Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 771 | blopes | 1 | <%-- |
| 2 | Licensed to the Apache Software Foundation (ASF) under one or more |
||
| 3 | contributor license agreements. See the NOTICE file distributed with |
||
| 4 | this work for additional information regarding copyright ownership. |
||
| 5 | The ASF licenses this file to You under the Apache License, Version 2.0 |
||
| 6 | (the "License"); you may not use this file except in compliance with |
||
| 7 | the License. You may obtain a copy of the License at |
||
| 8 | |||
| 9 | http://www.apache.org/licenses/LICENSE-2.0 |
||
| 10 | |||
| 11 | Unless required by applicable law or agreed to in writing, software |
||
| 12 | distributed under the License is distributed on an "AS IS" BASIS, |
||
| 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||
| 14 | See the License for the specific language governing permissions and |
||
| 15 | limitations under the License. |
||
| 16 | --%> |
||
| 17 | <%@ page session="false" trimDirectiveWhitespaces="true" %> |
||
| 18 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> |
||
| 19 | <html> |
||
| 20 | <head> |
||
| 21 | <title>403 Access Denied</title> |
||
| 22 | <style type="text/css"> |
||
| 23 | <!-- |
||
| 24 | BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;} |
||
| 25 | H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} |
||
| 26 | PRE, TT {border: 1px dotted #525D76} |
||
| 27 | A {color : black;}A.name {color : black;} |
||
| 28 | --> |
||
| 29 | </style> |
||
| 30 | <link href="<%=request.getContextPath()%>/images/favicon.ico" rel="icon" type="image/x-icon" /> |
||
| 31 | </head> |
||
| 32 | <body> |
||
| 33 | <h1>403 Access Denied</h1> |
||
| 34 | <p> |
||
| 35 | You are not authorized to view this page. |
||
| 36 | </p> |
||
| 37 | <p> |
||
| 38 | By default the Manager is only accessible from a browser running on the |
||
| 39 | same machine as Tomcat. If you wish to modify this restriction, you'll need |
||
| 40 | to edit the Manager's <tt>context.xml</tt> file. |
||
| 41 | </p> |
||
| 42 | <p> |
||
| 43 | If you have already configured the Manager application to allow access and |
||
| 44 | you have used your browsers back button, used a saved book-mark or similar |
||
| 45 | then you may have triggered the cross-site request forgery (CSRF) protection |
||
| 46 | that has been enabled for the HTML interface of the Manager application. You |
||
| 47 | will need to reset this protection by returning to the |
||
| 48 | <a href="<%=request.getContextPath()%>/html">main Manager page</a>. Once you |
||
| 49 | return to this page, you will be able to continue using the Manager |
||
| 50 | application's HTML interface normally. If you continue to see this access |
||
| 51 | denied message, check that you have the necessary permissions to access this |
||
| 52 | application. |
||
| 53 | </p> |
||
| 54 | <p> |
||
| 55 | If you have not changed |
||
| 56 | any configuration files, please examine the file |
||
| 57 | <tt>conf/tomcat-users.xml</tt> in your installation. That |
||
| 58 | file must contain the credentials to let you use this webapp. |
||
| 59 | </p> |
||
| 60 | <p> |
||
| 61 | For example, to add the <tt>manager-gui</tt> role to a user named |
||
| 62 | <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the |
||
| 63 | config file listed above. |
||
| 64 | </p> |
||
| 65 | <pre> |
||
| 66 | <role rolename="manager-gui"/> |
||
| 67 | <user username="tomcat" password="s3cret" roles="manager-gui"/> |
||
| 68 | </pre> |
||
| 69 | <p> |
||
| 70 | Note that for Tomcat 7 onwards, the roles required to use the manager |
||
| 71 | application were changed from the single <tt>manager</tt> role to the |
||
| 72 | following four roles. You will need to assign the role(s) required for |
||
| 73 | the functionality you wish to access. |
||
| 74 | </p> |
||
| 75 | <ul> |
||
| 76 | <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status |
||
| 77 | pages</li> |
||
| 78 | <li><tt>manager-script</tt> - allows access to the text interface and the |
||
| 79 | status pages</li> |
||
| 80 | <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status |
||
| 81 | pages</li> |
||
| 82 | <li><tt>manager-status</tt> - allows access to the status pages only</li> |
||
| 83 | </ul> |
||
| 84 | <p> |
||
| 85 | The HTML interface is protected against CSRF but the text and JMX interfaces |
||
| 86 | are not. To maintain the CSRF protection: |
||
| 87 | </p> |
||
| 88 | <ul> |
||
| 89 | <li>Users with the <tt>manager-gui</tt> role should not be granted either |
||
| 90 | the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li> |
||
| 91 | <li>If the text or jmx interfaces are accessed through a browser (e.g. for |
||
| 92 | testing since these interfaces are intended for tools not humans) then |
||
| 93 | the browser must be closed afterwards to terminate the session.</li> |
||
| 94 | </ul> |
||
| 95 | <p> |
||
| 96 | For more information - please see the |
||
| 97 | <a href="/docs/manager-howto.html" rel="noopener noreferrer">Manager App How-To</a>. |
||
| 98 | </p> |
||
| 99 | </body> |
||
| 100 | |||
| 101 | </html> |