Only happens on Tomcat 6. Tomcat 5.5 might be configured differently (user db not read only). However this is rather RHQ plugin bug. ----------------------------------- Tomcat log: Mar 15, 2011 3:21:38 PM org.apache.catalina.users.MemoryUserDatabase save SEVERE: User database has been configured to be read only. Changes cannot be saved ----------------------------------- RHQ web: 3/15/11, 3:21:40 PM, EDT Save Save current users and groups to persistent storage. Success rhqadmin
Looking at https://issues.apache.org/bugzilla/show_bug.cgi?id=49436 this message seems to be the result of a change in default behaviour between Tomcat 5 and 6. In v5 you could persist changes to Tomcat's user/role/group database out-of-the-box. However in v6 it appears you need to specify the atrribute readonly=false on the <Resource name="UserDatabase" .../> element in the server.xml before any changes will persist. As a workaround we could document the changes that are required to server.xml. In the future the plugin could be extended to potentially update the server.xml directly to make this change. It looks like this change can't be made via JMX which is how we make other configuration updates. Dropping priority to medium since the issue has a workaround.
Moved to the JON product BZ to make tracking it easier.
myarboro determine owner in EWS product team.
*** Bug 886984 has been marked as a duplicate of this bug. ***
The issue described in comment#0 still affects tomcat6 even with readonly="false" attribute on the <Resource> tag in server.xml.
This issue affects all tomcat{5,6,7} versions.
Isn't this a duplicate of 865459 or 901050?
It is a duplicate of 865459
865459 set verified, so this one is also verified
Added DocText. @Wei Nan Li, can you please review the Doc Text content?
oops.. @Jean-Frederic Clere, can you please review the Doc Text content?
"Cause: Removing a tomcat role in JBoss Enterprise Web Server causes the JBoss Operations Network (JON) interface to fail. Restarting tomcat displays the removed role in the tomcat-users.xml file but not in the JBoss Operations Network web interface. Consequence: Tomcat 6 and Tomcat 7 does not invoke the save operation. Thus, when a tomcat role is removed using the JON web interface, the tomcat-users.xml file does not get updated. When tomcat,restarts, the role is present in the tomcat-users.xml file but not in the JBoss Operations Network web interface. Fix: ? Result: When JBoss Operations Network is used to remove a tomcat role, the tomcat-users.xml file updates and the role is removed as expected." Well that is not OK. Any operation were affected add, remove and modify, no changes were written in tomcat-users.xml. Fix: The storeconfig module (delivered as catalina-storeconfig.jar) has been added back to tomcat6 and tomcat7, users need to activate the corresponding listener in serverx.ml to get the JON feature working. <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
Hm My Fix comment is wrong, please use the following: Fix: The plugin logic has been fixed, the user needs to set readonly="false" in the resource UserDatabase of server.xml to get the JON feature working.
No the text is still wrong... Sorry I screwed it see comment #15.
I think the first line of the doc text should clearly say that the add/modify/remove operations manipulate the user database. Currently it sounds as any add/modify/remove operation should update the tomcat-users.xml file, which is of course not true.
Updated. Michal, please confirm if the doc_text is now correct.
Thanks, I think the doc text is now correct.