You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2009/09/22 00:31:48 UTC
svn commit: r817446 - in /tomcat/trunk/webapps: docs/changelog.xml
docs/manager-howto.xml manager/401.jsp manager/404.jsp
manager/WEB-INF/web.xml
Author: markt
Date: Mon Sep 21 22:31:47 2009
New Revision: 817446
URL: http://svn.apache.org/viewvc?rev=817446&view=rev
Log:
Separate out Manager app roles
Move /manager to /manager/text to simplify permissions
Allows the future addition of extra security measures to one interface that might not make sense for another (usually these will be added to the HTML interface but that might not always be the case).
Added:
tomcat/trunk/webapps/manager/404.jsp (with props)
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/manager-howto.xml
tomcat/trunk/webapps/manager/401.jsp
tomcat/trunk/webapps/manager/WEB-INF/web.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=817446&r1=817445&r2=817446&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Sep 21 22:31:47 2009
@@ -182,12 +182,17 @@
</update>
</changelog>
</subsection>
- <subsection name="Documentation">
+ <subsection name="Web applications">
<changelog>
<update>
- <rev>631321</rev> Update changelog to support the <rev> element.
- (fhanik)
+ <rev>631321</rev> Update changelog to support the <rev> element
+ in the documentation. (fhanik)
</update>
+ <add>
+ A number of additional roles were added to the Manager application to
+ separate out permissions for the HTML interface, the text interface and
+ the JMX proxy. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Extras">
Modified: tomcat/trunk/webapps/docs/manager-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/manager-howto.xml?rev=817446&r1=817445&r2=817446&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/manager-howto.xml (original)
+++ tomcat/trunk/webapps/docs/manager-howto.xml Mon Sep 21 22:31:47 2009
@@ -211,7 +211,7 @@
<p>All commands that the Manager application knows how to process are
specified in a single request URI like this:</p>
<source>
-http://{host}:{port}/manager/{command}?{parameters}
+http://{host}:{port}/manager/text/{command}?{parameters}
</source>
<p>where <code>{host}</code> and <code>{port}</code> represent the hostname
and port number on which Tomcat is running, <code>{command}</code>
@@ -270,7 +270,7 @@
<subsection name="Deploy A New Application Remotely">
<source>
-http://localhost:8080/manager/deploy?path=/foo
+http://localhost:8080/manager/text/deploy?path=/foo
</source>
<p>Upload the web application archive (WAR) file that is specified as the
@@ -343,7 +343,7 @@
directory for the manager webapp will contain the previously deployed WARs;
removing it would make the deployment fail.
<source>
-http://localhost:8080/manager/deploy?path=/footoo&tag=footag
+http://localhost:8080/manager/text/deploy?path=/footoo&tag=footag
</source>
</p>
@@ -362,7 +362,7 @@
<code>/path/to/foo</code> on the Tomcat server is deployed as the
web application context named <code>/footoo</code>.
<source>
-http://localhost:8080/manager/deploy?path=/footoo&war=file:/path/to/foo
+http://localhost:8080/manager/text/deploy?path=/footoo&war=file:/path/to/foo
</source>
</p>
@@ -372,7 +372,7 @@
so the context path defaults to the name of the web application archive
file without the ".war" extension.
<source>
-http://localhost:8080/manager/deploy?war=jar:file:/path/to/bar.war!/
+http://localhost:8080/manager/text/deploy?war=jar:file:/path/to/bar.war!/
</source>
</p>
@@ -387,7 +387,7 @@
deployed as the web application context named <code>/foo</code>. Notice
that the context path used is the name of the web application directory.
<source>
-http://localhost:8080/manager/deploy?war=foo
+http://localhost:8080/manager/text/deploy?war=foo
</source>
</p>
@@ -395,7 +395,7 @@
Host appBase directory on the Tomcat server is deployed as the web
application context named <code>/bar</code>.
<source>
-http://localhost:8080/manager/deploy?war=bar.war
+http://localhost:8080/manager/text/deploy?war=bar.war
</source>
</p>
@@ -430,7 +430,7 @@
<p>Here is an example of deploying an application using a Context
configuration ".xml" file.
<source>
-http://localhost:8080/manager/deploy?config=file:/path/context.xml
+http://localhost:8080/manager/text/deploy?config=file:/path/context.xml
</source>
</p>
@@ -438,7 +438,7 @@
configuration ".xml" file and a web application ".war" file located
on the server.
<source>
-http://localhost:8080/manager/deploy?config=file:/path/context.xml&war=jar:file:/path/bar.war!/
+http://localhost:8080/manager/text/deploy?config=file:/path/context.xml&war=jar:file:/path/bar.war!/
</source>
</p>
@@ -529,7 +529,7 @@
<subsection name="List Currently Deployed Applications">
<source>
-http://localhost:8080/manager/list
+http://localhost:8080/manager/text/list
</source>
<p>List the context paths, current status (<code>running</code> or
@@ -549,7 +549,7 @@
<subsection name="Reload An Existing Application">
<source>
-http://localhost:8080/manager/reload?path=/examples
+http://localhost:8080/manager/text/reload?path=/examples
</source>
<p>Signal an existing application to shut itself down and reload. This can
@@ -608,7 +608,7 @@
<subsection name="List OS and JVM Properties">
<source>
-http://localhost:8080/manager/serverinfo
+http://localhost:8080/manager/text/serverinfo
</source>
<p>Lists information about the Tomcat version, OS, and JVM properties.</p>
@@ -628,7 +628,7 @@
<subsection name="List Available Global JNDI Resources">
<source>
-http://localhost:8080/manager/resources[?type=xxxxx]
+http://localhost:8080/manager/text/resources[?type=xxxxx]
</source>
<p>List the global JNDI resources that are available for use in resource
@@ -680,7 +680,7 @@
<subsection name="List Available Security Roles">
<source>
-http://localhost:8080/manager/roles
+http://localhost:8080/manager/text/roles
</source>
<p>List the security role names (and corresponding descriptions) that are
@@ -733,7 +733,7 @@
<subsection name="Session Statistics">
<source>
-http://localhost:8080/manager/sessions?path=/examples
+http://localhost:8080/manager/text/sessions?path=/examples
</source>
<p>Display the default session timeout for a web application, and the
@@ -753,7 +753,7 @@
<subsection name="Start an Existing Application">
<source>
-http://localhost:8080/manager/start?path=/examples
+http://localhost:8080/manager/text/start?path=/examples
</source>
<p>Signal a stopped application to restart, and make itself available again.
@@ -796,7 +796,7 @@
<subsection name="Stop an Existing Application">
<source>
-http://localhost:8080/manager/stop?path=/examples
+http://localhost:8080/manager/text/stop?path=/examples
</source>
<p>Signal an existing application to make itself unavailable, but leave it
@@ -839,7 +839,7 @@
<subsection name="Undeploy an Existing Application">
<source>
-http://localhost:8080/manager/undeploy?path=/examples
+http://localhost:8080/manager/text/undeploy?path=/examples
</source>
<p><strong><font color="red">WARNING</font> - This command will delete any web
@@ -928,7 +928,7 @@
<property name="path" value="/myapp"/>
<!-- Configure properties to access the Manager application -->
- <property name="url" value="http://localhost:8080/manager"/>
+ <property name="url" value="http://localhost:8080/manager/text"/>
<property name="username" value="myusername"/>
<property name="password" value="mypassword"/>
Modified: tomcat/trunk/webapps/manager/401.jsp
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/401.jsp?rev=817446&r1=817445&r2=817446&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/401.jsp (original)
+++ tomcat/trunk/webapps/manager/401.jsp Mon Sep 21 22:31:47 2009
@@ -35,17 +35,33 @@
You are not authorized to view this page. If you have not changed
any configuration files, please examine the file
<tt>conf/tomcat-users.xml</tt> in your installation. That
- file will contain the credentials to let you use this webapp.
+ file must contain the credentials to let you use this webapp.
</p>
<p>
- You will need to add <tt>manager</tt> role to the config file listed above.
- For example:
+ For example, to add the <tt>manager</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
<pre>
<role rolename="manager"/>
<user username="tomcat" password="s3cret" roles="manager"/>
</pre>
</p>
<p>
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single <tt>manager</tt> role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ <ul>
+ <li><tt>manager</tt> - allows access to the HTML GUI and the status
+ pages</li>
+ <li><tt>manager-scripts</tt> - allows access to the text interface and the
+ status pages</li>
+ <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
+ pages</li>
+ <li><tt>manager-status</tt> - allows access to the just status pages</li>
+ </ul>
+ </p>
+ <p>
For more information - please see the
<a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
</p>
Added: tomcat/trunk/webapps/manager/404.jsp
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/404.jsp?rev=817446&view=auto
==============================================================================
--- tomcat/trunk/webapps/manager/404.jsp (added)
+++ tomcat/trunk/webapps/manager/404.jsp Mon Sep 21 22:31:47 2009
@@ -0,0 +1,59 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="org.apache.catalina.util.RequestUtil" %>
+<html>
+ <head>
+ <title>404 Not found</title>
+ <style>
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>404 Not found</h1>
+ <p>
+ The page you tried to access
+ (<%=RequestUtil.filter((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+ </p>
+ <p>
+ The Manager application has been re-structured for Tomcat 7 onwards and some
+ of URLs have changed. All URLs used to access the Manager application should
+ now start with one of the following options:
+ <ul>
+ <li><%=request.getContextPath()%>/html for the HTML GUI</li>
+ <li><%=request.getContextPath()%>/text for the text interface</li>
+ <li><%=request.getContextPath()%>/jmxproxy for the JMX proxy</li>
+ <li><%=request.getContextPath()%>/status for the status pages</li>
+ </ul>
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+ </p>
+ <p>
+ You probably need to adjust the URL you are using to access the Manager
+ application. However, there is always a chance you have found a bug in the
+ Manager application. If you are sure you have found a bug, and that the bug
+ has not already been reported, please report it to the Apache Tomcat team.
