Troubleshoot the Unauthorized user (Error 401) when installing Tomcat plugins

Troubleshoot the Unauthorized user (Error 401) when installing Tomcat plugins

When installing Tomcat plugins, you may encounter the following error:
Unauthorized user. Does not have permissions. HTTP Error 401: This error usually occurs when the user accessing the Tomcat Manager application does not have the necessary permissions.

Follow the below steps to troubleshoot the error and resolve the issue.
  1. Verify the tomcat-users.xml configuration: Open the tomcat-users.xml file located in your Tomcat installation's conf directory. This file governs user authentication and roles. Ensure you assign the appropriate roles to the intended user accessing the Tomcat Manager application, as shown below:

    <user username="user" password="password" roles="manager-gui,admin-gui"/>
    <user username="user" password="password" roles="manager-script"/>

    Replace user and password within quotes with the actual username and password you want to use.

  2. Restart Tomcat: After modifying the tomcat-users.xml file, restart Tomcat for the changes to take effect.

  3. Validate the URL: Ensure that you are accessing the Tomcat Manager application using the correct URL. Typically, the URL should look something like http://localhost:8080/manager if you are accessing it locally.

  4. Check the credentials configured in the Tomcat plugins: Ensure you have entered the correct username and password as defined in the tomcat-users.xml file.

  5. Verify the role names: Ensure that the role names in the tomcat-users.xml file match the roles expected by the Tomcat Manager application. These role names are case-sensitive.

  6. Validate the configuration files: Review the server.xml file and ensure that the <Context> element for the Tomcat Manager application is properly configured and points to the correct directory. It should look something like this:

    <Context path="/manager" docBase="manager" privileged="true"/>

  7. Check for typos: Ensure there are no typos in the URLs, usernames, passwords, or role names.

  8. Check for security constraints: If you have any security constraints in the web.xml files of your web applications, ensure that they are not unintentionally restricting access to the Tomcat Manager.