TOMCAT8 Access Management page localhost appears: 403 Access Denied

Source: Internet
Author: User

Problem:

403Access deniedyou is not authorized to view Thispage.  If you had already configured the Manager application to allow access and you had used your browsers back button, used a Saved Book-mark or similar then your may had triggered the Cross-site request forgery (CSRF) protection that had been enabled forThe HTMLInterfaceof the Manager application. You'll need to reset ThisProtection by returning to the main Manager page. OncereturnTo Thispage, you'll be able toContinue usingThe Manager appliction's HTML interface normally. If you continue to see this access denied a message, check that it has the necessary permissions to access this Applicatio N.If you have not changed any configuration files, please examine the file conf/tomcat-users.xmlinchYour installation. That file must contain the credentials ThisWebApp. For example, to add the manager-GUI role to a user named Tomcat with a password of S3cret, add the following to the config file listed above.<role rolename="Manager-gui"/><user username="Tomcat"password="S3cret"roles="Manager-gui"/>Note that forTomcat7onwards, the roles required to use the manager application were changed fromThe single manager role to the following four roles. You'll need to assign the role (s) required forThe functionality wish to Access.manager-gui-allows access to the HTML GUI and the status Pagesmanager-script-allows access to the textInterfaceAnd the status Pagesmanager-JMX-allows access to the JMX proxy and the status Pagesmanager-status-allows access to the status pages onlythe HTMLInterface  is protectedagainst CSRF But the text and JMX interfaces is not. To maintain the CSRF protection:users with the manager-gui role should not being granted either the Manager-script or manager-jmx roles. If the text or JMX interfaces is accessed through a browser (e.g. forTesting since these interfaces is intended forTools not humans) then the browser must is closed afterwards to terminate the session.

Tomcat-users.xml Configuration content is:

<!--<role Rolename="Tomcat"/> <role rolename="Role1"/> <user username="Tomcat"password="Tomcat"roles="Tomcat"/> <user username="both"password="Tomcat"roles="Tomcat,role1"/> <user username="Role1"password="Tomcat"roles="Role1"/>--> <user username="Admin"password="Admin"roles="Manager"/> </tomcat-users>

Solution:

<user username="admin " password="admin " roles=" Manager "/> instead:

<user username="admin " password="admin " roles= " Manager-gui "/> can be."

The reason is that role in TOMCAT8 has changed manager to Manager-gui.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.