| Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 1 | <?xml version="1.0" encoding="ISO-8859-1"?>
|
| 2 | <!--
|
| 3 | Licensed to the Apache Software Foundation (ASF) under one or more
|
| 4 | contributor license agreements. See the NOTICE file distributed with
|
| 5 | this work for additional information regarding copyright ownership.
|
| 6 | The ASF licenses this file to You under the Apache License, Version 2.0
|
| 7 | (the "License"); you may not use this file except in compliance with
|
| 8 | the License. You may obtain a copy of the License at
|
| 9 |
|
| 10 | http://www.apache.org/licenses/LICENSE-2.0
|
| 11 |
|
| 12 | Unless required by applicable law or agreed to in writing, software
|
| 13 | distributed under the License is distributed on an "AS IS" BASIS,
|
| 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 15 | See the License for the specific language governing permissions and
|
| 16 | limitations under the License.
|
| 17 | -->
|
| 18 |
|
| 19 | <web-app xmlns="http://java.sun.com/xml/ns/javaee"
|
| 20 | xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
| 21 | xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
|
| 22 | version="2.5">
|
| 23 |
|
| 24 | <display-name>Tomcat Manager Application</display-name>
|
| 25 | <description>
|
| 26 | A scriptable management web application for the Tomcat Web Server;
|
| 27 | Manager lets you view, load/unload/etc particular web applications.
|
| 28 | </description>
|
| 29 |
|
| 30 | <servlet>
|
| 31 | <servlet-name>Manager</servlet-name>
|
| 32 | <servlet-class>org.apache.catalina.manager.ManagerServlet</servlet-class>
|
| 33 | <init-param>
|
| 34 | <param-name>debug</param-name>
|
| 35 | <param-value>2</param-value>
|
| 36 | </init-param>
|
| 37 | </servlet>
|
| 38 | <servlet>
|
| 39 | <servlet-name>HTMLManager</servlet-name>
|
| 40 | <servlet-class>org.apache.catalina.manager.HTMLManagerServlet</servlet-class>
|
| 41 | <init-param>
|
| 42 | <param-name>debug</param-name>
|
| 43 | <param-value>2</param-value>
|
| 44 | </init-param>
|
| 45 | </servlet>
|
| 46 | <servlet>
|
| 47 | <servlet-name>Status</servlet-name>
|
| 48 | <servlet-class>org.apache.catalina.manager.StatusManagerServlet</servlet-class>
|
| 49 | <init-param>
|
| 50 | <param-name>debug</param-name>
|
| 51 | <param-value>0</param-value>
|
| 52 | </init-param>
|
| 53 | </servlet>
|
| 54 |
|
| 55 | <servlet>
|
| 56 | <servlet-name>JMXProxy</servlet-name>
|
| 57 | <servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class>
|
| 58 | </servlet>
|
| 59 |
|
| 60 | <!-- Define the Manager Servlet Mapping -->
|
| 61 | <servlet-mapping>
|
| 62 | <servlet-name>Manager</servlet-name>
|
| 63 | <url-pattern>/list</url-pattern>
|
| 64 | </servlet-mapping>
|
| 65 | <servlet-mapping>
|
| 66 | <servlet-name>Manager</servlet-name>
|
| 67 | <url-pattern>/expire</url-pattern>
|
| 68 | </servlet-mapping>
|
| 69 | <servlet-mapping>
|
| 70 | <servlet-name>Manager</servlet-name>
|
| 71 | <url-pattern>/sessions</url-pattern>
|
| 72 | </servlet-mapping>
|
| 73 | <servlet-mapping>
|
| 74 | <servlet-name>Manager</servlet-name>
|
| 75 | <url-pattern>/start</url-pattern>
|
| 76 | </servlet-mapping>
|
| 77 | <servlet-mapping>
|
| 78 | <servlet-name>Manager</servlet-name>
|
| 79 | <url-pattern>/stop</url-pattern>
|
| 80 | </servlet-mapping>
|
| 81 | <servlet-mapping>
|
| 82 | <servlet-name>Manager</servlet-name>
|
| 83 | <url-pattern>/install</url-pattern>
|
| 84 | </servlet-mapping>
|
| 85 | <servlet-mapping>
|
| 86 | <servlet-name>Manager</servlet-name>
|
| 87 | <url-pattern>/remove</url-pattern>
|
| 88 | </servlet-mapping>
|
| 89 | <servlet-mapping>
|
| 90 | <servlet-name>Manager</servlet-name>
|
| 91 | <url-pattern>/deploy</url-pattern>
|
| 92 | </servlet-mapping>
|
| 93 | <servlet-mapping>
|
| 94 | <servlet-name>Manager</servlet-name>
|
| 95 | <url-pattern>/undeploy</url-pattern>
|
| 96 | </servlet-mapping>
|
| 97 | <servlet-mapping>
|
| 98 | <servlet-name>Manager</servlet-name>
|
| 99 | <url-pattern>/reload</url-pattern>
|
| 100 | </servlet-mapping>
|
| 101 | <servlet-mapping>
|
| 102 | <servlet-name>Manager</servlet-name>
|
| 103 | <url-pattern>/save</url-pattern>
|
| 104 | </servlet-mapping>
|
| 105 | <servlet-mapping>
|
| 106 | <servlet-name>Manager</servlet-name>
|
| 107 | <url-pattern>/serverinfo</url-pattern>
|
| 108 | </servlet-mapping>
|
| 109 | <servlet-mapping>
|
| 110 | <servlet-name>Manager</servlet-name>
|
| 111 | <url-pattern>/roles</url-pattern>
|
| 112 | </servlet-mapping>
|
| 113 | <servlet-mapping>
|
| 114 | <servlet-name>Manager</servlet-name>
|
| 115 | <url-pattern>/resources</url-pattern>
|
| 116 | </servlet-mapping>
|
| 117 | <servlet-mapping>
|
| 118 | <servlet-name>Manager</servlet-name>
|
| 119 | <url-pattern>/findleaks</url-pattern>
|
| 120 | </servlet-mapping>
|
| 121 | <servlet-mapping>
|
| 122 | <servlet-name>Status</servlet-name>
|
| 123 | <url-pattern>/status/*</url-pattern>
|
| 124 | </servlet-mapping>
|
| 125 | <servlet-mapping>
|
| 126 | <servlet-name>JMXProxy</servlet-name>
|
| 127 | <url-pattern>/jmxproxy/*</url-pattern>
|
| 128 | </servlet-mapping>
|
| 129 | <servlet-mapping>
|
| 130 | <servlet-name>HTMLManager</servlet-name>
|
| 131 | <url-pattern>/html/*</url-pattern>
|
| 132 | </servlet-mapping>
|
| 133 |
|
| 134 | <filter>
|
| 135 | <filter-name>CSRF</filter-name>
|
| 136 | <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
|
| 137 | <init-param>
|
| 138 | <param-name>entryPoints</param-name>
|
| 139 | <param-value>/html,/html/,/html/list</param-value>
|
| 140 | </init-param>
|
| 141 | </filter>
|
| 142 |
|
| 143 | <filter-mapping>
|
| 144 | <filter-name>CSRF</filter-name>
|
| 145 | <servlet-name>HTMLManager</servlet-name>
|
| 146 | </filter-mapping>
|
| 147 |
|
| 148 | <!-- Define reference to the user database for looking up roles -->
|
| 149 | <resource-env-ref>
|
| 150 | <description>
|
| 151 | Link to the UserDatabase instance from which we request lists of
|
| 152 | defined role names. Typically, this will be connected to the global
|
| 153 | user database with a ResourceLink element in server.xml or the context
|
| 154 | configuration file for the Manager web application.
|
| 155 | </description>
|
| 156 | <resource-env-ref-name>users</resource-env-ref-name>
|
| 157 | <resource-env-ref-type>
|
| 158 | org.apache.catalina.UserDatabase
|
| 159 | </resource-env-ref-type>
|
| 160 | </resource-env-ref>
|
| 161 |
|
| 162 | <!-- Define a Security Constraint on this Application -->
|
| 163 | <security-constraint>
|
| 164 | <web-resource-collection>
|
| 165 | <web-resource-name>Manager commands</web-resource-name>
|
| 166 | <url-pattern>/list</url-pattern>
|
| 167 | <url-pattern>/expire</url-pattern>
|
| 168 | <url-pattern>/sessions</url-pattern>
|
| 169 | <url-pattern>/start</url-pattern>
|
| 170 | <url-pattern>/stop</url-pattern>
|
| 171 | <url-pattern>/install</url-pattern>
|
| 172 | <url-pattern>/remove</url-pattern>
|
| 173 | <url-pattern>/deploy</url-pattern>
|
| 174 | <url-pattern>/undeploy</url-pattern>
|
| 175 | <url-pattern>/reload</url-pattern>
|
| 176 | <url-pattern>/save</url-pattern>
|
| 177 | <url-pattern>/serverinfo</url-pattern>
|
| 178 | <url-pattern>/roles</url-pattern>
|
| 179 | <url-pattern>/resources</url-pattern>
|
| 180 | <url-pattern>/findleaks</url-pattern>
|
| 181 | </web-resource-collection>
|
| 182 | <auth-constraint>
|
| 183 | <!-- NOTE: 1. These roles are not present in the default users file
|
| 184 | 2. The manager role is deprecated, it will be removed in
|
| 185 | Tomcat 7.
