tomcat7-maven-plugin tomcatManager status code:403, ReasonPhrase:Forbbiden

Asked 11/11, 2012 at 23:59 Answered 11/12, 2013 at 9:29

I am trying to do mvn clean package tomcat7:deploy but always I get this error: tomcatManager status code:403, ReasonPhrase:Forbbiden

My configurations are the next:

~/.m2/settings.xml

<servers>
  <server>
    <id>localhost</id>
    <username>tomcat</username>
    <password>s3cret</password>
  </server>
</servers>

pom.xml

  <profiles>
    <profile>
        <id>tomcat-localhost</id>
        <activation>
            <activeByDefault>true</activeByDefault>
        </activation>
        <properties>
            <tomcat-server>localhost</tomcat-server>
            <tomcat-url>http://localhost:8080/manager/html</tomcat-url>
        </properties>
    </profile>
  </profiles>

  <build>
    <plugin>
        <groupId>org.apache.tomcat.maven</groupId>
        <artifactId>tomcat7-maven-plugin</artifactId>
        <version>2.0</version>
        <configuration>
            <server>${tomcat-server}</server>
            <url>${tomcat-url}</url>
        </configuration>
      </plugin>
    </plugins>
  </build>

tomcat-users.xml

  <role rolename="manager-gui"/>  
  <user username="tomcat" password="s3cret" roles="manager-gui"/>

What is my mistake? Because I don't see it.

Complete message error:

[INFO] --- tomcat7-maven-plugin:2.0:deploy (default-cli) @ WebApp ---
[INFO] Deploying war to http://localhost:8080/Baskeitor  
Uploading: http://localhost:8080/manager/html/deploy?path=%2FWebApp
Uploaded: http://localhost:8080/manager/html/deploy?path=%2FWebApp (7985 KB at 50215.2 KB/sec)

[INFO] tomcatManager status code:403, ReasonPhrase:Prohibido
[INFO] <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
[INFO] <html>
[INFO]  <head>
[INFO]   <title>403 Access Denied</title>
[INFO]   <style type="text/css">
[INFO]     <!--
[INFO]     BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
[INFO]     H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
[INFO]     PRE, TT {border: 1px dotted #525D76}
[INFO]     A {color : black;}A.name {color : black;}
[INFO]     -->
[INFO]   </style>
[INFO]  </head>
[INFO]  <body>
[INFO]    <h1>403 Access Denied</h1>
[INFO]    <p>
[INFO]     You are not authorized to view this page.
[INFO]    </p>
[INFO]    <p>
[INFO]     If you have already configured the Manager application to allow access and
[INFO]     you have used your browsers back button, used a saved book-mark or similar
[INFO]     then you may have triggered the cross-site request forgery (CSRF) protection
[INFO]     that has been enabled for the HTML interface of the Manager application. You
[INFO]     will need to reset this protection by returning to the
[INFO]     <a href="/manager/html">main Manager page</a>. Once you
[INFO]     return to this page, you will be able to continue using the Manager
[INFO]     appliction's HTML interface normally. If you continue to see this access
[INFO]     denied message, check that you have the necessary permissions to access this
[INFO]     application.
[INFO]    </p>
[INFO]    <p>
[INFO]     If you have not changed
[INFO]     any configuration files, please examine the file
[INFO]     <tt>conf/tomcat-users.xml</tt> in your installation. That
[INFO]     file must contain the credentials to let you use this webapp.
[INFO]    </p>
[INFO]    <p>
[INFO]     For example, to add the <tt>manager-gui</tt> role to a user named
[INFO]     <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
[INFO]     config file listed above.
[INFO]    </p>
[INFO] <pre>
[INFO] &lt;role rolename="manager-gui"/&gt;
[INFO] &lt;user username="tomcat" password="s3cret" roles="manager-gui"/&gt;
[INFO] </pre>
[INFO]    <p>
[INFO]     Note that for Tomcat 7 onwards, the roles required to use the manager
[INFO]     application were changed from the single <tt>manager</tt> role to the
[INFO]     following four roles. You will need to assign the role(s) required for
[INFO]     the functionality you wish to access.
[INFO]    </p>
[INFO]     <ul>
[INFO]       <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
[INFO]           pages</li>
[INFO]       <li><tt>manager-script</tt> - allows access to the text interface and the
[INFO]           status pages</li>
[INFO]       <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
[INFO]           pages</li>
[INFO]       <li><tt>manager-status</tt> - allows access to the status pages only</li>
[INFO]     </ul>
[INFO]    <p>
[INFO]     The HTML interface is protected against CSRF but the text and JMX interfaces
[INFO]     are not. To maintain the CSRF protection:
[INFO]    </p>
[INFO]    <ul>
[INFO]     <li>Users with the <tt>manager-gui</tt> role should not be granted either
[INFO]         the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
[INFO]     <li>If the text or jmx interfaces are accessed through a browser (e.g. for
[INFO]         testing since these interfaces are intended for tools not humans) then
[INFO]         the browser must be closed afterwards to terminate the session.</li>
[INFO]    </ul>
[INFO]    <p>
[INFO]     For more information - please see the
[INFO]     <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
[INFO]    </p>
[INFO]  </body>
[INFO] </html>

I have tomcat 7.0.32 and I restart it always I change some configuration about users or anything that need load again.

