How to unlock a tomcat user?
Asked Answered
O

1

12

I am using Tomcat 7.0 and a user i defined at tomcat-users.xml is locked. I saw warnings at catalina.out that the user is locked. How can i unlock it without restarting tomcat? I searched a lot but could not find any solution.

Thanks a lot,

Ocker answered 5/9, 2011 at 13:46 Comment(0)
D
17

With Tomcat's default CMS settings, it doesn't implement any user account locking. If you've nested the user's realm in the LockOutRealm, then the user will be locked out for 300 seconds after 5 unsuccessful attempts:

http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html#LockOut_Realm_-_org.apache.catalina.realm.LockOutRealm

This is designed to protect Tomcat against DOS attacks etc. The values quoted above are the default settings, you can edit them as you wish.

If you really need to unlock a user quicker than that, have a look at the implementation of this class:

org.apache.catalina.realm.LockOutRealm
Dowd answered 6/9, 2011 at 14:5 Comment(2)
Thanks a lot for the answer, unlocking after 300 seconds is enough. I didn't know this.Ocker
@Mikaveli the link is dead :(Zyrian

© 2022 - 2024 — McMap. All rights reserved.