What is Tomcat default administrator password ?
Is there or what is the default administrator user and password for Tomcat?
Tested :
- Tomcat 8.0.30
- Tomcat 7.0.67
- Tomcat 6.0.44
Article update history
- Updated 03/02/2016 : Add support for Tomcat 7 and 8.
- Updated 08/04/2011 : Update article.
1. Tomcat 7 and Tomcat 8
Tomcat users are defined in the file – $TOMCAT_HOME/conf/tomcat-users.xml
, by default, there is NO user, it means no one can access the Tomcat manager page.
To enable users to access the Tomcat manager page, add a user as the role manager-gui
.
$TOMCAT_HOME/conf/tomcat-users.xml (Original)
<tomcat-users>
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>
$TOMCAT_HOME/conf/tomcat-users.xml (Updated)
<tomcat-users>
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
<role rolename="manager-gui"/>
<user username="admin" password="admin" roles="manager-gui"/>
</tomcat-users>
Saved it and restart Tomcat, now you should able to access the default manager page (http://localhost:8080/manager) with user = “admin” and password = “admin”
Note
Please refer to this official Tomcat Manager App HOW-TO
Please refer to this official Tomcat Manager App HOW-TO
2. Tomcat 6
For Tomcat 6, add a user as the role manager
$TOMCAT_HOME/conf/tomcat-users.xml (Updated)
<tomcat-users>
<role rolename="manager"/>
<user username="admin" password="admin" roles="manager"/>
</tomcat-users>
Note
This “manager” role is deprecated, and removed since Tomcat 7.
This “manager” role is deprecated, and removed since Tomcat 7.
mkyong thanx for a wonderful help, here is the one i tried.
Open in notepad, and just erase everything you have in tomcat-users.xml file and paste these lines.
hope it will work 🙂
It worked!
It worked
robert thank you, finally this worked for me.
this helped me, thanks.
it worked for me,thanks
thanku very much
thank you
Thanks it helped 🙂
As after above code I was still note able to get my Application Manager/ App manager Then Change the role
so, can also set this code as (this below code worked for me)
manager-gui — Access to the HTML interface.
manager-status — Access to the “Server Status” page only.
manager-script — Access to the tools-friendly plain text interface that is described in this document, and to the “Server Status” page.
manager-jmx — Access to JMX proxy interface and to the “Server Status” page.
Thanks, fixed and updated.
Thanks!
thanks for the info
this helped me thanks a lot
Hello, I’m using tomcat 7 can anybody tell will it for work if I use the above method if not then what I can do to gain access as in the NOTE box it’s mentioned that manager role is deprecated.
i installed tomcat .when i open the tomcat-users.xml in command prompt i entered role rolename =”manager-gui” and below lines as you mentioned .then i saved file and closed it . when i go to manager webapp in browser it ask password and username , i entered the both by tomcat-users.xml file.but it doesn’t go to manager app , i get asked to enter password and username again and again
what a simple and nice tutorial
Do we need to restart tomcat to have it read the config file?
sudo service tomcat8 restart
ThnQQQ
If you are trying to edit the xml content and it says you don’t have access because you aren’t and administrator, try opening the tomcat-users.xml like usual except run your text editor as an administrator
thanks
When i save then is give a message Access denied means unable to save……what to do tell me
hmm not posting
role rolename=”manager-gui”
role rolename=”admin-gui”
user username=”admin” password=”admin” roles=”admin-gui, manager-gui”
Hi
still struggling with it. spend few days on internet but still no luck
is there a way to troubleshoot?
my OS
Windows
my Tomcat is:
Apache Tomcat/8.0.14
my tomcat-users.xml:
in my context.xml locking to local host is commented out
in my server.xml following uncommented
<Resource name="UserDatabase" auth="Container"
.
and
<Realm className="org.apache.catalina.realm.LockOutRealm"
.
by one of suggestions created
D:Tomcat80_4confCatalinalocalhostmanager.xml
still getting 401
appreciate any suggestion
Regards
missed to post users xml
MIchisimas gracias
Thanks a lot!!!!!!
Hi !. I am writing you from Córdoba, Argentina. I am placing the same Xml Content in the tomcat-users file and I am still being rejected and get a 401 invalid credentials or unauthorized… I am under tomcat 7… Is there any other thing to configure in order to get into the manager console and deploy an app ?.
Thankx
Did you restart the server after adding the new users?
add a role manager-gui to the list.
I installed tomcat in my Virtual Private Server in godaddy. Now I tried to access to Tomcat Host Manager using url: http://myServerIP:8080
But I dont know the username and password for the same. How to get the username and password to login to host manager? Is there any default password.? Please help. I’m in real trouble.
As you said I added few users that’s working fine but up to how many maximum users i can add for tomcat manager to log in.
<!–
–>
note:replace the entire text except this (note) USERNAME:tomcat PASSWORD:s3cret
Hi,
My name is Skender Kollcaku.
here is the xml I saved with the Vi editor under Debian:
<!–
–>
Hope it helps you!
Sk
it worked – Thanks . the key is will not work – will work
this worked for me too
it work… thanks so mch,,,,,,
It works, thanks!
Thank you Mkyong!
Thank You mkyong.
thinks a lot for all your tips, but i still have a problem
———————————————————-
403 Access Denied
You are not authorized to view this page.
If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction’s HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.
If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
when i am updating xml file. it show an error message, telling that access to tomcat-user.xml was denied. pls tell, why it is happening?
Did you use sudo to edit the file?