问题
I am trying to deploy a WAR on the remote Tomcat (Remote Machine) using Jenkins deploy to container Plugin. I have done the following configuration in tomcat-users.xml
<user username="deployer" password="deployer" roles="manager-gui,manager-script,admin" />I have setup the proper username password and port in Jenkins deployer container plugin. The setup is working fine for the local Tomcat. But for remote Tomcat I keep getting the following error:
Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:555)
at org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:686) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:699) at org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:174)
... 16 more Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://1.203.190.5:8080/manager/text/list at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source) at org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:544) ... 19 morePlease Help.
回答1:
This seems to be a Jenkins bug but I got around the problem by setting up following configuration in Tomcat:
Edit the file /webapps/manager/META-INF/context.xml:
Previous:
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>Change this file to comment the Value:
<Context antiResourceLocking="false" privileged="true">
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>This resolved the issue. Hope this helps someone :)
回答2:
I was facing the same issue while deploying artifact to tomcat with jenkins via container plugin, Solution:- i have added manager-script and manager-gui in the roles of the user and provide the full access to webapps/* directory. It helps me to deploy the artifact successfully and able to view it with manager-app.
回答3:
If nothing works simply create another user in tomcat-users.xml file with magnager-script role assigned and set this user credential to jenkins .
In tomcat-users.xml file
<tomcat-users>
<user username="deployuser" password="deployuser" roles="manager-script" />
<user username="admin" password="admin" roles="manager-gui" />
</tomcat-users>
回答4:
In Tomcat 9, you don't need to add any manager-XXX roles. All you have to do is add the users and and assign the manager-gui (for GUI access) and manager-script (for access like Jenkins deployment ). Also, make sure to edit the file /webapps/manager/META-INF/context.xml, either to comment out valve or define appropriate reg ex for allow attribute
回答5:
Step 1: We need to update : \webapps\manager\META-INF\context.xml. Bcs it allows only localhost. If you know the specific hostname or IP, you can add.
<Context antiResourceLocking="false" privileged="true" >
<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
Step 2:
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="tomcat" password="tomcat" roles="manager-gui, manager-script"/>
Deployment went successful.
来源:https://stackoverflow.com/questions/41675813/the-username-you-provided-is-not-allowed-to-use-the-text-based-tomcat-manager-e