Align the authenticator documentation and MBean descriptors with the
implementation. (markt)
</fix>
+ <fix>
+ Prevent the custom error pages for the Manager and Host Manager
+ applications from being accessed directly. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>401 Unauthorized</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>401 Unauthorized</h1>
- <p>
- You are not authorized to view this page. If you have not changed
- any configuration files, please examine the file
- <tt>conf/tomcat-users.xml</tt> in your installation. That
- file must contain the credentials to let you use this webapp.
- </p>
- <p>
- For example, to add the <tt>admin-gui</tt> role to a user named
- <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
- config file listed above.
- </p>
-<pre>
-<role rolename="admin-gui"/>
-<user username="tomcat" password="s3cret" roles="admin-gui"/>
-</pre>
- <p>
- Note that for Tomcat 7 onwards, the roles required to use the host manager
- application were changed from the single <tt>admin</tt> role to the
- following two roles. You will need to assign the role(s) required for
- the functionality you wish to access.
- </p>
- <ul>
- <li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
- <li><tt>admin-script</tt> - allows access to the text interface</li>
- </ul>
- <p>
- The HTML interface is protected against CSRF but the text interface is not.
- To maintain the CSRF protection:
- </p>
- <ul>
- <li>Users with the <tt>admin-gui</tt> role should not be granted the
- <tt>admin-script</tt> role.</li>
- <li>If the text interface is accessed through a browser (e.g. for testing
- since this interface is intended for tools not humans) then the browser
- must be closed afterwards to terminate the session.</li>
- </ul>
- </body>
-
-</html>
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>403 Access Denied</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>403 Access Denied</h1>
- <p>
- You are not authorized to view this page.
- </p>
- <p>
- If you have already configured the Host Manager application to allow access
- and you have used your browsers back button, used a saved book-mark or
- similar then you may have triggered the cross-site request forgery (CSRF)
- protection that has been enabled for the HTML interface of the Host Manager
- application. You will need to reset this protection by returning to the
- <a href="<%=request.getContextPath()%>/html">main Host Manager page</a>.
- Once you return to this page, you will be able to continue using the Host
- Manager appliction's HTML interface normally. If you continue to see this
- access denied message, check that you have the necessary permissions to
- access this application.
- </p>
- <p> If you have not changed
- any configuration files, please examine the file
- <tt>conf/tomcat-users.xml</tt> in your installation. That
- file must contain the credentials to let you use this webapp.
- </p>
- <p>
- For example, to add the <tt>admin-gui</tt> role to a user named
- <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
- config file listed above.
- </p>
-<pre>
-<role rolename="admin-gui"/>
-<user username="tomcat" password="s3cret" roles="admin-gui"/>
-</pre>
- <p>
- Note that for Tomcat 7 onwards, the roles required to use the host manager
- application were changed from the single <tt>admin</tt> role to the
- following two roles. You will need to assign the role(s) required for
- the functionality you wish to access.
- </p>
- <ul>
- <li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
- <li><tt>admin-script</tt> - allows access to the text interface</li>
- </ul>
- <p>
- The HTML interface is protected against CSRF but the text interface is not.
- To maintain the CSRF protection:
- </p>
- <ul>
- <li>Users with the <tt>admin-gui</tt> role should not be granted the
- <tt>admin-script</tt> role.</li>
- <li>If the text interface is accessed through a browser (e.g. for testing
- since this interface is intended for tools not humans) then the browser
- must be closed afterwards to terminate the session.</li>
- </ul>
- </body>
-
-</html>
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page import="org.apache.catalina.util.RequestUtil" %>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>404 Not found</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>404 Not found</h1>
- <p>
- The page you tried to access
- (<%=RequestUtil.filter((String) request.getAttribute(
- "javax.servlet.error.request_uri"))%>)
- does not exist.
- </p>
- <p>
- The Host Manager application has been re-structured for Tomcat 7 onwards and
- some URLs have changed. All URLs used to access the Manager application
- should now start with one of the following options:
- </p>
- <ul>
- <li><%=request.getContextPath()%>/html for the HTML GUI</li>
- <li><%=request.getContextPath()%>/text for the text interface</li>
- </ul>
- <p>
- Note that the URL for the text interface has changed from
- "<%=request.getContextPath()%>" to
- "<%=request.getContextPath()%>/text".
- </p>
- <p>
- You probably need to adjust the URL you are using to access the Host Manager
- application. However, there is always a chance you have found a bug in the
- Host Manager application. If you are sure you have found a bug, and that the
- bug has not already been reported, please report it to the Apache Tomcat
- team.
