• (转)Tomcat 7 访问 Manager 和 Host Manager


    配置好 Tomcat 7.0 后,在 tomcat-users.xml 中配置用户角色来访问 localhost:8080 的这样三个按钮总出现问题:

    • Server Status
    • Manager App
    • Host Manager

    要么是三个都不能访问,要么是只能访问其中一个,或者两个。

    后来发现是角色没有添加全,特别是针对第三个按钮“Host Manager”

     

    其实解决点在这样两个症结上:

    • 前两个按钮和manager相关,具体角色名为
      • manager-gui - allows access to the HTML GUI and the status pages
      • manager-script - allows access to the text interface and the status pages
      • manager-jmx - allows access to the JMX proxy and the status pages
      • manager-status - allows access to the status pages only
    • 第三个按钮和admin相关,具体角色名为
      •     admin-gui - allows access to the HTML GUI and the status pages
      •     admin-script - allows access to the text interface and the status pages

    所以在 tomcat-users.xml 如果不注重安全性,只是测试用的话,对应部分可以简单地写成下面这个样子:

    ---------------------------------

      <role rolename="admin"/>
      <role rolename="manager-script"/>
      <role rolename="manager-gui"/>
      <role rolename="manager-jmx"/>
      <role rolename="manager-status"/>
      <role rolename="admin-gui"/>
      <role rolename="admin-script"/>

      <user username="admin" password="admin" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>

    ---------------------------------

     

    很多网页没说到第三个按钮针对的角色。不添加admin-gui和admin-script的话,第三个按钮就会出现访问被拒绝的问题(access denied ....)。

    详细说明可以参考 Tomcat 的文档(http://tomcat.apache.org/migration.html#Manager_application):

     

    Manager application

    The Manager application has been re-structured for Tomcat 7 onwards and some URLs have changed. All URLs used to access the Manager application should now start with one of the following options:

    • <ContextPath>/html for the HTML GUI
    • <ContextPath>/text for the text interface
    • <ContextPath>/jmxproxy for the JMX proxy
    • <ContextPath>/status for the status pages

    Note that the URL for the text interface has changed from "<ContextPath>" to "<ContextPath>/text".

    The roles required to use the Manager application were changed from the singlemanager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.

    • manager-gui - allows access to the HTML GUI and the status pages
    • manager-script - allows access to the text interface and the status pages
    • manager-jmx - allows access to the JMX proxy and the status pages
    • manager-status - allows access to the status pages only

    The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:

    • users with the manager-gui role should not be granted either the manager-script ormanager-jmx roles.
    • if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.

    The roles command has been removed from the Manager application since it did not work with the default configuration and most Realms do not support providing a list of roles.

     

    Host Manager application

    The Host Manager application has been re-structured for Tomcat 7 onwards and some URLs have changed. All URLs used to access the Host Manager application should now start with one of the following options:

    • <ContextPath>/html for the HTML GUI
    • <ContextPath>/text for the text interface

    Note that the URL for the text interface has changed from "<ContextPath>" to "<ContextPath>/text".

    The roles required to use the Host Manager application were changed from the singleadmin role to the following two roles. You will need to assign the role(s) required for the functionality you wish to access.

    • admin-gui - allows access to the HTML GUI and the status pages
    • admin-script - allows access to the text interface and the status pages

    The HTML interface is protected against CSRF but the text interface is not. To maintain the CSRF protection:

    • users with the admin-gui role should not be granted the admin-script role.
    • if the text interface is accessed through a browser (e.g. for testing since this inteface is intended for tools not humans) then the browser must be closed afterwards to terminate the session.
  • 相关阅读:
    策略思维模式
    初学者之心
    《计算机思维》笔记
    通才论
    Shell 脚本中 set ex 命令的作用
    Python—requests模块详解
    SharePoint CSOM 迁移列表项权限
    实践剖析.NET Core如何支持Cookie和JWT混合认证、授权
    面试突击13:方法优先调用可选参数还是固定参数?
    如何构建一个疾病的动物模型? | animal model of disease
  • 原文地址:https://www.cnblogs.com/greywolf/p/3211116.html
Copyright © 2020-2023  润新知