Join Log in
Score:0
Vinayak avatar Server

Tomcat with HTTPD front end. Manager app not accessible

ca flag
Vinayak

I have an HTTPD server which does the LDAP Authentication in front of Tomcat server. My application resides in the Tomcat.

I am proxying the authenticated requests via AJP connector of tomcat to my application. Now I want to close the HTTP connector. But the manager app is not accessible (saying 403 error).

  • When I am accessing http://localhost/my_app. Everything works fine.
  • When I am accessing http://localhost/manager/ , it gives me 403 error.
  • With HTTP connector is open ie, http://localhost:port/manager, it is accessible.
65
0 + 0
in flag
Gerald Schneider
Please provide your tomcat configuration
0
Reply
Vinayak avatar
ca flag
Vinayak
Its the default configuration. Only thing i have added extra is the Virtual Host, which uses ProxyPass and the ldap authentication.
0
Reply
Vinayak avatar
ca flag
Vinayak
@GeraldSchneider It would be a help if you can reply based on default config since i have not changed anything
0
Reply
cn flag
shearn89
Can you share your virtualhost config?
0
Reply
Vinayak avatar
ca flag
Vinayak
ProxyPass / http://localhost:1000/ ProxyPassReverse / http://localhost:1000/ <Proxy http://localhost:1000/> BalancerMember ajp://localhost:1009/ Options Indexes FollowSymlinks AllowOverride None AuthName "Active Directory Authentication" AuthType Basic AuthBasicAuthoritative on AuthBasicProvider ldap LDAPReferrals off AuthLDAPBindAuthoritative on AuthLDAPURL AuthLDAPBindDN AuthLDAPBindPassword Require valid-user
0
Reply
Score:2
avatar Server
us flag
Tero Kilkanen

This is an educated guess. I think this might be a case of both the Manager part and Apache using HTTP authentication headers for authentication.

When the client connects to http://localhost/manager, Apache asks for authentication credentials for LDAP authentication. The client will then send the authentication information to Apache, which accepts the requests and passes it to Tomcat's manager part.

However, since the credentials are not what were defined for the manager, it returns 403 error.

The solution would be to exclude /manager part from the LDAP authentication. Unfortunately I don't know how that would be done within Apache.

0 + 0
Vinayak avatar
ca flag
Vinayak
Yes, I tried doing that as well. But the manager app page is not properly loaded. It shows simply the elements of that page. Also, i tried giving the same credentials for the tomcatusers.xml. Then also it didn't work.
0
Reply
us flag
Tero Kilkanen
If it shows only HTML code, it means that the base URL of the application is not properly set. You need to find a setting for app root URL and make sure it is `http://localhost/manager`.
0
Reply
Score:1
Roman Spiak avatar Server
it flag
Roman Spiak

based on https://stackoverflow.com/questions/5808206/how-to-fix-tomcat-http-status-403-access-to-the-requested-resource-has-been-den

it seems that you are missing a role definition.

In the tomcat-users.xml file add a user with the role manager :

<role rolename="manager"/>
<user username="admin" password="admin" roles="manager"/>
0 + 0
Vinayak avatar
ca flag
Vinayak
Nope... i am able to access manager through port which means my config is correct. I want to know how/ why it is not accessible when port number is not used
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.