- </p>
- </body>
-</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>401 Unauthorized</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>401 Unauthorized</h1>
+ <p>
+ You are not authorized to view this page. If you have not changed
+ any configuration files, please examine the file
+ <tt>conf/tomcat-users.xml</tt> in your installation. That
+ file must contain the credentials to let you use this webapp.
+ </p>
+ <p>
+ For example, to add the <tt>admin-gui</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
+ </p>
+<pre>
+<role rolename="admin-gui"/>
+<user username="tomcat" password="s3cret" roles="admin-gui"/>
+</pre>
+ <p>
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single <tt>admin</tt> role to the
+ following two roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ </p>
+ <ul>
+ <li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
+ <li><tt>admin-script</tt> - allows access to the text interface</li>
+ </ul>
+ <p>
+ The HTML interface is protected against CSRF but the text interface is not.
+ To maintain the CSRF protection:
+ </p>
+ <ul>
+ <li>Users with the <tt>admin-gui</tt> role should not be granted the
+ <tt>admin-script</tt> role.</li>
+ <li>If the text interface is accessed through a browser (e.g. for testing
+ since this interface is intended for tools not humans) then the browser
+ must be closed afterwards to terminate the session.</li>
+ </ul>
+ </body>
+
+</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>403 Access Denied</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>403 Access Denied</h1>
+ <p>
+ You are not authorized to view this page.
+ </p>
+ <p>
+ If you have already configured the Host Manager application to allow access
+ and you have used your browsers back button, used a saved book-mark or
+ similar then you may have triggered the cross-site request forgery (CSRF)
+ protection that has been enabled for the HTML interface of the Host Manager
+ application. You will need to reset this protection by returning to the
+ <a href="<%=request.getContextPath()%>/html">main Host Manager page</a>.
+ Once you return to this page, you will be able to continue using the Host
+ Manager appliction's HTML interface normally. If you continue to see this
+ access denied message, check that you have the necessary permissions to
+ access this application.
+ </p>
+ <p> If you have not changed
+ any configuration files, please examine the file
+ <tt>conf/tomcat-users.xml</tt> in your installation. That
+ file must contain the credentials to let you use this webapp.
+ </p>
+ <p>
+ For example, to add the <tt>admin-gui</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
+ </p>
+<pre>
+<role rolename="admin-gui"/>
+<user username="tomcat" password="s3cret" roles="admin-gui"/>
+</pre>
+ <p>
+ Note that for Tomcat 7 onwards, the roles required to use the host manager
+ application were changed from the single <tt>admin</tt> role to the
+ following two roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ </p>
+ <ul>
+ <li><tt>admin-gui</tt> - allows access to the HTML GUI</li>
+ <li><tt>admin-script</tt> - allows access to the text interface</li>
+ </ul>
+ <p>
+ The HTML interface is protected against CSRF but the text interface is not.
+ To maintain the CSRF protection:
+ </p>
+ <ul>
+ <li>Users with the <tt>admin-gui</tt> role should not be granted the
+ <tt>admin-script</tt> role.</li>
+ <li>If the text interface is accessed through a browser (e.g. for testing
+ since this interface is intended for tools not humans) then the browser
+ must be closed afterwards to terminate the session.</li>
+ </ul>
+ </body>
+
+</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page import="org.apache.catalina.util.RequestUtil" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>404 Not found</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>404 Not found</h1>
+ <p>
+ The page you tried to access
+ (<%=RequestUtil.filter((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+ </p>
+ <p>
+ The Host Manager application has been re-structured for Tomcat 7 onwards and
+ some URLs have changed. All URLs used to access the Manager application
+ should now start with one of the following options:
+ </p>
+ <ul>
+ <li><%=request.getContextPath()%>/html for the HTML GUI</li>
+ <li><%=request.getContextPath()%>/text for the text interface</li>
+ </ul>
+ <p>
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+ </p>
+ <p>
+ You probably need to adjust the URL you are using to access the Host Manager
+ application. However, there is always a chance you have found a bug in the
+ Host Manager application. If you are sure you have found a bug, and that the
+ bug has not already been reported, please report it to the Apache Tomcat
+ team.
+ </p>
+ </body>
+</html>
<error-page>
<error-code>401</error-code>
- <location>/401.jsp</location>
+ <location>/WEB-INF/jsp/401.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
- <location>/403.jsp</location>
+ <location>/WEB-INF/jsp/403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
- <location>/404.jsp</location>
+ <location>/WEB-INF/jsp/404.jsp</location>
</error-page>
</web-app>
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>401 Unauthorized</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>401 Unauthorized</h1>
- <p>
- You are not authorized to view this page. If you have not changed
- any configuration files, please examine the file
- <tt>conf/tomcat-users.xml</tt> in your installation. That
- file must contain the credentials to let you use this webapp.
