升级Tomcat版本 apache-tomcat-7.0.77
diff --git a/tomcat-cas/webapps/manager/WEB-INF/jsp/403.jsp b/tomcat-cas/webapps/manager/WEB-INF/jsp/403.jsp
index 3f3513d..f626814 100644
--- a/tomcat-cas/webapps/manager/WEB-INF/jsp/403.jsp
+++ b/tomcat-cas/webapps/manager/WEB-INF/jsp/403.jsp
@@ -14,6 +14,7 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
@@ -34,13 +35,13 @@
</p>
<p>
If you have already configured the Manager application to allow access and
- you have used your browser's back button, used a saved book-mark or similar
+ you have used your browsers back button, used a saved book-mark or similar
then you may have triggered the cross-site request forgery (CSRF) protection
that has been enabled for the HTML interface of the Manager application. You
- will need to reset this protection by returning to the
+ will need to reset this protection by returning to the
<a href="<%=request.getContextPath()%>/html">main Manager page</a>. Once you
return to this page, you will be able to continue using the Manager
- appliction's HTML interface normally. If you continue to see this access
+ application's HTML interface normally. If you continue to see this access
denied message, check that you have the necessary permissions to access this
application.
</p>
@@ -60,11 +61,10 @@
<user username="tomcat" password="s3cret" roles="manager-gui"/>
</pre>
<p>
- Note that for Tomcat 6.0.30 onwards, the roles required to use the manager
- application were changed from the single <tt>manager</tt> role to add the
- following four roles. (The manager role is still available but should not be
- used as it avoids the CSRF protection). You will need to assign the role(s)
- required for the functionality you wish to access.
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single <tt>manager</tt> role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
</p>
<ul>
<li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
@@ -80,11 +80,11 @@
are not. To maintain the CSRF protection:
</p>
<ul>
- <li>users with the <tt>manager-gui</tt> role should not be granted either
+ <li>Users with the <tt>manager-gui</tt> role should not be granted either
the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
- <li>if the text or jmx interfaces are accessed through a browser (e.g. for
- testing since these interfaces are intended for tools not humans) then
- the browser must be closed afterwards to terminate the session.</li>
+ <li>If the text or jmx interfaces are accessed through a browser (e.g. for
+ testing since these interfaces are intended for tools not humans) then
+ the browser must be closed afterwards to terminate the session.</li>
</ul>
<p>
For more information - please see the