Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding default manager roles in tomcat users config. #412

Closed
wants to merge 4 commits into from

Conversation

dagnelies
Copy link

Every time I install a tomcat, I first add the tomcat manager users, and I think a lot of people do this as well. However, currently, it's kind of a pain because you have to look it up first what exactly should be written and create the roles/users manually. This here makes it trivial.

Adding default manager roles in tomcat users config.
Adding default manager roles in tomcat users config.
@dagnelies
Copy link
Author

...I guess the travis CI is currently broken

@martin-g
Copy link
Member

For some reason getParentStream() returns null on s390x (JDK11).

getParentStream().addChild(replacement);

@ChristopherSchultz
Copy link
Contributor

For some reason getParentStream() returns null on s390x (JDK11).

getParentStream().addChild(replacement);

🤔

@dagnelies
Copy link
Author

Hi, since the Travis CI possibly failed due to some unrelated instability, can we perhaps simply try to re-run it?

@martin-g
Copy link
Member

can we perhaps simply try to re-run it?

Re-scheduled it!

@kkolinko
Copy link

kkolinko commented Apr 12, 2021

<user username="admin" password="<must-be-changed>" roles="manager-gui,manager-jmx"/>

-1 for the above line. The "manager-jmx" role is not intended to be used by human users: it does not have CSRF protection.

See
https://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access

<role rolename="manager-gui"/> etc.

There rarely is a need to explicitly create roles like the above. When parsing the tomcat-users.xml file, all roles mentioned in users are created automatically.

Copy link

@kkolinko kkolinko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "manager-jmx" role and "manager-gui" roles should not be used together. (As I wrote is a comment earlier. Resubmitting via "Code review" panel.)

@dagnelies
Copy link
Author

dagnelies commented Apr 12, 2021

@kkolinko Regarding:

There rarely is a need to explicitly create roles like the above. When parsing the tomcat-users.xml file, all roles mentioned in users are created automatically.

I wasn't aware of that. If roles are automatically generated, what's the use of the role tag at all? I just assumed it was required since it's present in all examples.

I'll remove the JMX part.

@kkolinko
Copy link

@kkolinko Regarding:

There rarely is a need to explicitly create roles like the above. When parsing the tomcat-users.xml file, all roles mentioned in users are created automatically.

I wasn't aware of that. If roles are automatically generated, what's the use of the role tag at all? I just assumed it was required since it's present in all examples.

  • If you need to declare a role that has no users assigned to it, the role can be declared with a "role" element. Such use case is rare (e.g. if users are managed via some GUI and you want to be able to list all available roles).
  • When a user database is saved (written out), "role" elements are written as well, for completeness. This operation can be triggered via JMX.

@markt-asf markt-asf closed this in 94c352d May 19, 2021
markt-asf added a commit that referenced this pull request May 19, 2021
Based on a PR by Arnaud Dagnelies.
markt-asf added a commit that referenced this pull request May 19, 2021
Based on a PR by Arnaud Dagnelies.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants