| Hongqing Liu | fd5ee81 | 2014-05-10 16:32:51 +0800 | [diff] [blame^] | 1 | <%--
|
| 2 | Licensed to the Apache Software Foundation (ASF) under one or more
|
| 3 | contributor license agreements. See the NOTICE file distributed with
|
| 4 | this work for additional information regarding copyright ownership.
|
| 5 | The ASF licenses this file to You under the Apache License, Version 2.0
|
| 6 | (the "License"); you may not use this file except in compliance with
|
| 7 | the License. You may obtain a copy of the License at
|
| 8 |
|
| 9 | http://www.apache.org/licenses/LICENSE-2.0
|
| 10 |
|
| 11 | Unless required by applicable law or agreed to in writing, software
|
| 12 | distributed under the License is distributed on an "AS IS" BASIS,
|
| 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
| 14 | See the License for the specific language governing permissions and
|
| 15 | limitations under the License.
|
| 16 | --%>
|
| 17 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
| 18 | <html>
|
| 19 | <head>
|
| 20 | <title>401 Unauthorized</title>
|
| 21 | <style type="text/css">
|
| 22 | <!--
|
| 23 | BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
|
| 24 | H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
|
| 25 | PRE, TT {border: 1px dotted #525D76}
|
| 26 | A {color : black;}A.name {color : black;}
|
| 27 | -->
|
| 28 | </style>
|
| 29 | </head>
|
| 30 | <body>
|
| 31 | <h1>401 Unauthorized</h1>
|
| 32 | <p>
|
| 33 | You are not authorized to view this page. If you have not changed
|
| 34 | any configuration files, please examine the file
|
| 35 | <tt>conf/tomcat-users.xml</tt> in your installation. That
|
| 36 | file must contain the credentials to let you use this webapp.
|
| 37 | </p>
|
| 38 | <p>
|
| 39 | For example, to add the <tt>admin-gui</tt> role to a user named
|
| 40 | <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
|
| 41 | config file listed above.
|
| 42 | </p>
|
| 43 | <pre>
|
| 44 | <role rolename="admin-gui"/>
|
| 45 | <user username="tomcat" password="s3cret" roles="admin-gui"/>
|
| 46 | </pre>
|
| 47 | <p>
|
| 48 | Note that for Tomcat 6.0.30 onwards, the roles required to use the host
|
| 49 | manager application were changed from the single <tt>admin</tt> role to the
|
| 50 | following two roles. You will need to assign the role(s) required for
|
| 51 | the functionality you wish to access.
|
| 52 | </p>
|
| 53 | <ul>
|
| 54 | <li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
|
| 55 | <li><tt>admin-script</tt> - allows access to the text interface</li>
|
| 56 | </ul>
|
| 57 | <p>
|
| 58 | The HTML interface is protected against CSRF but the text interface is not.
|
| 59 | To maintain the CSRF protection:
|
| 60 | </p>
|
| 61 | <ul>
|
| 62 | <li>The deprecated <tt>admin</tt> role should not be assigned to any
|
| 63 | user.</li>
|
| 64 | <li>Users with the <tt>admin-gui</tt> role should not be granted the
|
| 65 | <tt>admin-script</tt> role.</li>
|
| 66 | <li>If the text interface is accessed through a browser (e.g. for testing
|
| 67 | since this interface is intended for tools not humans) then the browser
|
| 68 | must be closed afterwards to terminate the session.</li>
|
| 69 | </ul>
|
| 70 | </body>
|
| 71 |
|
| 72 | </html>
|