1.配置访问Tomcat Manager的用户及相关权限
linux下安装tomcat(本文为tomcat8.5),安装后启动tomcat,访问http://192.168.28.132:8080查看是否安装启动成功
接下来我们访问:http://192.168.28.132:8080/manager/html,这个时候由于我们并未使用含有相关权限的用户登陆,系统会禁止用户访问该地址
我们需要先去tomcat配置相关用户及权限
在tomcat conf目录下的tomcat-users.xml文件内添加如下配置
<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user name="tomcat" password="tomcat" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" />
配置成功后,重启tomcat重新访问,理论上应该是由登陆框弹出,使用配置的用户名及密码及可以进入,但由于本人使用了tomcat8.5版本,
系统居然依旧无法访问,并且报如下错误
403 Access Denied
You are not authorized to view this page.
If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction’s HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.
If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages manager-script - allows access to the text interface and the status pages manager-jmx - allows access to the JMX proxy and the status pages manager-status - allows access to the status pages only The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
最后解决方法是:修改webapps/manager/META-INF/context.xml配置文件
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.28.*" /> <!--##这里添加你的ip或网段,可以使用正则-->
<Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>
修改后,重启tomcat,再次访问地址 http://192.168.28.132:8080/manager/html
2.maven项目中配置tomcat插件
<build>
<!-- 配置插件 -->
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<configuration>
<!--端口号 -->
<port>8080</port>
<!-- 根目录 -->
<path>/</path>
<!--tomcat7 热部署配置,注意:tomcat6熱部署url為:http://192.168.28.132:8080/manager -->
<url>http://192.168.28.132:8080/manager/text</url>
<username>tomcat</username>
<password>tomcat</password>
</configuration>
</plugin>
</plugins>
</build>
3.部署命令
初次部署:deploy
非初次部署:redeploy
部署成功如下: