How to use Tomcat manager

What is the Tomcat Manager Web Application?

The Tomcat Manager Web application is packaged with the Tomcat server. It is installed in the context path of /manager and provides the basic functionality to manage Web applications running in the Tomcat server.

Some of the provided functionality includes the ability to install, start, stop, remove, and report on Web applications.

Gaining Access to the Manager Web Application

Before you can use the Manager, you must set up a new user with the appropriate privileges to access the /manager application. If you look at the TOMCAT_HOME/webapps/manager/web.xml file in the /manager application, you'll notice a security constraint similar to the following code snippet:

<!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Entire Application</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>manager</role-name> </auth-constraint> </security-constraint>

The <security-constraint/> element defined in this code snippet secures the entire /manager Web application, providing access to only those users who have a defined role of manager.

It does this with essentially two sub-elements in the security constraint. The first sub-element, <web-resource-collection>, defines the resource that is protected by this constraint.

The definition is made with the <url pattern> sub-element. When you look at the previous snippet, you'll also notice that this sub-element is defined as follows:


The value of the <url-pattern> sub-element uses a wildcard *, which protects all URLs within the /manager application with this security constraint. The second sub-element defines the role that has access to the protected resource.

It does this by using the <role-name> sub-element, which is listed in the following code snippet: <role-name>manager</role-name>

The value of this sub-element states that only users with a role of manager can access the resource protected by this security constraint. What this all boils down to is that, if you want access to the manager application, you need to add a new user with a role of manager.

You add such a user by inserting an entry in the TOMCAT_HOME/conf/tomcat users.xml file, which contains all of the defined users in Tomcat. If you haven't changed this file before, it should look similar to the following code snippet:

<!-- NOTE: By default, no user is included in the "manager" role required to operate the "/manager" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. --> <tomcat-users> <user name="tomcat" password="tomcat" roles="tomcat" /> <user name="role1" password="tomcat" roles="role1" /> <user name="both" password="tomcat" roles="tomcat,role1" /> </tomcat-users>

As you can see, there is nothing special about this file: it has a root-level element of <tomcat-users>, which contains a collection of <user> sub-elements. To add a new user with access to the manager application, you simply need to add a new <user> sub-element with a roles attribute equal to manager.

Make the previously listed changes and save the tomcat-users.xml file. You now have a new user named bob, with a password of password and the role of manager. After making this change, restart Tomcat.

Tomcat manager comes pre-installed with our tomcat solutions. Check out our complete java hosting offer

Contact sales!