Amalberga answered 11/11, 2012 at 23:59 Comment(1)

FYI, there is no need to run "package" as the tomcat7:deploy goal kicks that off. Another option is to use the tomcat7:deploy-only goal and you keep package there. tomcat.apache.org/maven-plugin-2.0/tomcat7-maven-plugin/… – Miksen 29/4, 2013 at 17:5

I had same problem. But I found following solution of this problem:

pom.xml

<plugin>
    <groupId>org.apache.tomcat.maven</groupId>
    <artifactId>tomcat7-maven-plugin</artifactId>
    <version>2.0</version>
    <configuration>
      <url>http://localhost:8080/manager/text</url>
      <server>localhost</server>
      <path>/${project.build.finalName}</path>
    </configuration>
</plugin>

~/.m2/settings.xml

<servers>
<server>
   <id>localhost</id>
   <username>admin</username>
   <password>s3cret</password>
</server>

tomcat-users.xml

<role rolename="manager-script"/>
<user username="admin" password="s3cret" roles="manager-script"/>

After changing tomcat-users.xml do not forget to restart the server. Also do not assign the manager-gui role with the manager-script to the same user.

Bench answered 13/11, 2012 at 16:5 Comment(4)

Thanks, we had the same problem, the trick here was to use the /text endpoint with the manager-script role. – Bufflehead 4/2, 2013 at 13:17

I did it totally follow your instructions, but it encountered error: tomcatManager status code:401, ReasonPhrase:Unauthorized. I make sure the username/password of tomcat I configured is correct, what do I do? – Accept 22/8, 2013 at 10:49

if anyone has same problem to solve it ur settings.xml file should have <settings> tag as root – Outwit 7/11, 2013 at 14:48

Uploading: localhost:8081/manager/text/deploy?path=ROOT&update=true Uploading: localhost:8081/manager/text/deploy?path=ROOT&update=true [INFO] BUILD FAILURE [ERROR] Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:redeploy (default-cli) on project gs-serving-web-content: Cannot invoke Tomcat manager: Connection reset -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.tomcat.maven:tomcat7-maven-plugin:2.2:redeploy (default-cli) on project g: Cannot invoke Tomcat manager – Revest 2/6, 2019 at 23:26

Enough to do like this

pom.xml

<plugin>
  <groupId>org.apache.tomcat.maven</groupId>
  <artifactId>tomcat7-maven-plugin</artifactId>
  <version>2.0</version>
  <configuration>
    <path>/mywebapp</path>
    <update>true</update>
    <url>http://localhost:8080/manager/text</url>
    <username>tomcat</username>
    <password>tomcat</password>
  </configuration>
</plugin>

tomcat-users.xml

<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <role rolename="admin-gui"/>
  <user username="tomcat" password="tomcat" roles="tomcat,manager-gui,admin-gui,manager-script"/>
</tomcat-users>

From http://tomcat.apache.org/maven-plugin-2.0/index.html

Use http://localhost:8080/manager/text rather than the default tomcat6 url.

Imogene answered 25/6, 2013 at 11:16 Comment(1)

it doesn't deploy to the path you specify – Revest 3/6, 2019 at 3:54

This error will also appear if the same WAR with the same name has already been deployed to tomcat.

Eloquent answered 3/10, 2013 at 16:27 Comment(2)

please those kind of short answers as comments. Or first read the faq of SO before you post – Jeremiad 3/10, 2013 at 16:44

Didn't have the reputation to do so, felt like offering help was more important than post etiquette considering the helpful nature of this site. – Eloquent 7/10, 2013 at 18:33

Url is not correct use:

<tomcat-url>http://localhost:8080/manager/html</tomcat-url>

Intake answered 12/11, 2012 at 8:50 Comment(1)

It works for me! 1. add user with role 'manager-script' only to tomcat-users.xml; 2. add "<dependency><groupId>org.slf4j</groupId><artifactId>slf4j-nop</artifactId><version>${slf4j.version}</version></dependency>" for fix slf4j.org/codes.html#StaticLoggerBinder; 3. add "<plugin><groupId>org.apache.tomcat.maven</groupId><artifactId>tomcat7-maven-plugin</artifactId><version>2.1</version><configuration><tomcat-url>localhost:8080/manager/html</…{project.build.finalName}</path></configuration></plugin>" – Aleutian 14/3, 2013 at 0:52

Wanted to add this as a comment, but do not have enough reputation score to do so.

Adding this as an answer as it may be helpful for someone. I was getting the exactly same errors while trying to deploy on tomcat7 using eclipse, and was still not working after trying above solutions. finally I tried outside eclipse using commandline(cmd) and it worked like a charm. obviously I needed to install maven on my machine and then set M2_Home user variable and path variable pointing to M2_HOME/bin.

Thanks.

Guardrail answered 27/11, 2013 at 15:37 Comment(0)

There is some misunderstanding about role name and the last part of the URL:

Originally in tomcat-usres.xml there was only "tomcat" user (role tomcat), user "both" (tomcat + role1) but no admin role. It seems that the last part of the URL equals to role name in some aspect ...

This worked for me (otherwise I always got 403 even provided correct user + password):

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="tomcat"/>
  <role rolename="admin"/>
  <user username="tomcat" password="tomcat" roles="admin,tomcat"/>
  <user username="admin" password="tomcat" roles="admin,tomcat"/>
</tomcat-users>

Helles answered 11/12, 2013 at 9:29 Comment(0)

Recommended topics

Hot tags