|
| 186 | 3. Use the manager-script role to take advantage of the new
|
| 187 | CSRF protection. Using the manager role or assigning both
|
| 188 | the manager-script and manager-gui roles to the same user
|
| 189 | will bypass the CSRF protection. -->
|
| 190 | <role-name>manager-script</role-name>
|
| 191 | <role-name>manager</role-name>
|
| 192 | </auth-constraint>
|
| 193 | </security-constraint>
|
| 194 |
|
| 195 | <security-constraint>
|
| 196 | <web-resource-collection>
|
| 197 | <web-resource-name>HTML Manager commands</web-resource-name>
|
| 198 | <url-pattern>/html/*</url-pattern>
|
| 199 | </web-resource-collection>
|
| 200 | <auth-constraint>
|
| 201 | <!-- NOTE: 1. These roles are not present in the default users file
|
| 202 | 2. The manager role is deprecated, it will be removed in
|
| 203 | Tomcat 7.
|
| 204 | 3. Use just the manager-gui role to take advantage of the new
|
| 205 | CSRF protection. Assigning the manager role or manager-gui
|
| 206 | role along with either the manager-script or manager-jmx
|
| 207 | roles to the same user will bypass the CSRF protection. -->
|
| 208 | <role-name>manager-gui</role-name>
|
| 209 | <role-name>manager</role-name>
|
| 210 | </auth-constraint>
|
| 211 | </security-constraint>
|
| 212 |
|
| 213 | <security-constraint>
|
| 214 | <web-resource-collection>
|
| 215 | <web-resource-name>JMX proxy</web-resource-name>
|
| 216 | <url-pattern>/jmxproxy/*</url-pattern>
|
| 217 | </web-resource-collection>
|
| 218 | <auth-constraint>
|
| 219 | <!-- NOTE: 1. These roles are not present in the default users file
|
| 220 | 2. The manager role is deprecated, it will be removed in
|
| 221 | Tomcat 7.
|
| 222 | 3. Use the manager-jmx role to take advantage of the new
|
| 223 | CSRF protection. Using the manager role or assigning both
|
| 224 | the manager-jmx and manager-gui roles to the same user
|
| 225 | will bypass the CSRF protection. -->
|
| 226 | <role-name>manager-jmx</role-name>
|
| 227 | <role-name>manager</role-name>
|
| 228 | </auth-constraint>
|
| 229 | </security-constraint>
|
| 230 |
|
| 231 | <security-constraint>
|
| 232 | <web-resource-collection>
|
| 233 | <web-resource-name>Status</web-resource-name>
|
| 234 | <url-pattern>/status/*</url-pattern>
|
| 235 | </web-resource-collection>
|
| 236 | <auth-constraint>
|
| 237 | <!-- NOTE: 1. These roles are not present in the default users file
|
| 238 | 2. The manager role is deprecated, it will be removed in
|
| 239 | Tomcat 7. -->
|
| 240 | <role-name>manager-status</role-name>
|
| 241 | <role-name>manager-gui</role-name>
|
| 242 | <role-name>manager-script</role-name>
|
| 243 | <role-name>manager-jmx</role-name>
|
| 244 | <role-name>manager</role-name>
|
| 245 | </auth-constraint>
|
| 246 | </security-constraint>
|
| 247 |
|
| 248 |
|
| 249 | <!-- Define the Login Configuration for this Application -->
|
| 250 | <login-config>
|
| 251 | <auth-method>BASIC</auth-method>
|
| 252 | <realm-name>Tomcat Manager Application</realm-name>
|
| 253 | </login-config>
|
| 254 |
|
| 255 | <!-- Security roles referenced by this web application -->
|
| 256 | <security-role>
|
| 257 | <description>
|
| 258 | The role that is required to access the HTML Manager pages
|
| 259 | </description>
|
| 260 | <role-name>manager-gui</role-name>
|
| 261 | </security-role>
|
| 262 | <security-role>
|
| 263 | <description>
|
| 264 | The role that is required to access the text Manager pages
|
| 265 | </description>
|
| 266 | <role-name>manager-script</role-name>
|
| 267 | </security-role>
|
| 268 | <security-role>
|
| 269 | <description>
|
| 270 | The role that is required to access the HTML JMX Proxy
|
| 271 | </description>
|
| 272 | <role-name>manager-jmx</role-name>
|
| 273 | </security-role>
|
| 274 | <security-role>
|
| 275 | <description>
|
| 276 | The role that is required to access to the Manager Status pages
|
| 277 | </description>
|
| 278 | <role-name>manager-status</role-name>
|
| 279 | </security-role>
|
| 280 | <security-role>
|
| 281 | <description>
|
| 282 | Deprecated role that can access all Manager functionality
|
| 283 | </description>
|
| 284 | <role-name>manager</role-name>
|
| 285 | </security-role>
|
| 286 |
|
| 287 | <error-page>
|
| 288 | <error-code>401</error-code>
|
| 289 | <location>/WEB-INF/jsp/401.jsp</location>
|
| 290 | </error-page>
|
| 291 | <error-page>
|
| 292 | <error-code>403</error-code>
|
| 293 | <location>/WEB-INF/jsp/403.jsp</location>
|
| 294 | </error-page>
|
| 295 |
|
| 296 | </web-app>
|