Question
访问Tomcat的192.168.100.90:8080/manager/status
页面出现了403页面,页面提示如下所示。
401 Unauthorized
You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>
Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles.
If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
For more information - please see the Manager App HOW-TO.
Solution
这里的问题主要有2种:
- 没有设置角色与用户。
- 地址绑定,只允许以某些地址进行访问。
- 设置角色与用户
访问conf/tomcatt_user.xml
,在其内添加如下的数据类型。
<role rolename="admin"/>
<role rolename="analyst"/>
<role rolename="manager-gui"/>
<user username="tomcat" password="tomcat" roles="manager-gui,admin,analyst"/>
</tomcat-users>
- 地址绑定
修改apache-tomcat-8.5.5/webapps/manager/META-INF
目录下的context.xml
文件,注释这段代码。
<Context antiResourceLocking="false" privileged="true" >
<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
Reference
[1] Manager App HOW-TO
[2] 简述Tomcat的日志系统
[3] Tomcat8访问管理页面localhost出现:403 Access Denied
[4] tomcat管理页面403 Access Denied的解决方法