66134 – TomcatAdminRoles ignored when using installer configuration file

Bug 66134 - TomcatAdminRoles ignored when using installer configuration file

Summary: TomcatAdminRoles ignored when using installer configuration file

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Packaging (show other bugs)
Version:	9.0.64
Hardware:	PC All

Importance:	P2 normal (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-06-21 19:15 UTC by Eric Lilja
Modified:	2022-06-29 16:08 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric Lilja 2022-06-21 19:15:35 UTC

Using apache-tomcat-9.0.64.exe to install on Windows 10, I supplied a installer config file using the /C-flag.

The file contains:
JavaHome=C:\Program Files\Java\jdk-17.0.3.1
TomcatAdminEnable=true
TomcatAdminUsername=admin
TomcatAdminPassword=somepassword
TomcatAdminRoles=admin-gui,manager-gui,manager-script

All options were honored, except TomcatAdminRoles, it remained at "admin-gui,manager-gui" (i.e., lacking manager-script)

I did not use any other flags and I also manually selected the host manager to be installed

I tried moving the option, switching line breaks, let file end with trailing newline and vice versa, but nothing helped.

Comment 1 Mark Thomas 2022-06-29 13:35:19 UTC

Note: It is recommended that you do not enable both the manager-script and manager-gui roles for the same user as that allows the CSRF protection to be bypassed.

I can see why the TomcatAdminRoles aren't being set as expected. I am working on a fix.

Comment 2 Mark Thomas 2022-06-29 16:08:06 UTC

Fixed in:
- 10.1.x for 10.1.0-M17 onwards
- 10.0.x for 10.0.23 onwards
- 9.0.x for 9.0.65 onwards
- 8.5.x for 8.5.82 onwards