- </p>
- <p>
- For example, to add the <tt>manager-gui</tt> role to a user named
- <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
- config file listed above.
- </p>
-<pre>
-<role rolename="manager-gui"/>
-<user username="tomcat" password="s3cret" roles="manager-gui"/>
-</pre>
- <p>
- Note that for Tomcat 7 onwards, the roles required to use the manager
- application were changed from the single <tt>manager</tt> role to the
- following four roles. You will need to assign the role(s) required for
- the functionality you wish to access.
- </p>
- <ul>
- <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
- pages</li>
- <li><tt>manager-script</tt> - allows access to the text interface and the
- status pages</li>
- <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
- pages</li>
- <li><tt>manager-status</tt> - allows access to the status pages only</li>
- </ul>
- <p>
- The HTML interface is protected against CSRF but the text and JMX interfaces
- are not. To maintain the CSRF protection:
- </p>
- <ul>
- <li>Users with the <tt>manager-gui</tt> role should not be granted either
- the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
- <li>If the text or jmx interfaces are accessed through a browser (e.g. for
- testing since these interfaces are intended for tools not humans) then
- the browser must be closed afterwards to terminate the session.</li>
- </ul>
- <p>
- For more information - please see the
- <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
- </p>
- </body>
-
-</html>
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>403 Access Denied</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>403 Access Denied</h1>
- <p>
- You are not authorized to view this page.
- </p>
- <p>
- If you have already configured the Manager application to allow access and
- you have used your browsers back button, used a saved book-mark or similar
- then you may have triggered the cross-site request forgery (CSRF) protection
- that has been enabled for the HTML interface of the Manager application. You
- will need to reset this protection by returning to the
- <a href="<%=request.getContextPath()%>/html">main Manager page</a>. Once you
- return to this page, you will be able to continue using the Manager
- appliction's HTML interface normally. If you continue to see this access
- denied message, check that you have the necessary permissions to access this
- application.
- </p>
- <p>
- If you have not changed
- any configuration files, please examine the file
- <tt>conf/tomcat-users.xml</tt> in your installation. That
- file must contain the credentials to let you use this webapp.
- </p>
- <p>
- For example, to add the <tt>manager-gui</tt> role to a user named
- <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
- config file listed above.
- </p>
-<pre>
-<role rolename="manager-gui"/>
-<user username="tomcat" password="s3cret" roles="manager-gui"/>
-</pre>
- <p>
- Note that for Tomcat 7 onwards, the roles required to use the manager
- application were changed from the single <tt>manager</tt> role to the
- following four roles. You will need to assign the role(s) required for
- the functionality you wish to access.
- </p>
- <ul>
- <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
- pages</li>
- <li><tt>manager-script</tt> - allows access to the text interface and the
- status pages</li>
- <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
- pages</li>
- <li><tt>manager-status</tt> - allows access to the status pages only</li>
- </ul>
- <p>
- The HTML interface is protected against CSRF but the text and JMX interfaces
- are not. To maintain the CSRF protection:
- </p>
- <ul>
- <li>Users with the <tt>manager-gui</tt> role should not be granted either
- the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
- <li>If the text or jmx interfaces are accessed through a browser (e.g. for
- testing since these interfaces are intended for tools not humans) then
- the browser must be closed afterwards to terminate the session.</li>
- </ul>
- <p>
- For more information - please see the
- <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
- </p>
- </body>
-
-</html>
+++ /dev/null
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page import="org.apache.catalina.util.RequestUtil" %>
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
-<html>
- <head>
- <title>404 Not found</title>
- <style type="text/css">
- <!--
- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
- H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
- PRE, TT {border: 1px dotted #525D76}
- A {color : black;}A.name {color : black;}
- -->
- </style>
- </head>
- <body>
- <h1>404 Not found</h1>
- <p>
- The page you tried to access
- (<%=RequestUtil.filter((String) request.getAttribute(
- "javax.servlet.error.request_uri"))%>)
- does not exist.
- </p>
- <p>
- The Manager application has been re-structured for Tomcat 7 onwards and some
- of URLs have changed. All URLs used to access the Manager application should
- now start with one of the following options:
- </p>
- <ul>
- <li><%=request.getContextPath()%>/html for the HTML GUI</li>
- <li><%=request.getContextPath()%>/text for the text interface</li>
- <li><%=request.getContextPath()%>/jmxproxy for the JMX proxy</li>
- <li><%=request.getContextPath()%>/status for the status pages</li>
- </ul>
- <p>
- Note that the URL for the text interface has changed from
- "<%=request.getContextPath()%>" to
- "<%=request.getContextPath()%>/text".
