问题描述
我已经在远程服务器上安装了 tomcat 9,启动后,它运行良好,我可以访问 http://host_name:port_num 并查看 tomcat hello 页面.但是当我尝试打开管理器应用程序来查看我部署的应用程序时,我得到 403 访问被拒绝,我已经在 tomcat 用户 xml 中添加了如下角色:
I have installed tomcat 9 on a remote sever and after starting it, it was brought up fine, I can access http://host_name:port_num and see tomcat hello page. But when I try to open manager app to see my deployed apps, I get 403 access denied, I already add roles in tomcat user xml as following:
<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="admin"/>
<user username="user" password="password" roles="admin,manager,manager-gui"/>
我看到的错误信息是:
默认情况下,主机管理器只能从与 Tomcat 运行在同一台机器上的浏览器访问.如果您希望修改此限制,您需要编辑主机管理器的 context.xml 文件.
我应该如何更改 context.xml 文件并访问管理器应用程序?
How should I change context.xml file and get access to manager app?
推荐答案
每个部署的 web 应用程序都有一个 context.xml
文件,位于
Each deployed webapp has a context.xml
file that lives in
$CATALINA_BASE/conf/[enginename]/[hostname]
(conf/Catalina/localhost by default)
并且与 webapp 同名(在本例中为 manager.xml
).如果不存在文件,则使用默认值.
and has the same name as the webapp (manager.xml
in this case). If no file is present, default values are used.
因此,您需要创建一个文件 conf/Catalina/localhost/manager.xml
并指定要允许远程访问的规则.例如,manager.xml
的以下内容将允许从所有机器访问:
So, you need to create a file conf/Catalina/localhost/manager.xml
and specify the rule you want to allow remote access. For example, the following content of manager.xml
will allow access from all machines:
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^YOUR.IP.ADDRESS.HERE$" />
</Context>
请注意,Valve
元素的 allow 属性是一个正则表达式,与连接主机的 IP 地址匹配.因此,将您的 IP 地址替换为 YOUR.IP.ADDRESS.HERE(或其他一些有用的表达方式).
Note that the allow attribute of the Valve
element is a regular expression that matches the IP address of the connecting host. So substitute your IP address for YOUR.IP.ADDRESS.HERE (or some other useful expression).
Other Valve
类迎合其他规则(例如,RemoteHostValve
用于匹配主机名).Tomcat 的早期版本使用阀门类 org.apache.catalina.valves.RemoteIpValve 进行 IP 地址匹配.
Other Valve
classes cater for other rules (e.g. RemoteHostValve
for matching host names). Earlier versions of Tomcat use a valve class org.apache.catalina.valves.RemoteIpValve for IP address matching.
完成上述更改后,您应该在访问管理器 URL 时看到身份验证对话框.如果您输入您在 tomcat-users.xml
中提供的详细信息,您应该可以访问管理器.
Once the changes above have been made, you should be presented with an authentication dialog when accessing the manager URL. If you enter the details you have supplied in tomcat-users.xml
you should have access to the Manager.
这篇关于从不同主机访问Tomcat Manager App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!