How to Set Tomcat Admin and Manager Password

After installing a new Tomcat server, there will be no user created by default to access Administrator and Manager web interfaces. After completing the installation setup Tomcat Admin and Manager user accounts and set their passwords.

You can also visit our following articles about installing Tomcat on Linux systems.

Setup Tomcat Admin & Manager Users

To create user account edit conf/tomcat-users.xml file in editor and copy below configuration inside <tomcat-users> </tomcat-users> tags.

<tomcat-users>

  <!-- user manager can access only manager section -->
  <role rolename="manager-gui" />
  <user username="manager" password="_SECRET_PASSWORD_" roles="manager-gui" />

  <!-- user admin can access manager and admin section both -->
  <role rolename="admin-gui" />
  <user username="admin" password="_SECRET_PASSWORD_" roles="manager-gui,admin-gui" />

</tomcat-users>

As per above configuration user manager only can access manager web interface but admin can access both admin + manager web interface.

After making above change Stop and Start your Tomcat server.

Access Roles in Tomcat:-

Tomcat 7 and onward releases has following roles defined for accessing Tomcat Admin and Manager interfaces. Use the following roles while creating users for tomcat with specific access levels.

Roles for Admin (Host Manager) Access:

• admin-gui – This allows access to the HTML GUI
• admin-script – This allows access to the text interface

Roles for Manager (Manager App) Access:

• manager-gui – This allows HTML GUI and the status pages
• manager-script – This allows text interface and the status pages
• manager-jmx – This allows JMX proxy and the status pages
• manager-status – This allows access to the status pages only