TOMCAT7/8 Access server Status, manager App, Host Manager appears 403 Forbidden

After configuring the TOMCAT7/8, we often need to access the TOMCAT7/8 manager and host manager. You need to configure the user role in Tomcat-users.xml to implement it. In the Address bar, enter: localhost:8080 access Tomcat, in the Open interface, there are three buttons in the upper right corner:
1. Server Status
2. Manager App
3. Host Manager

However, after we have configured the Tomcat-users.xml, these three buttons are not always accessible, either by accessing only one, or by two. This problem is most likely in your configuration, the role is not added full, especially on the third button configuration, the configuration of the third button TOMCAT7 and TOMCAT8 configuration is not the same.
In order to achieve the configuration so that three buttons can be accessed, we first look at the tomcat-users.xml inside a user configuration:

<tomcat-users><rolerolename= "Manager-gui"/><rolerolename= "Manager-script"/><Userusername= "Tomcat"Password= "Tomcat"Roles= "Manager-gui"/><Userusername= "Admin"Password= "Admin"Roles= "Manager-script"/></tomcat-users>

<role rolename="角色名">This is used to define the character, and it is obvious that the RoleName attribute value is not something we write at random. In fact, Tomcat has defined 4 different roles for us, that is, 4 rolename, and we only need to use the roles Tomcat has defined for us to meet our work needs.

Manager-gui     #允许访问html接口 (that is, URL path is/manager/html/*) Manager-script   #允许访问纯文本接口 (that is, URL path is/manager/text/*) The MANAGER-JMX   #允许访问JMX代理接口 (that is, the URL path is/manager/jmxproxy/*) Manager-status   #允许访问Tomcat只读状态页面 (that is, the URL path is/manager/ status/*)

Special need to explain is: Manager-gui, Manager-script, manager-jmx all have manager-status permission, namely, Manager-gui, Manager-script, MANAGER-JMX Three role permissions you can access the path "/manager/status/*" without adding additional Manager-status permissions.

<user username="用户名" password="密码" roles="角色（可多个）"/>This is very simple, is used to represent the user, where roles corresponds to the role defined above, can have multiple roles, multiple roles with "," separated. You can also configure multiple users.

To access the top two buttons, simply configure the manager-* (4 on-demand configuration).
To access the third button, you need to configure the Admin-gui (HTML UI interface) or Admin-script (plain text interface).
If you want to access them, configure them together.

The following are posted according to TOMCAT7 and TOMCAT8 User configuration: 1, TOMCAT7 Access server Status, manager App, Host Manager configuration.

Disclaimer: This configuration is not focused on security, just testing. Specific requirements can be truncated

<rolerolename= "Admin"/><rolerolename= "Admin-gui"/><rolerolename= "Admin-script"/><rolerolename= "Manager-gui"/><rolerolename= "Manager-script"/><rolerolename= "MANAGER-JMX"/><rolerolename= "Manager-status"/><Userusername= "Admin"Password= "Admin"Roles= "Admin,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status"/>

2. TOMCAT8 access to server Status, manager App, and Host Manager configuration.

Disclaimer: This configuration is not focused on security, just testing. Specific requirements can be truncated
Tomcat8 if on the basis of the above configuration, the access will be reported 403 error, so need to modify, if not, create a new Conf/catalina/localhost/manager.xml file.
The configuration content is as follows:

<privileged= "true"  antiresourcelocking= "false"          DocBase= "${catalina.home}/webapps/manager">    <   ClassName= "Org.apache.catalina.valves.RemoteAddrValve"  Allow= "^.*$"  /></Context>

Turn from: 53218584

TOMCAT7/8 Access server Status, manager App, Host Manager appears 403 Forbidden