问题
I've just set up Tomcat 8 on an Ubuntu 14.04 VM and I'm not able to access the Manager App at http://[hostname]:8080/manager/html from my browser. I get a "403 Access Denied" error as soon as I click on it. I am running Tomcat as a service defined in a config file in /etc/init.d/tomcat8-dev. The error message indicates that Tomcat is set up to be accessible only from localhost initially, but as it is a hosted VM I'm not able to run a browser on it.
I have set up a user in the tomcat-users.xml file as several people have recommended. However, I am not prompted to provide the credentials for that user, and I can't find any kind of login button on the default page. That file currently looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="(redacted)" password="(redacted)"
roles="manager-gui,manager-jmx,manager-status,manager-script"/>
</tomcat-users>
After reading the Tomcat documentation page here, I have also tried adding <Valve /> tags into context.xml that look something like this:
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1" />
<!--Another valve for my local machine's IP-->
</Context>
However, as soon as I set privileged="true", I get a blank white page when I connect to the server with my browser regardless of the valves I provide afterwards.
I restart my service with sudo service tomcat8-dev restart whenever I make changes.
Other things I have tried based on posts I read here and on other sites:
- Various configurations of roles for my tomcat user
- Adding
address="0.0.0.0"toserver.xmlinside the<Connector />tag - Using
initctlinstead of setting up a service based on the instructions here, which doesn't load the default page on my server for some reason - Trying different browsers, and disabling my popup blocker
Nothing I've tried works. Please let me know if you would like more details about my situation. Any suggestions?
Edit: The problem was that I was editing the wrong context.xml file. The correct file is in tomcat/webapps/manager/META-INF. I had incorrectly been making changes to tomcat/conf/context.xml.
回答1:
AFAIK Tomcat blocks access to the Manager App (manager/html) for all hosts but localhost in its default configuration.
To be able to access the manager GUI with http://[hostname]:8080/manager/html, configure this in the configuration files server.xml and the context.xml of the manager application:
Step 1: In [tomcat-install-dir]/conf/server.xml edit the Connector element and add your IP as well as useIPVHosts="true", i.e.:
<Connector port="9009" protocol="AJP/1.3" redirectPort="9443"
address="192.168.0.9" useIPVHosts="true" />
address="0.0.0.0" is probably not what you want to insert here, as it exposes the manager GUI to all machines on the network.
Step 2: In [tomcat-install-dir]/webapps/manager/META-INF/context.xml, edit the Valve element and add your IP:
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.0\.9|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
From tomcat 8 context documentation
privileged : Set to true to allow this context to use container servlets, like the manager servlet.
antiResourceLocking : If true, Tomcat will prevent any file locking. This will significantly impact startup time of applications, but allows full webapp hot deploy and undeploy on platforms or configurations where file locking can occur
Note, that I don't add another Valve element as you mentioned in the list of things you tried but instead I edit the existing one and just add my IP (192.168.0.9).
Step 3: Restart Tomcat and you should be able to access the manager GUI with localhost / 127.0.0.1 as well as with your hostname / IP.
Aside: Regarding your tomcat-users.xml, the Tomcat Manager HOW-TO states:
It is recommended to never grant the manager-script or manager-jmx roles to users that have the manager-gui role.
So you might want to introduce two users in your tomcat-users.xml, i.e.:
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="alice" password="whatever" roles="manager-script,manager-jmx"/>
<user username="bob" password="whatever" roles="manager-gui,manager-status"/>
回答2:
You can simply do like if you want to access manager app on all machines. Go to {Tomcat_install_DIR}/webapps/manager/META-INF/ and edit context.xml put
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
回答3:
You should change:
docBase="${catalina.home}/webapps/manager"
to:
docBase="${catalina.base}/webapps/manager"
This is because you don't use Tomcat as distributed from upstream but the one which comes with Ubuntu.
回答4:
I think this might help for all of you because its work for me.
Here I'm using Apache tomcat 8:
root@akash-LIFEBOOK-A555:/opt/apache-tomcat-8.5.20/bin# ./version.sh
Using CATALINA_BASE: /opt/apache-tomcat-8.5.20
Using CATALINA_HOME: /opt/apache-tomcat-8.5.20
Using CATALINA_TMPDIR: /opt/apache-tomcat-8.5.20/temp
Using JRE_HOME: /DATA/jre1.8.0_131/
Using CLASSPATH: /opt/apache-tomcat-8.5.20/bin/bootstrap.jar:/opt/apache-tomcat-8.5.20/bin/tomcat-juli.jar
Server version: Apache Tomcat/8.5.20
Server built: Aug 2 2017 21:35:49 UTC
Server number: 8.5.20.0
OS Name: Linux
OS Version: 4.4.0-98-generic
Architecture: amd64
JVM Version: 1.8.0_131-b11
JVM Vendor: Oracle Corporation
Edit tomcat-user.xml and added the roles and users
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="admin-gui"/>
<user username="admin" password="password" roles="manager-gui,manager-status,manager-script,manager-jmx,admin-gui"/>
回答5:
I also fetched same issue and what i did first added role user and passowrd in config/tomcat-users.xml then allowed my public ip in webapps/manager/META-INF/context.xml there initially local ip 127 added for use manager from same machine. there add your ip
回答6:
Update the 'apache-tomcat-8.5.5\webapps\manager\META-INF\context.xlm file. uncomment the Value tag. and restart server
context.xml file
Before :
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.0\.9|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
After change :
<Context antiResourceLocking="false" privileged="true" >
</Context>
for auto deployment: go to 'apache-tomcat-8.5.5\conf\context.xml' and add antiResourceLocking="true" in 'Context' tag
来源:https://stackoverflow.com/questions/38469496/cant-access-tomcat-8-manager-app