What is Tomcat default administrator password ?

Problem

Is there or what is the default administrator user and password for Tomcat?

Solution

By default, Tomcat does not enable admin or manager access. To enable it, you have to edit the “%TOMCAT_FOLDER%/conf/tomcat-users.xml” manually.

File : tomcat-users.xml (before update) , initially, Tomcat comments all users and roles like above.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>

File : tomcat-users.xml (after updated)

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="admin,manager"/>
</tomcat-users>

To enable admin access, just update the content like above. Saved it and restart Tomcat, now you can access Tomcat admin or manger pages with user = “admin” and password = “admin“.

Tags :

About the Author

mkyong
Founder of Mkyong.com and HostingCompass.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

  • Pingback: watch tv show episodes()

  • Pingback: Google()

  • Ali

    Thank You mkyong.

  • mehdi

    thinks a lot for all your tips, but i still have a problem
    ———————————————————-

    403 Access Denied

    You are not authorized to view this page.

    If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction’s HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.

    If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

    For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.

    • nadim

      when i am updating xml file. it show an error message, telling that access to tomcat-user.xml was denied. pls tell, why it is happening?

  • http://pro7hosting.com yatin thakur

    Thanks a lot for posting such nice information ! it really helping alot peoples !

  • manuxx

    Thanks a lot!

  • http://geosocial.herobo.com/index.php?do=/blog/8279/these-recommendations-will-let-you-spend-less-quickly/ anthony

    It’s nearly impossible to find educated people for this topic, however, you seem like you know what you’re talking about!
    Thanks

  • robert

    mkyong thanx for a wonderful help, here is the one i tried.

    Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

    &lt;?xml version='1.0' encoding='cp1252'?&gt;
    &lt;tomcat-users&gt;
      &lt;role rolename=&quot;manager-gui&quot;/&gt;
      &lt;user username=&quot;tomcat&quot; password=&quot;s3cret&quot; roles=&quot;manager-gui&quot;/&gt;
    &lt;/tomcat-users&gt;

    hope it will work :)

  • robert

    here are the lines. something went wrong earlier.

    Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

    hope it will work :)

  • robert

    mkyong thanx for a wonderful help, here is the one i tried.

    Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.

    save the file, restart it, i hope it will work :)

  • yashan

    user is tomcat
    password is password
    this line xml comments sometime your command chainging a cmment using good for programer notepad is good one or other highlighters not using a word or notepad

  • Pingback: Jak zwi?kszy? bezpiecze?stwo swojej webaplikacji – kilka prostych metod()

  • ravi

    thanks a lot…. :)

  • swati

    Thank u so much….

  • http://- han

    how to activating/login tomcat6 using ssh ?

    if i try to login “ssh tomcat6@localhost”, the sys asking password, but i don’t know what the default password. if that must be set, please help to set the password.

    i’am use Ubuntu Desktop 12.04

  • http://cyounes.com Younes

    Thanks, works best :-)

  • Pingback: Install Tomcat6 on Okeanos | Welcome()

  • http://[email protected] [email protected]

    its not working on my PC

    • Irshad

      tomcat 7 username and password :

      C:\Tomcat 7.0\conf open in notepad => “tomcat-users.xml”

      Add following lines in above file :-

      &lt;tomcat-users&gt;
           &lt;role rolename=&quot;manager-gui&quot;/&gt;
           &lt;user username=&quot;admin&quot; password=&quot;&quot; roles=&quot;manager-gui&quot;/&gt;
       
           &lt;role rolename=&quot;admin-gui&quot;/&gt;
           &lt;user username=&quot;tomcat&quot; password=&quot;s3cret&quot; roles=&quot;admin-gui&quot;/&gt;        
       &lt;/tomcat-users&gt;

      **Note :

      “admin-gui” -> Username & Password – Do not Change.
      “manager-gui” -> you can change user name & password for this only. [Here password is not given]

      • White_King

        not working at all!

      • LaRRy

        Thanx =)

  • Nigel

    Hi,
    When I tried to edit the tomcat-users.xml file and save, it is showing a warning that “Access is denied” or “Please check whether if this file is opened in another program”

    Why is this happening?

    • https://sites.google.com/site/weblogicadminsite/Home Pavan Devarakonda

      You can issue the

      ls -l

      command. Check the file permissions in the first column in the list. if it is have edit access then you can edit it otherwise use

       chmod 777 tomcat-users.xml

      .

  • sam

    thanks a lot…

  • Bravo

    Thank You Very Much, it works for CentOS6

  • piyush

    hi ,

    i am following the steps “http://craeser.wordpress.com/2010/07/21/java-tomcat-security-protected-example/#comment-418″. But value is not picking from tomcat-user.xml file.

  • Matthew

    Hi, nice tip for accessing the Status and Tomcat Manager pages though I am having the same problem when I try to access the Status or Tomcat Manager pages;

    HTTP Status 403 – Access to the requested resource has been denied

    I have the role set as admin and manager I am flat out of ideas any help would be wonderful, thanks :)

  • bhe_ztack

    thanks. this a tips…
    proces sucses full.

  • George

    Hello, I’ve modified the file as per your instructions but while it will accept the user and password when I enter the TomCat Manager it will give me

    HTTP Status 403 – Access to the requested resource has been denied

    type Status report

    message Access to the requested resource has been denied

    description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

    • http://www.mkyong.com mkyong

      Which resource (URL) you try to access?

  • http://pierrethibault.posterous.com/ Pierre Thibault

    I was unable to access the server status under Tomcat 7 with the configuration given in example. I had to add the “manager-gui” role to do so:

     
    • Muthu Krishnan

      Thanks.. very useful Tip!!

  • Pingback: Reiner Saddey’s Place » Mac OS X (Snow Leopard): 1-2-3 Minimal Tomcat Install for Developers()

  • Aditya G JAdhav

    nice !!!

    kick start 4 novice , without tedious documentation
    /etc/tomcat6/tomcat-users.xml debian 6 and debian based OS. N freeBSD also :-)

    become a server administrator keep going

  • gulshan

    thanks a lot…..

  • MK

    Thank you vary much
    this helped alot
    this was very quick n to the point.

  • Iain

    Yes, thank you very much. Was able to get the administration and manager functioning nicely after reading your short tutorial.

    • http://www.mkyong.com mkyong

      It’s great to know it’s helpful :)

  • Ittai

    Thank you, this helped me