The username you provided is not allowed to use the text-based Tomcat Manager (error 403) when deploying on remote Tomcat8 using Jenkins

harshlal028 picture harshlal028 · Jan 16, 2017 · Viewed 19.4k times · Source

I am trying to deploy a WAR on the remote Tomcat (Remote Machine) using Jenkins deploy to container Plugin. I have done the following configuration in tomcat-users.xml

I have setup the proper username password and port in Jenkins deployer container plugin. The setup is working fine for the local Tomcat. But for remote Tomcat I keep getting the following error:

Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:555)
at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:686) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:699) at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:174)
... 16 more Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://1.203.190.5:8080/manager/text/list at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:544) ... 19 more

Please Help.

Answer

harshlal028 picture harshlal028 · Jan 17, 2017

This seems to be a Jenkins bug but I got around the problem by setting up following configuration in Tomcat:

Edit the file /webapps/manager/META-INF/context.xml:

Previous:

<Context antiResourceLocking="false" privileged="true">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

Change this file to comment the Value:

<Context antiResourceLocking="false" privileged="true">
  <!--
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
    -->
</Context>

This resolved the issue. Hope this helps someone :)