Tomcat – Purpose of roles tags in tomcat-users.xml

configurationtomcattomcat7

In the Tomcat 7 tomcat-users.xml file, what purpose is served by the <role /> tags?

For an XAMPP instance of Tomcat 7, I've figured out how to configure my tomcat-users.xml file to permit me to access both Tomcat Web Application Manager and Tomcat Virtual Host Manager. More specifically, the following enables the aforementioned access:

<tomcat-users>
  <user username="uname" password="pword" roles="manager-gui,admin-gui"/>
</tomcat-users>

Note that what's NOT in this successful snippet of XML are any <role /> tags. That's the crux of my question: I can't for the life of me figure out what purpose role tags are meant to serve.

In pursuit of learning how to configure access, I've read plenty of documentation and forum postings, but they all seem to go in a circle: One can define roles, but then roles don't really seem to themselves define anything useful(?)

For example, here's the recurring illustration used in both the tomcat-users.xml file and in numerous forum posts "explaining" the use of roles.

<tomcat-users>
  <role rolename="tomcat"/>
  <user username="uname" password="pword" roles="tomcat"/>
</tomcat-users>

Okay, so in this "explanation" a role element defines a rolename attribute equal to tomcat, then the user element contains a roles attribute that defines the user's role as tomcat. What's the point?

Asked another way, given that in role element the rolename attrbute defines tomcat, roles=tomcat does what, exactly? Especially compared to my working user definition of where manager-gui and admin-gui define roles that enable Tomcat Web Application Manager AND Tomcat Virtual Host Manager access.

Cheers & thanks,
Riley
SFO

Best Answer

The use of the <role .../> element in tomcat-users.xml is optional. Tomcat builds the list of roles from the <role .../> elements and from the roles named in the roles="..." attribute of the users.

The benefit of using the <role .../> element is that you can declare the complete set of supported roles and you can include description attribute describing the role.

As an aside, tomcat-users.xml also supports groups although they are not shown in the example that ships by default with Tomcat. Groups are sets of roles that can then be assigned to users.

Related Solutions

C++ – Compiling legacy GCC code with AVX vector warnings

That's not legacy code. __attribute__ ((vector_size(32))) means a 32 byte vector, i.e. 256 bit, which (on x86) means AVX. (GNU C Vector Extensions)

AVX isn't enabled unless you use -mavx (or a -march setting that includes it). Without that, the compiler isn't allowed to generate code that uses AVX instructions, because those would trigger an illegal-instruction fault on older CPUs that don't support AVX.

So the compiler can't pass or return 256b vectors in registers, like the normal calling convention specifies. Probably it treats them the same as structs of that size passed by value.

See the ABI links in the x86 tag wiki, or the x86 Calling Conventions page on Wikipedia (mostly doesn't mention vector registers).

Since the GNU C Vector Extensions syntax isn't tied to any particular hardware, using a 32 byte vector will still compile to correct code. It will perform badly, but it will still work even if the compiler can only use SSE instructions. (Last I saw, gcc was known to do a very bad job of generating code to deal with vectors wider than the target machine supports. You'd get significantly better code for a machine with 16B vectors from using vector_size(16) manually.)

Anyway, the point is that you get a warning instead of a compiler error because __attribute__ ((vector_size(32))) doesn't imply AVX specifically, but AVX or some other 256b vector instruction set is required for it to compile to good code.

Tomcat – I can’t access Tomcat 7 manager when Tomcat is running through IntelliJ Idea Ultimate 12

I edited two files : server.xml & tomcat-users.xml

STEP 1 : I added this line to the server.xml, this line must be added under Engine context same as the picture:

<Realm className="org.apache.catalina.realm.MemoryRealm" />

here you can see the picture :

enter image description here

STEP 2 : then I edited tomcat-users.xml and added the lines below :

<!--
  NOTE:  The sample user and role entries below are wrapped in a 
  comment and thus are ignored when reading this file. Do not forget
  to remove <!.. ..> that surrounds them.
-->

  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <role rolename="manager"/>
  <role rolename="manager-script"/>
  <role rolename="manager-gui"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="admin" password="tomcat" roles="manager-gui,manager-script "/> 

</tomcat-users>

NOTE : I recommend you to copy and paste my text and replace it by yours

Restart tomcat and you're ready to go !

Best Answer

Related Solutions

C++ – Compiling legacy GCC code with AVX vector warnings

Tomcat – I can’t access Tomcat 7 manager when Tomcat is running through IntelliJ Idea Ultimate 12

Related Topic