升级Tomcat版本 apache-tomcat-7.0.77
diff --git a/tomcat-uid/webapps/host-manager/WEB-INF/jsp/401.jsp b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/401.jsp
index c71c9ea..6b0e501 100644
--- a/tomcat-uid/webapps/host-manager/WEB-INF/jsp/401.jsp
+++ b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/401.jsp
@@ -14,6 +14,7 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
@@ -45,8 +46,8 @@
<user username="tomcat" password="s3cret" roles="admin-gui"/>
</pre>
<p>
- Note that for Tomcat 6.0.30 onwards, the roles required to use the host
- manager application were changed from the single <tt>admin</tt> role to the
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single <tt>admin</tt> role to the
following two roles. You will need to assign the role(s) required for
the functionality you wish to access.
</p>
@@ -59,8 +60,6 @@
To maintain the CSRF protection:
</p>
<ul>
- <li>The deprecated <tt>admin</tt> role should not be assigned to any
- user.</li>
<li>Users with the <tt>admin-gui</tt> role should not be granted the
<tt>admin-script</tt> role.</li>
<li>If the text interface is accessed through a browser (e.g. for testing
diff --git a/tomcat-uid/webapps/host-manager/WEB-INF/jsp/403.jsp b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/403.jsp
index 569bd29..c87aeb1 100644
--- a/tomcat-uid/webapps/host-manager/WEB-INF/jsp/403.jsp
+++ b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/403.jsp
@@ -14,6 +14,7 @@
See the License for the specific language governing permissions and
limitations under the License.
--%>
+<%@ page session="false" trimDirectiveWhitespaces="true" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
@@ -34,13 +35,13 @@
</p>
<p>
If you have already configured the Host Manager application to allow access
- and you have used your browser's back button, used a saved book-mark or
+ and you have used your browsers back button, used a saved book-mark or
similar then you may have triggered the cross-site request forgery (CSRF)
protection that has been enabled for the HTML interface of the Host Manager
- application. You will need to reset this protection by returning to the
+ application. You will need to reset this protection by returning to the
<a href="<%=request.getContextPath()%>/html">main Host Manager page</a>.
Once you return to this page, you will be able to continue using the Host
- Manager appliction's HTML interface normally. If you continue to see this
+ Manager application's HTML interface normally. If you continue to see this
access denied message, check that you have the necessary permissions to
access this application.
</p>
@@ -59,11 +60,10 @@
<user username="tomcat" password="s3cret" roles="admin-gui"/>
</pre>
<p>
- Note that for Tomcat 6.0.30 onwards, the roles required to use the host
- manager application were changed from the single <tt>admin</tt> role to the
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single <tt>admin</tt> role to the
following two roles. You will need to assign the role(s) required for
- the functionality you wish to access. Note the <tt>admin</tt> role is still
- valid but by-passes the CSRF protection.
+ the functionality you wish to access.
</p>
<ul>
<li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
@@ -74,8 +74,6 @@
To maintain the CSRF protection:
</p>
<ul>
- <li>The deprecated <tt>admin</tt> role should not be assigned to any
- user.</li>
<li>Users with the <tt>admin-gui</tt> role should not be granted the
<tt>admin-script</tt> role.</li>
<li>If the text interface is accessed through a browser (e.g. for testing
diff --git a/tomcat-uid/webapps/host-manager/WEB-INF/jsp/404.jsp b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/404.jsp
new file mode 100644
index 0000000..8b80150
--- /dev/null
+++ b/tomcat-uid/webapps/host-manager/WEB-INF/jsp/404.jsp
@@ -0,0 +1,62 @@
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page import="org.apache.catalina.util.RequestUtil" session="false"
+ trimDirectiveWhitespaces="true" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>404 Not found</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>404 Not found</h1>
+ <p>
+ The page you tried to access
+ (<%=RequestUtil.filter((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+ </p>
+ <p>
+ The Host Manager application has been re-structured for Tomcat 7 onwards and
+ some URLs have changed. All URLs used to access the Manager application
+ should now start with one of the following options:
+ </p>
+ <ul>
+ <li><%=request.getContextPath()%>/html for the HTML GUI</li>
+ <li><%=request.getContextPath()%>/text for the text interface</li>
+ </ul>
+ <p>
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+ </p>
+ <p>
+ You probably need to adjust the URL you are using to access the Host Manager
+ application. However, there is always a chance you have found a bug in the
+ Host Manager application. If you are sure you have found a bug, and that the
+ bug has not already been reported, please report it to the Apache Tomcat
+ team.
