| <?xml version="1.0" encoding="ISO-8859-1"?> | |
| <!-- | |
| Licensed to the Apache Software Foundation (ASF) under one or more | |
| contributor license agreements. See the NOTICE file distributed with | |
| this work for additional information regarding copyright ownership. | |
| The ASF licenses this file to You under the Apache License, Version 2.0 | |
| (the "License"); you may not use this file except in compliance with | |
| the License. You may obtain a copy of the License at | |
| http://www.apache.org/licenses/LICENSE-2.0 | |
| Unless required by applicable law or agreed to in writing, software | |
| distributed under the License is distributed on an "AS IS" BASIS, | |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| See the License for the specific language governing permissions and | |
| limitations under the License. | |
| --> | |
| <web-app xmlns="http://java.sun.com/xml/ns/javaee" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" | |
| version="2.5"> | |
| <display-name>Tomcat Manager Application</display-name> | |
| <description> | |
| A scriptable management web application for the Tomcat Web Server; | |
| Manager lets you view, load/unload/etc particular web applications. | |
| </description> | |
| <servlet> | |
| <servlet-name>HostManager</servlet-name> | |
| <servlet-class>org.apache.catalina.manager.host.HostManagerServlet</servlet-class> | |
| <init-param> | |
| <param-name>debug</param-name> | |
| <param-value>2</param-value> | |
| </init-param> | |
| </servlet> | |
| <servlet> | |
| <servlet-name>HTMLHostManager</servlet-name> | |
| <servlet-class>org.apache.catalina.manager.host.HTMLHostManagerServlet</servlet-class> | |
| <init-param> | |
| <param-name>debug</param-name> | |
| <param-value>2</param-value> | |
| </init-param> | |
| </servlet> | |
| <!-- Define the Manager Servlet Mapping --> | |
| <servlet-mapping> | |
| <servlet-name>HostManager</servlet-name> | |
| <url-pattern>/list</url-pattern> | |
| </servlet-mapping> | |
| <servlet-mapping> | |
| <servlet-name>HostManager</servlet-name> | |
| <url-pattern>/add</url-pattern> | |
| </servlet-mapping> | |
| <servlet-mapping> | |
| <servlet-name>HostManager</servlet-name> | |
| <url-pattern>/remove</url-pattern> | |
| </servlet-mapping> | |
| <servlet-mapping> | |
| <servlet-name>HostManager</servlet-name> | |
| <url-pattern>/start</url-pattern> | |
| </servlet-mapping> | |
| <servlet-mapping> | |
| <servlet-name>HostManager</servlet-name> | |
| <url-pattern>/stop</url-pattern> | |
| </servlet-mapping> | |
| <servlet-mapping> | |
| <servlet-name>HTMLHostManager</servlet-name> | |
| <url-pattern>/html/*</url-pattern> | |
| </servlet-mapping> | |
| <filter> | |
| <filter-name>CSRF</filter-name> | |
| <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> | |
| <init-param> | |
| <param-name>entryPoints</param-name> | |
| <param-value>/html,/html/list</param-value> | |
| </init-param> | |
| </filter> | |
| <filter-mapping> | |
| <filter-name>CSRF</filter-name> | |
| <servlet-name>HTMLHostManager</servlet-name> | |
| </filter-mapping> | |
| <!-- Define a Security Constraint on this Application --> | |
| <security-constraint> | |
| <web-resource-collection> | |
| <web-resource-name>HostManager commands</web-resource-name> | |
| <url-pattern>/list</url-pattern> | |
| <url-pattern>/add</url-pattern> | |
| <url-pattern>/remove</url-pattern> | |
| <url-pattern>/start</url-pattern> | |
| <url-pattern>/stop</url-pattern> | |
| </web-resource-collection> | |
| <auth-constraint> | |
| <!-- NOTE: 1. These roles are not present in the default users file | |
| 2. The admin role is deprecated, it will be removed in | |
| Tomcat 7. | |
| 3. Use the admin-script role to take advantage of the new | |
| CSRF protection. Using the admin role or assigning both | |
| the admin-script and admin-gui roles to the same user | |
| will bypass the CSRF protection. --> | |
| <role-name>admin</role-name> | |
| <role-name>admin-script</role-name> | |
| </auth-constraint> | |
| </security-constraint> | |
| <security-constraint> | |
| <web-resource-collection> | |
| <web-resource-name>HTMLHostManager commands</web-resource-name> | |
| <url-pattern>/html/*</url-pattern> | |
| </web-resource-collection> | |
| <auth-constraint> | |
| <!-- NOTE: 1. These roles are not present in the default users file | |
| 2. The admin role is deprecated, it will be removed in | |
| Tomcat 7. | |
| 3. Use the admin-gui role to take advantage of the new | |
| CSRF protection. Using the admin role or assigning both | |
| the admin-script and admin-gui roles to the same user | |
| will bypass the CSRF protection. --> | |
| <role-name>admin</role-name> | |
| <role-name>admin-gui</role-name> | |
| </auth-constraint> | |
| </security-constraint> | |
| <!-- Define the Login Configuration for this Application --> | |
| <login-config> | |
| <auth-method>BASIC</auth-method> | |
| <realm-name>Tomcat Host Manager Application</realm-name> | |
| </login-config> | |
| <!-- Security roles referenced by this web application --> | |
| <security-role> | |
| <description> | |
| The role that is required to access the text Host Manager pages | |
| </description> | |
| <role-name>admin-script</role-name> | |
| </security-role> | |
| <security-role> | |
| <description> | |
| The role that is required to access the HTML Host Manager pages | |
| </description> | |
| <role-name>admin-gui</role-name> | |
| </security-role> | |
| <security-role> | |
| <description> | |
| Deprecated role that can access all Host Manager functionality | |
| </description> | |
| <role-name>admin</role-name> | |
| </security-role> | |
| <error-page> | |
| <error-code>401</error-code> | |
| <location>/WEB-INF/jsp/401.jsp</location> | |
| </error-page> | |
| <error-page> | |
| <error-code>403</error-code> | |
| <location>/WEB-INF/jsp/403.jsp</location> | |
| </error-page> | |
| </web-app> |