How can individual users be forced out of Jama

By Jama posted 4 days ago

  
Tomcat provides an easy-to-use gui for managing sessions for any web application that resides on it.  This guide will detail how to first setup the Tomcat manager and then how to find user sessions to force them off.

Part 1: Setting up the Tomcat Manager
First note that you will need to ensure that your installation of Tomcat includes the "manager" webapp.  You can check this by going to "[tomcat]\webapps\"  If you do not see the "manager" folder in this directory you will need to download and extract this application from here: http://tomcat.apache.org/download-60.cgi

You can find the "manager" application under \webapps\


    • If you already have a tomcat manager user setup, you can skip this section

    • First navigate on your server to the directory: [tomcat]\conf

    • Open up the file called "tomcat-users.xml"

    • Between the tags, add in the following lines:




    • This sets the password to "tomcat", you can change this to whatever password you would like.

    • Save the file and close it

    • Restart your Tomcat server


Part 2: Using the Tomcat Manager
To get to the Tomcat Manager:


    • From your server open up a browser and navigate to: http://localhost:8080

    • You can also navigate to this anywhere from your domain, but if you have a re-direct setup you may have problems.  You can get to the manager directly by going to: http://yourdomain:8080/manager/html

    • Enter in the username and password you set up in the previous section.  The default is username: manager, password: tomcat

    • Locate the row containing /contour

    • Click on the number listed in the column "sessions"

  • You will see a page that looks like this:

    • Use the column "Guessed User name" to locate the users you need to force off.

    • Use the check-box on the left and click on "Invalidate selected Sessions", the selected users will now be forced off.


Do not worry about the number of sessions, Contour creates a session every time the login page is viewed, this does not count against your licensing allotment.

(Originally posted by Ryan Saul)
5 comments
38 views

Comments

06-15-2017 13:00

Thanks, Kristina. This is nonetheless still probably useful for the customers who haven't yet upgraded to Jama 8.x. :)

06-15-2017 12:56

@Ryan This is no longer something we support, since Tomcat is not managed separately. (Thanks, Docker.) So it's actually on the block to get archived, along with any other Tomcat-referencing articles, so we don't have plans to test it and make sure it's still sane.

The code would be <user username="craigmcc" password="secret" roles="standard,manager-script" /> for a user role of manager-script. 

See https://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html for all the details—here's a snippet:

It would be quite unsafe to ship Tomcat with default settings that allowed anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and password that have one of manager-xxx roles associated with them (the role name depends on what functionality is required). Further, there is no username in the default users file ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned to those roles. Therefore, access to the Manager application is completely disabled by default.

You can find the role names in the web.xml file of the Manager web application. The available roles are:

manager-gui — Access to the HTML interface.
manager-status — Access to the "Server Status" page only.
manager-script — Access to the tools-friendly plain text interface that is described in this document, and to the "Server Status" page.
manager-jmx — Access to JMX proxy interface and to the "Server Status" page.

06-14-2017 21:58

It looks like in one of the subsequent migrations, the "add in the following lines" section got removed. Could you please sanity-check this and the rest of the article?

Thanks.

02-04-2015 19:01

Jennifer, thanks for pointing that out! It looks like that image was missed in our data migration. I'll add it now.

02-04-2015 17:36

Could you please review the image for the "You will see a page that looks like this:"? Clicking on it goes to a page not found: