Tomcat的安装好了之后,会默认带几个web应用程序,默认会提供host-manager和manager的管理界面。
但是如果直接访问http://127.0.0.1:11000/manager/status则会被拒绝(我的端口设置的是11000)。
设置本地能访问则只需要修改tomcat安装目录下conf/tomcat-users.xml文件,添加代码如下
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary. It is
strongly recommended that you do NOT use one of the users in the commented out
section below since they are intended for use with the examples web
application.
-->
<!--
NOTE: The sample user and role entries below are intended for use with the
examples web application. They are wrapped in a comment and thus are ignored
when reading this file. If you wish to configure these users for use with the
examples web application, do not forget to remove the <!.. ..> that surrounds
them. You will also need to set the passwords to something appropriate.
-->
<!-- 修改前原代码开始位置 -->
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
<user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
<user username="role1" password="<must-be-changed>" roles="role1"/>
-->
<!-- 修改前原代码结束位置 -->
<!-- 添加代码开始位置,设置登陆的用户名和密码,以及权限 -->
<role rolename ="manager-gui"/>
<role rolename ="manager-status"/>
<role rolename ="manager-script"/>
<user username ="Tomcat-manager" password ="manager" roles ="manager-gui,manager-status,manager-script"/>
<!-- 添加代码结束位置 -->
</tomcat-users>
tomcat已经设置了4个特殊的角色
manager-gui - 访问HTML界面。
manager-status - 只能访问“服务器状态”页面。
manager-script - 这个权限是指可以执行url命令后面会演示
manager-jmx - 访问JMX代理接口并访问“服务器状态”页面。
保存修改的文件,重新启动tomcat,再次在浏览器中打开http://127.0.0.1:11000/manager/status,登录弹窗中输入账号密码即可进入。
成功进入页面
若想远程能连接,还需要去修改tomcat安装目录下的webapps/manager/META-INF/context.xml文件,注释掉value里内容即可。如下图
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
改为
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
保存文件,重启tomcat,输入对应的ip(或域名)+端口访问,输入账户、密码进入。
若只是单个或某段ip能访问,则修改tomcat安装目录下的webapps/manager/META-INF/context.xml文件,在context-value的allow后面追加ip即可。
<Context antiResourceLocking="false" privileged="true" >
<!-- 加单个ip 192.168.101.186 -->
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.101\.186" />
<!-- 加号段ip 192.168.101.0 - 255
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.168\.101\.\d+ " />
-->
</Context>