Comments:Tomcat Management: Setting up the Tomcat Manager Application

I set the context info on the $CATALINA_HOME/conf/context.xml to filter it by IP address but the problem is that it also restricted to our other COTS webapps. I copied exactly what you have to restrict access to manager and changed the docBase path but it blocked the main webapp too not just manager webapp. I tried restricting on the server/conf/Catalina/localhost/manager.xml and it worked fine and it only blocked access to the manager webapp. The context.xml file did have another context entry for all the webapps, therefor i copied the new entry to the end of the file but still didn't work. Could you let me know how to fix it or if there is any reference material on that. Thanks.

Sudeep, let me get back to you on this. Keep it as it is for the time-being if it is working while I try to figure out why it's working for me and not for you.

Hi Chris,

I am not able to start the manager application on Tomcat 6.0.24.
I get:
----------
2011-02-10 16:22:21,102 [main] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager] - Exception starting filter CSRF
java.lang.ClassNotFoundException: org.apache.catalina.filters.CsrfPreventionFilter
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:269)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:422)
at org.apache.catalina.core.ApplicationFilterConfig.(ApplicationFilterConfig.java:115)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3838)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4488)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:592)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
2011-02-10 16:22:21,104 [main] ERROR org.apache.catalina.core.StandardContext - Error filterStart
2011-02-10 16:22:21,104 [main] ERROR org.apache.catalina.core.StandardContext - Context [/manager] startup failed due to previous errors
--------------

Any ideas?

Thanks.

-Shanti

Shanti, it looks like you are using a version of tomcat that had the CSRF prevention filter back-ported into it. Tomcat 6.0.24 from the ASF doesn't have the CSRF prevention filter in it--the first version that has it is the 6.0.30 version (at least. according to the changelog).

The CSRF filter uses the newer tomcat 7 roles. Try switching your "manager" role to "manager-gui" in your tomcat-users.xml file. Looks like I need to update this article to account for tomcat 6.0.30 and higher and for those versions of tomcat using a back-ported CSRF filter.

I am getting the same error of Shanti,
S.O Ubuntu
Tomcat 6.0.20

I've tried switching "manager" role to "manager-gui" in tomcat-users.xml file, but it didn't work.

any other solutions??

Thanks in advance

Erlns, if I remember correctly, the problem Shanti had was not an issue with a backported CSRF filter, which tomcat doesn't appear to have in the 6.0 branch, but it was a problem with a tomcat 7 server.xml file from a previous upgrade/installation attempt that was not backed out when the 6.0 installation occurred.

Grab a 6.0.20 installation from a tomcat mirror near you, save a copy of your current file, replace your current server.xml with the 6.0.20 version, then re-incorporate your changes.

I have a unique problem:

One of my clients had a previous tech install tomcat7 to their environment, two instances separately named and path'd on the same server.
One instance has the manager webapp present; the other does not. Both are the same version of tomcat, and both appear identical (except for expected ports etc,) and this one frustrating bit. I need the manager for deploying and server stats.

Do you know of a way to install the manager webapp without installing the entire tomcat suite from scratch?

Chi, have you tried ServerFault. Someone there may have experienced the very same issue before and know what needs to be done to fix it.

Even after doing all the things you said I am having this error when ever i am trying to access the manager console

HTTP Status 404 - /manager/html
type Status report
message /manager/html
description The requested resource is not available.
Apache Tomcat/7.0.64

By the way I am using port 8084, I am able to access all my application using
http://localhost:8084/appName/

Thanks for the article i was looking for a way to secure the manager since its a target for hackers :)

good tips ty again!

The comments to this entry are closed.