FreeKB - Tomcat Create users
Tomcat - Create users

The $CATALINA_HOME/conf/tomcat-users.xml file contains the Tomcat users. By default, the bottom of the tomcat-users.xml file will contain a few users, and this section will be commented out.

  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
  <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
  <user username="role1" password="<must-be-changed>" roles="role1"/>


Shutdown the Tomcat server.

[john.doe@server1 ~]$ $CATALINA_HOME/bin/


Remove the comment out. Change the password for the 3 default users in the tomcat-users.xml file. Create a new user account that grant the user admin and manager-gui roles. Do not use a common username, such as admin, as Tomcat will refuse common uesrnames. Add the admin and manager-gui rolename. 

<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="admin"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="MyPassword" roles="tomcat"/>
<user username="both" password="MyPassword" roles="tomcat,role1"/>
<user username="role1" password="MyPassword" roles="role1"/>
<user username="JohnDoe" password="MyPassword" roles="admin,manager-gui" />


Start the Tomcat server.

[john.doe@server1 ~]$ bash $CATALINA_HOME/bin/


Navigate to your Tomcat web interface and select Manager App. You will be prompted for a username and password. Use a username and password that has the manager-gui role.


You should be signed into the Tomcat Web Application Manager.



If you cannot sign in, and you get a 401 Unauthorized page, check your $CATALINA_HOME/logs/catalina.out file. In this example, John Doe's account has been locked.

01-Jul-2017 03:58:07.604 WARNING [http-nio-8080-exec-2] org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt was made to authenticate the locked user [JohnDoe]


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 9372a in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |