password for the /admin
security context? I've tried the username/passwords from the
tomcat-users.xml file, but these must relate to something else.

Thanks, Mike





Mime
View raw message