Tomcat Manager User Configuration detailed

This article turns from ( click )

Tomcat Manager is a web app that Tomcat comes with to manage the tomcat itself and the apps that are deployed on Tomcat. Tomcat is one of the most widely used servers in the Java world, so Tomcat manager has become a very common feature application.

By default, Tomcat Manager is in a disabled state. To be precise, the Tomcat manager needs to be logged in as a user role and authorized to use the appropriate functionality, but Tomcat does not configure any default users, so we need to make the appropriate user configuration before using Tomcat Manager.

The user configuration of the Tomcat manager is managed in a Tomcat安装目录/conf/tomcat-users.xml file.

The user configuration of the Tomcat manager is very simple, let's take a specific configuration as an example:

<tomcat-users>
<role RoleName="Manager-gui"/>
<role RoleName="Manager-script"/> 
 <user username = "tomcat"  password= roles=" Manager-gui " /> 
 <user  Username= "admin"  password = "123456"  roles= "manager-script" /> 
 </tomcat-users                 

As shown above, we only need to configure tomcat-users the role appropriate (roles/permissions) and user (users) in the node. A user node represents a single user, username a password property, and a user name and password that represents roles a login, and the attribute represents the permissions that the user has.

userThe roles attribute role value of the node corresponds to the node's rolename property value, which indicates that the current user has the role permissions represented by that role node. Of course, a user can have a variety of permissions roles , so the value of rolename the property rolename can be multiple, multiple separated by commas.

Thinking a little bit, we should guess that rolename the attribute value is not random content, or how Tomcat can know what kind of permissions rolename we arbitrarily define. In fact, Tomcat has defined 4 different roles for us-that is rolename , 4, and we just need to use the roles that Tomcat has defined for us to meet the needs of our work.

The following is a general introduction to the 4 roles of the Tomcat Manager (the * in the following URL is a wildcard character):

Manager-gui

Allow access to HTML interface (that is, URL path is/manager/html/*)

Manager-script

Allow access to the plain text interface (that is, URL path is/manager/text/*)

Manager-jmx

Allow access to the JMX proxy interface (that is, URL path is/manager/jmxproxy/*)

Manager-status

allow access to Tomcat read-only status pages (that is, URL path is/manager/status/*)

From the Tomcat manager internal configuration file, manager-gui manager-script manager-jmx manager-status You can know,, and have permissions, i.e. manager-gui manager-script manager-jmx ,,, Three role permissions you can access the path manager-status /manager/status/*directly without adding additional permissions.

Tomcat Manager User Configuration detailed