+ </p>
+ </body>
+</html>
diff --git a/tomcat-uid/webapps/host-manager/WEB-INF/web.xml b/tomcat-uid/webapps/host-manager/WEB-INF/web.xml
index 101b463..01716c8 100644
--- a/tomcat-uid/webapps/host-manager/WEB-INF/web.xml
+++ b/tomcat-uid/webapps/host-manager/WEB-INF/web.xml
@@ -17,14 +17,16 @@
-->
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- version="2.5">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0"
+ metadata-complete="true">
- <display-name>Tomcat Manager Application</display-name>
+ <display-name>Tomcat Host Manager Application</display-name>
<description>
- A scriptable management web application for the Tomcat Web Server;
- Manager lets you view, load/unload/etc particular web applications.
+ A scriptable host management web application for the Tomcat Web Server;
+ Manager lets you view, create and remove virtual hosts.
</description>
<servlet>
@@ -44,38 +46,26 @@
</init-param>
</servlet>
- <!-- Define the Manager Servlet Mapping -->
- <servlet-mapping>
- <servlet-name>HostManager</servlet-name>
- <url-pattern>/list</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>HostManager</servlet-name>
- <url-pattern>/add</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>HostManager</servlet-name>
- <url-pattern>/remove</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>HostManager</servlet-name>
- <url-pattern>/start</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>HostManager</servlet-name>
- <url-pattern>/stop</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>HTMLHostManager</servlet-name>
- <url-pattern>/html/*</url-pattern>
- </servlet-mapping>
+ <filter>
+ <filter-name>SetCharacterEncoding</filter-name>
+ <filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
+ <init-param>
+ <param-name>encoding</param-name>
+ <param-value>UTF-8</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SetCharacterEncoding</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<filter>
<filter-name>CSRF</filter-name>
<filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
<init-param>
<param-name>entryPoints</param-name>
- <param-value>/html,/html/list</param-value>
+ <param-value>/html,/html/,/html/list,/index.jsp</param-value>
</init-param>
</filter>
@@ -84,43 +74,34 @@
<servlet-name>HTMLHostManager</servlet-name>
</filter-mapping>
+ <!-- Define the Manager Servlet Mapping -->
+ <servlet-mapping>
+ <servlet-name>HostManager</servlet-name>
+ <url-pattern>/text/*</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>HTMLHostManager</servlet-name>
+ <url-pattern>/html/*</url-pattern>
+ </servlet-mapping>
+
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HostManager commands</web-resource-name>
- <url-pattern>/list</url-pattern>
- <url-pattern>/add</url-pattern>
- <url-pattern>/remove</url-pattern>
- <url-pattern>/start</url-pattern>
- <url-pattern>/stop</url-pattern>
+ <url-pattern>/text/*</url-pattern>
</web-resource-collection>
<auth-constraint>
- <!-- NOTE: 1. These roles are not present in the default users file
- 2. The admin role is deprecated, it will be removed in
- Tomcat 7.
- 3. Use the admin-script role to take advantage of the new
- CSRF protection. Using the admin role or assigning both
- the admin-script and admin-gui roles to the same user
- will bypass the CSRF protection. -->
- <role-name>admin</role-name>
+ <!-- NOTE: This role is not present in the default users file -->
<role-name>admin-script</role-name>
</auth-constraint>
</security-constraint>
-
<security-constraint>
<web-resource-collection>
<web-resource-name>HTMLHostManager commands</web-resource-name>
<url-pattern>/html/*</url-pattern>
</web-resource-collection>
<auth-constraint>
- <!-- NOTE: 1. These roles are not present in the default users file
- 2. The admin role is deprecated, it will be removed in
- Tomcat 7.
- 3. Use the admin-gui role to take advantage of the new
- CSRF protection. Using the admin role or assigning both
- the admin-script and admin-gui roles to the same user
- will bypass the CSRF protection. -->
- <role-name>admin</role-name>
+ <!-- NOTE: This role is not present in the default users file -->
<role-name>admin-gui</role-name>
</auth-constraint>
</security-constraint>
@@ -134,21 +115,17 @@
<!-- Security roles referenced by this web application -->
<security-role>
<description>
- The role that is required to access the text Host Manager pages
- </description>
- <role-name>admin-script</role-name>
- </security-role>
- <security-role>
- <description>
- The role that is required to access the HTML Host Manager pages
+ The role that is required to log in to the Host Manager Application HTML
+ interface
</description>
<role-name>admin-gui</role-name>
</security-role>
<security-role>
<description>
- Deprecated role that can access all Host Manager functionality
+ The role that is required to log in to the Host Manager Application text
+ interface
</description>
- <role-name>admin</role-name>
+ <role-name>admin-script</role-name>
</security-role>
<error-page>
@@ -159,5 +136,9 @@
<error-code>403</error-code>
<location>/WEB-INF/jsp/403.jsp</location>
</error-page>
+ <error-page>
+ <error-code>404</error-code>
+ <location>/WEB-INF/jsp/404.jsp</location>
+ </error-page>
</web-app>