2012-10-22 14:10:26| 分类: apache_tomcat |字号 订阅
配置好 Tomcat 7.0 后,在 tomcat-users.xml 中配置用户角色来访问 localhost:8080 的这样三个按钮总出现问题:
Server Status
Manager App
Host Manager
要么是三个都不能访问,要么是只能访问其中一个,或者两个。
后来发现是角色没有添加全,特别是针对第三个按钮“Host Manager”
其实解决点在这样两个症结上:
前两个按钮和manager相关,具体角色名为
manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
第三个按钮和admin相关,具体角色名为
admin-gui - allows access to the HTML GUI and the status pages
admin-script - allows access to the text interface and the status pages
所以在 tomcat-users.xml 如果不注重安全性,只是测试用的话,对应部分可以简单地写成下面这个样子:
---------------------------------
<role rolename="admin"/>
<role rolename="manager-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<user username="admin" password="admin" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>
---------------------------------
很多网页没说到第三个按钮针对的角色。不添加admin-gui和admin-script的话,第三个按钮就会出现访问被拒绝的问题(access denied ....)。
详细说明可以参考 Tomcat 的文档(http://tomcat.apache.org/migration.html#Manager_application):
Manager application
The Manager application has been re-structured for Tomcat 7 onwards and some URLs have changed. All URLs used to access the Manager application should now start with one of the following options:
<ContextPath>/html for the HTML GUI
<ContextPath>/text for the text interface
<ContextPath>/jmxproxy for the JMX proxy
<ContextPath>/status for the status pages
Note that the URL for the text interface has changed from "<ContextPath>" to "<ContextPath>/text".
The roles required to use the Manager application were changed from the singlemanager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
users with the manager-gui role should not be granted either the manager-script ormanager-jmx roles.
if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
The roles command has been removed from the Manager application since it did not work with the default configuration and most Realms do not support providing a list of roles.
Host Manager application
The Host Manager application has been re-structured for Tomcat 7 onwards and some URLs have changed. All URLs used to access the Host Manager application should now start with one of the following options:
<ContextPath>/html for the HTML GUI
<ContextPath>/text for the text interface
Note that the URL for the text interface has changed from "<ContextPath>" to "<ContextPath>/text".
The roles required to use the Host Manager application were changed from the singleadmin role to the following two roles. You will need to assign the role(s) required for the functionality you wish to access.
admin-gui - allows access to the HTML GUI and the status pages
admin-script - allows access to the text interface and the status pages
The HTML interface is protected against CSRF but the text interface is not. To maintain the CSRF protection:
users with the admin-gui role should not be granted the admin-script role.
if the text interface is accessed through a browser (e.g. for testing since this inteface is intended for tools not humans) then the browser must be closed afterwards to terminate the session.
分享到:
相关推荐
tomcat9用户访问配置问题_403Access Denied,无法访问server、Manager、Host Manager,这是我花了好久时间才搞好的,网上都没有完整能用版,希望对你有帮助,欢迎下载
tomcat-redis-session-manager-2.0.0.jar jedis-2.5.2.jar commons-pool2-2.2.jar 2.修改 conf 目录下的 context.xml 文件 <Valve className="com.orangefunction.tomcat.redissessions....
<Manager className="com.orangefunction.tomcat.redissessions.RedisSessionManager" host="10.10.10.10" port="6379" database="0" password="redispassword" (没有密码得去掉该配置) ...
<Manager className="com.orangefunction.tomcat.redissessions.RedisSessionManager" host="127.0.0.1" port="6379" database="0" password="krydxxoo666" maxInactiveInterval="60" />
tomcat8.5 redis-session-manager 支持8.5 亲测 <Valve className="com.s.tomcat.redissessions.RedisSessionHandlerValve"/> <Manager className="com.s.tomcat.redissessions.RedisSessionManager" host="192....
tomcat-redis-session-manage-tomcat7.jar commons-pool2-2.2.jar jedis-2.5.2.jar 编辑${TOMCAT_HOME}/conf/context.xml,在context中加入 <Valve className="com.orangefunction.tomcat.redissessions....
tomcat7-redis-cluster概要 1.原理: 原理就是继承tomcat的manager接口,接管session的持久化工作 2.使用 ◦使用的时候就是Maven打包,放到tomcat的lib里面 (主要是三个包:commons-pool2-2.3.jar;jedis-2.7.3....
redis充当tomcat7 session store需要用到的jar包 使用说明: 1、将zip解压出来的jar包放到tomcat的lib目录下. 2、修改tomcat/conf下的context.xml文件,示例如下: <!-- Default set of monitored resources --> ...
6) Host Manager 7) Realms and AAA 8) Security Manager 9) JNDI Resources 10) JDBC DataSources 11) Classloading 12) JSPs 13) SSL/TLS 14) SSI 15) CGI 16) Proxy Support 17) MBeans Descriptors ...
<Manager className="com.orangefunction.tomcat.redissessions.RedisSessionManager" host="localhost" //redis所在服务器ip port="6379" //redis服务端口 database="10" maxInactiveInterval="60"/> 注:每...
tomcat7-redis-cluster-1.0.0.jar) ◦用法实例,修改tomcat的conf文件夹里面的context.xml,在标签内加上以下配置: <Manager className="com.sophy.tomcat8rediscluster.RedisSessionManager" host="127.0.0.1...
在Apache Tomcat 7设置redis作为session store redis已经有组件支持直接在tomcat7中设置下将redis作为tomcat默认的session存储器,下面介绍下配置过程 ...tomcat-redis-session-manager-1.2-tomcat-7-java-7.jar
memcached tomcat7 最新包 配置内容 <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> ... ... <!-- memcached 配置 start --> <Manager className="de.javakaffee.web.msm....
tomcat-redis-session-manager-jre7-tomcat6.jar smartcard中的代码需要修改,redis放值时不能为空 //保存sysOrg中工号所属地市区县 Struts2Utils.getSession().setAttribute(Constants.JCFX_CITY, orgList.get...
nginx+tomcat7+session共享 kryo序列化所需要包 1.将上面所提到的包全部拷贝到tomcat的lib下(三台tomcat都需要) 2.修改每台tomcat的conf目录下得context.xml文件或者server.xml文件,在其中加入如下任意一段代码...
提高了Manager和Host Manager应用程序的安全性 通用CSRF保护 支持直接在Web应用程序中包含外部内容 重构(连接器,生命周期)和大量的内部代码清理 Apache Tomcat 6.x 的Apache Tomcat 6.x的建立在Tomcat中的5.5.x...
此压缩包为tomcat8利用redis实现session共享所需要的jar包,包含(commons-pool2-2.6.0.jar、jedis-2.9.0.jar、tomcat-redis-session-manager.jar)直接将三个jar包复制Tomcat目录lib下面,在修改conf下context.xml...
适用tomcat7,有三个,直接放到/tomcat/lib下面,修改context.xml,添加两行<Valve className="com.orangefunction.tomcat.redissessions.RedisSessionHandlerValve"/><Manager className=...
6) Host Manager 7) Realms and AAA 8) Security Manager 9) JNDI Resources 10) JDBC DataSources 11) Classloading 12) JSPs 13) SSL/TLS 14) SSI 15) CGI 16) Proxy Support 17) MBeans Descriptors ...
6) Host Manager 7) Realms and AAA 8) Security Manager 9) JNDI Resources 10) JDBC DataSources 11) Classloading 12) JSPs 13) SSL/TLS 14) SSI 15) CGI 16) Proxy Support 17) MBeans Descriptors ...