| Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame] | 1 | <%--
|
| 2 | Licensed to the Apache Software Foundation (ASF) under one or more
|
| 3 | contributor license agreements. See the NOTICE file distributed with
|
| 4 | this work for additional information regarding copyright ownership.
|
| 5 | The ASF licenses this file to You under the Apache License, Version 2.0
|
| 6 | (the "License"); you may not use this file except in compliance with
|
| 7 | the License. You may obtain a copy of the License at
|
| 8 |
|
| 9 | http://www.apache.org/licenses/LICENSE-2.0
|
| 10 |
|
| 11 | Unless required by applicable law or agreed to in writing, software
|
| 12 | distributed under the License is distributed on an "AS IS" BASIS,
|
| 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 14 | See the License for the specific language governing permissions and
|
| 15 | limitations under the License.
|
| 16 | --%>
|
| 17 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
| 18 | <html>
|
| 19 | <head>
|
| 20 | <title>403 Access Denied</title>
|
| 21 | <style type="text/css">
|
| 22 | <!--
|
| 23 | BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
|
| 24 | H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
|
| 25 | PRE, TT {border: 1px dotted #525D76}
|
| 26 | A {color : black;}A.name {color : black;}
|
| 27 | -->
|
| 28 | </style>
|
| 29 | </head>
|
| 30 | <body>
|
| 31 | <h1>403 Access Denied</h1>
|
| 32 | <p>
|
| 33 | You are not authorized to view this page.
|
| 34 | </p>
|
| 35 | <p>
|
| 36 | If you have already configured the Manager application to allow access and
|
| 37 | you have used your browser's back button, used a saved book-mark or similar
|
| 38 | then you may have triggered the cross-site request forgery (CSRF) protection
|
| 39 | that has been enabled for the HTML interface of the Manager application. You
|
| 40 | will need to reset this protection by returning to the
|
| 41 | <a href="<%=request.getContextPath()%>/html">main Manager page</a>. Once you
|
| 42 | return to this page, you will be able to continue using the Manager
|
| 43 | appliction's HTML interface normally. If you continue to see this access
|
| 44 | denied message, check that you have the necessary permissions to access this
|
| 45 | application.
|
| 46 | </p>
|
| 47 | <p>
|
| 48 | If you have not changed
|
| 49 | any configuration files, please examine the file
|
| 50 | <tt>conf/tomcat-users.xml</tt> in your installation. That
|
| 51 | file must contain the credentials to let you use this webapp.
|
| 52 | </p>
|
| 53 | <p>
|
| 54 | For example, to add the <tt>manager-gui</tt> role to a user named
|
| 55 | <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
|
| 56 | config file listed above.
|
| 57 | </p>
|
| 58 | <pre>
|
| 59 | <role rolename="manager-gui"/>
|
| 60 | <user username="tomcat" password="s3cret" roles="manager-gui"/>
|
| 61 | </pre>
|
| 62 | <p>
|
| 63 | Note that for Tomcat 6.0.30 onwards, the roles required to use the manager
|
| 64 | application were changed from the single <tt>manager</tt> role to add the
|
| 65 | following four roles. (The manager role is still available but should not be
|
| 66 | used as it avoids the CSRF protection). You will need to assign the role(s)
|
| 67 | required for the functionality you wish to access.
|
| 68 | </p>
|
| 69 | <ul>
|
| 70 | <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
|
| 71 | pages</li>
|
| 72 | <li><tt>manager-script</tt> - allows access to the text interface and the
|
| 73 | status pages</li>
|
| 74 | <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
|
| 75 | pages</li>
|
| 76 | <li><tt>manager-status</tt> - allows access to the status pages only</li>
|
| 77 | </ul>
|
| 78 | <p>
|
| 79 | The HTML interface is protected against CSRF but the text and JMX interfaces
|
| 80 | are not. To maintain the CSRF protection:
|
| 81 | </p>
|
| 82 | <ul>
|
| 83 | <li>users with the <tt>manager-gui</tt> role should not be granted either
|
| 84 | the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
|
| 85 | <li>if the text or jmx interfaces are accessed through a browser (e.g. for
|
| 86 | testing since these interfaces are intended for tools not humans) then
|
| 87 | the browser must be closed afterwards to terminate the session.</li>
|
| 88 | </ul>
|
| 89 | <p>
|
| 90 | For more information - please see the
|
| 91 | <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
|
| 92 | </p>
|
| 93 | </body>
|
| 94 |
|
| 95 | </html>
|