What is Tomcat default administrator password ?

Problem

Is there or what is the default administrator user and password for Tomcat?

Solution

By default, Tomcat does not enable admin or manager access. To enable it, you have to edit the “%TOMCAT_FOLDER%/conf/tomcat-users.xml” manually.

File : tomcat-users.xml (before update) , initially, Tomcat comments all users and roles like above.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>

File : tomcat-users.xml (after updated)

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="admin,manager"/>
</tomcat-users>

To enable admin access, just update the content like above. Saved it and restart Tomcat, now you can access Tomcat admin or manger pages with user = “admin” and password = “admin“.

Tags : tomcat

mkyong

Founder of Mkyong.com, love Java and open source stuffs. Follow him on Twitter, or befriend him on Facebook or Google Plus.

Here are some of my recommended Books

Head First Java

Design Pattern

Effective Java

Spring Recipes

JavaScript Ninja

Popular Posts

<?xml version='1.0' encoding='cp1252'?> <tomcat-users> <role rolename="manager-gui"/> <user username="tomcat" password="s3cret" roles="manager-gui"/> </tomcat-users>

<tomcat-users> <role rolename="manager-gui"/> <user username="admin" password="" roles="manager-gui"/> <role rolename="admin-gui"/> <user username="tomcat" password="s3cret" roles="admin-gui"/> </tomcat-users>

Ali June 11, 2013 at 5:24 pm

Thank You mkyong.
mehdi June 5, 2013 at 3:02 am

thinks a lot for all your tips, but i still have a problem
———————————————————-

403 Access Denied

You are not authorized to view this page.

If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction’s HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.

If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
yatin thakur May 9, 2013 at 2:14 pm

Thanks a lot for posting such nice information ! it really helping alot peoples !
manuxx May 2, 2013 at 9:32 am

Thanks a lot!
anthony April 8, 2013 at 6:16 pm

It’s nearly impossible to find educated people for this topic, however, you seem like you know what you’re talking about!
Thanks

robert April 6, 2013 at 4:20 pm

mkyong thanx for a wonderful help, here is the one i tried.

Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

&lt;?xml version='1.0' encoding='cp1252'?&gt;
&lt;tomcat-users&gt;
  &lt;role rolename=&quot;manager-gui&quot;/&gt;
  &lt;user username=&quot;tomcat&quot; password=&quot;s3cret&quot; roles=&quot;manager-gui&quot;/&gt;
&lt;/tomcat-users&gt;

hope it will work :)

robert April 6, 2013 at 4:11 pm

here are the lines. something went wrong earlier.

Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

hope it will work :)
robert April 6, 2013 at 4:03 pm

mkyong thanx for a wonderful help, here is the one i tried.

Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

save the file, restart it, i hope it will work :)
yashan April 5, 2013 at 3:32 pm

user is tomcat
password is password
this line xml comments sometime your command chainging a cmment using good for programer notepad is good one or other highlighters not using a word or notepad
ravi March 23, 2013 at 7:13 pm

thanks a lot…. :)
swati February 24, 2013 at 6:20 pm

Thank u so much….
han December 20, 2012 at 10:44 am

how to activating/login tomcat6 using ssh ?

if i try to login “ssh tomcat6@localhost”, the sys asking password, but i don’t know what the default password. if that must be set, please help to set the password.

i’am use Ubuntu Desktop 12.04
Younes November 23, 2012 at 6:27 am

Thanks, works best :-)
ayubdesai@gmail.com September 29, 2012 at 12:51 am

its not working on my PC
- Irshad October 10, 2012 at 2:57 am
  tomcat 7 username and password :
  
  C:\Tomcat 7.0\conf open in notepad => “tomcat-users.xml”
  
  Add following lines in above file :-
  <tomcat-users> <role rolename="manager-gui"/> <user username="admin" password="" roles="manager-gui"/> <role rolename="admin-gui"/> <user username="tomcat" password="s3cret" roles="admin-gui"/> </tomcat-users>
  **Note :
  
  “admin-gui” -> Username & Password – Do not Change.
  “manager-gui” -> you can change user name & password for this only. [Here password is not given]
  - White_King November 15, 2012 at 2:52 am
    
    not working at all!
  - LaRRy March 28, 2013 at 7:18 pm
    
    Thanx =)
Nigel September 18, 2012 at 7:42 pm

Hi,
When I tried to edit the tomcat-users.xml file and save, it is showing a warning that “Access is denied” or “Please check whether if this file is opened in another program”

Why is this happening?
- Pavan Devarakonda September 21, 2012 at 8:43 pm
  You can issue the
```
ls -l
```
  command. Check the file permissions in the first column in the list. if it is have edit access then you can edit it otherwise use
  chmod 777 tomcat-users.xml
  .
sam August 23, 2012 at 3:42 am

thanks a lot…
Bravo August 20, 2012 at 7:52 pm

Thank You Very Much, it works for CentOS6
piyush May 4, 2012 at 2:36 am

hi ,

i am following the steps “http://craeser.wordpress.com/2010/07/21/java-tomcat-security-protected-example/#comment-418″. But value is not picking from tomcat-user.xml file.
Matthew March 5, 2012 at 5:11 pm

Hi, nice tip for accessing the Status and Tomcat Manager pages though I am having the same problem when I try to access the Status or Tomcat Manager pages;

HTTP Status 403 – Access to the requested resource has been denied

I have the role set as admin and manager I am flat out of ideas any help would be wonderful, thanks :)
- Matthew March 5, 2012 at 5:23 pm
  
  Problem solved, use..
  
  manager-gui – Allows access to the html interface
  manager-script – Allows access to the plain text interface
  manager-jmx – Allows access to the JMX proxy interface
  manager-status – Allows access to the read-only status pages
  
  http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring%20Manager%20Application%20Access
  - Matthew March 9, 2012 at 5:53 pm
    
    Just type in, manager-gui do not put ‘– Allows access to the html interface’ in :)
bhe_ztack February 2, 2012 at 10:15 pm

thanks. this a tips…
proces sucses full.
George December 14, 2011 at 5:05 pm

Hello, I’ve modified the file as per your instructions but while it will accept the user and password when I enter the TomCat Manager it will give me

HTTP Status 403 – Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
- mkyong December 15, 2011 at 9:21 pm
  
  Which resource (URL) you try to access?
Pierre Thibault September 8, 2011 at 10:55 pm
I was unable to access the server status under Tomcat 7 with the configuration given in example. I had to add the “manager-gui” role to do so:
- Muthu Krishnan December 7, 2011 at 7:50 pm
  
  Thanks.. very useful Tip!!
Aditya G JAdhav June 30, 2011 at 4:30 pm

nice !!!

kick start 4 novice , without tedious documentation
/etc/tomcat6/tomcat-users.xml debian 6 and debian based OS. N freeBSD also :-)

become a server administrator keep going
gulshan April 17, 2011 at 2:29 pm

thanks a lot…..
MK March 8, 2011 at 8:16 am

Thank you vary much
this helped alot
this was very quick n to the point.
Iain February 11, 2010 at 7:45 pm

Yes, thank you very much. Was able to get the administration and manager functioning nicely after reading your short tutorial.
- mkyong February 12, 2010 at 8:10 am
  
  It’s great to know it’s helpful :)
Ittai October 2, 2009 at 11:14 am

Thank you, this helped me

What is Tomcat default administrator password ?

Problem

Solution

Popular Posts

What is your opinion?

Do you know the answer?

Problem

Solution

Related Posts

Popular Posts

What is your opinion?

Do you know the answer?