+ </p>
+ </body>
+</html>
Propchange: tomcat/trunk/webapps/manager/404.jsp
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tomcat/trunk/webapps/manager/404.jsp
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision
Modified: tomcat/trunk/webapps/manager/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/web.xml?rev=817446&r1=817445&r2=817446&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/WEB-INF/web.xml (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/web.xml Mon Sep 21 22:31:47 2009
@@ -27,12 +27,6 @@
Manager lets you view, load/unload/etc particular web applications.
</description>
- <!-- Define the Manager Servlet
- Change servlet-class to: org.apache.catalina.servlets.HTMLManagerServlet
- to get a Servlet with a more intuitive HTML interface, don't change if you
- have software that is expected to parse the output from ManagerServlet
- since they're not compatible.
- -->
<servlet>
<servlet-name>Manager</servlet-name>
<servlet-class>org.apache.catalina.manager.ManagerServlet</servlet-class>
@@ -66,59 +60,7 @@
<!-- Define the Manager Servlet Mapping -->
<servlet-mapping>
<servlet-name>Manager</servlet-name>
- <url-pattern>/list</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/expire</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/sessions</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/start</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/stop</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/install</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/remove</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/deploy</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/undeploy</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/reload</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/save</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/serverinfo</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/roles</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/resources</url-pattern>
+ <url-pattern>/text/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Status</servlet-name>
@@ -148,30 +90,44 @@
</resource-env-ref>
<!-- Define a Security Constraint on this Application -->
+ <!-- NOTE: None of these roles are present in the default users file -->
<security-constraint>
<web-resource-collection>
- <web-resource-name>HTMLManger and Manager command</web-resource-name>
- <url-pattern>/jmxproxy/*</url-pattern>
+ <web-resource-name>HTML Manger interface (for humans)</web-resource-name>
<url-pattern>/html/*</url-pattern>
- <url-pattern>/list</url-pattern>
- <url-pattern>/expire</url-pattern>
- <url-pattern>/sessions</url-pattern>
- <url-pattern>/start</url-pattern>
- <url-pattern>/stop</url-pattern>
- <url-pattern>/install</url-pattern>
- <url-pattern>/remove</url-pattern>
- <url-pattern>/deploy</url-pattern>
- <url-pattern>/undeploy</url-pattern>
- <url-pattern>/reload</url-pattern>
- <url-pattern>/save</url-pattern>
- <url-pattern>/serverinfo</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Text Manger interface (for scripts)</web-resource-name>
+ <url-pattern>/text/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager-scripts</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>JMX Proxy interface</web-resource-name>
+ <url-pattern>/jmxproxy/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager-jmx</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Status interface</web-resource-name>
<url-pattern>/status/*</url-pattern>
- <url-pattern>/roles</url-pattern>
- <url-pattern>/resources</url-pattern>
</web-resource-collection>
<auth-constraint>
- <!-- NOTE: This role is not present in the default users file -->
<role-name>manager</role-name>
+ <role-name>manager-scripts</role-name>
+ <role-name>manager-jmx</role-name>
+ <role-name>manager-status</role-name>
</auth-constraint>
</security-constraint>
@@ -184,14 +140,36 @@
<!-- Security roles referenced by this web application -->
<security-role>
<description>
- The role that is required to log in to the Manager Application
+ The role that is required to access the HTML Manager pages
</description>
<role-name>manager</role-name>
</security-role>
+ <security-role>
+ <description>
+ The role that is required to access the text Manager pages
+ </description>
+ <role-name>manager-scripts</role-name>
+ </security-role>
+ <security-role>
+ <description>
+ The role that is required to access the HTML JMX Proxy
+ </description>
+ <role-name>manager-jmx</role-name>
+ </security-role>
+ <security-role>
+ <description>
+ The role that is required to access to the Manager Status pages
+ </description>
+ <role-name>manager-status</role-name>
+ </security-role>
<error-page>
<error-code>401</error-code>
<location>/401.jsp</location>
</error-page>
+ <error-page>
+ <error-code>404</error-code>
+ <location>/404.jsp</location>
+ </error-page>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org