- </p>
- <p>
- You probably need to adjust the URL you are using to access the Manager
- application. However, there is always a chance you have found a bug in the
- Manager application. If you are sure you have found a bug, and that the bug
- has not already been reported, please report it to the Apache Tomcat team.
- </p>
- </body>
-</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>401 Unauthorized</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>401 Unauthorized</h1>
+ <p>
+ You are not authorized to view this page. If you have not changed
+ any configuration files, please examine the file
+ <tt>conf/tomcat-users.xml</tt> in your installation. That
+ file must contain the credentials to let you use this webapp.
+ </p>
+ <p>
+ For example, to add the <tt>manager-gui</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
+ </p>
+<pre>
+<role rolename="manager-gui"/>
+<user username="tomcat" password="s3cret" roles="manager-gui"/>
+</pre>
+ <p>
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single <tt>manager</tt> role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ </p>
+ <ul>
+ <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
+ pages</li>
+ <li><tt>manager-script</tt> - allows access to the text interface and the
+ status pages</li>
+ <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
+ pages</li>
+ <li><tt>manager-status</tt> - allows access to the status pages only</li>
+ </ul>
+ <p>
+ The HTML interface is protected against CSRF but the text and JMX interfaces
+ are not. To maintain the CSRF protection:
+ </p>
+ <ul>
+ <li>Users with the <tt>manager-gui</tt> role should not be granted either
+ the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
+ <li>If the text or jmx interfaces are accessed through a browser (e.g. for
+ testing since these interfaces are intended for tools not humans) then
+ the browser must be closed afterwards to terminate the session.</li>
+ </ul>
+ <p>
+ For more information - please see the
+ <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
+ </p>
+ </body>
+
+</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>403 Access Denied</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>403 Access Denied</h1>
+ <p>
+ You are not authorized to view this page.
+ </p>
+ <p>
+ If you have already configured the Manager application to allow access and
+ you have used your browsers back button, used a saved book-mark or similar
+ then you may have triggered the cross-site request forgery (CSRF) protection
+ that has been enabled for the HTML interface of the Manager application. You
+ will need to reset this protection by returning to the
+ <a href="<%=request.getContextPath()%>/html">main Manager page</a>. Once you
+ return to this page, you will be able to continue using the Manager
+ appliction's HTML interface normally. If you continue to see this access
+ denied message, check that you have the necessary permissions to access this
+ application.
+ </p>
+ <p>
+ If you have not changed
+ any configuration files, please examine the file
+ <tt>conf/tomcat-users.xml</tt> in your installation. That
+ file must contain the credentials to let you use this webapp.
+ </p>
+ <p>
+ For example, to add the <tt>manager-gui</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
+ </p>
+<pre>
+<role rolename="manager-gui"/>
+<user username="tomcat" password="s3cret" roles="manager-gui"/>
+</pre>
+ <p>
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single <tt>manager</tt> role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ </p>
+ <ul>
+ <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
+ pages</li>
+ <li><tt>manager-script</tt> - allows access to the text interface and the
+ status pages</li>
+ <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
+ pages</li>
+ <li><tt>manager-status</tt> - allows access to the status pages only</li>
+ </ul>
+ <p>
+ The HTML interface is protected against CSRF but the text and JMX interfaces
+ are not. To maintain the CSRF protection:
+ </p>
+ <ul>
+ <li>Users with the <tt>manager-gui</tt> role should not be granted either
+ the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
+ <li>If the text or jmx interfaces are accessed through a browser (e.g. for
+ testing since these interfaces are intended for tools not humans) then
+ the browser must be closed afterwards to terminate the session.</li>
+ </ul>
+ <p>
+ For more information - please see the
+ <a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
+ </p>
+ </body>
+
+</html>
--- /dev/null
+<%--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--%>
+<%@ page import="org.apache.catalina.util.RequestUtil" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+ <head>
+ <title>404 Not found</title>
+ <style type="text/css">
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>404 Not found</h1>
+ <p>
+ The page you tried to access
+ (<%=RequestUtil.filter((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+ </p>
+ <p>
+ The Manager application has been re-structured for Tomcat 7 onwards and some
+ of URLs have changed. All URLs used to access the Manager application should
+ now start with one of the following options:
+ </p>
+ <ul>
+ <li><%=request.getContextPath()%>/html for the HTML GUI</li>
+ <li><%=request.getContextPath()%>/text for the text interface</li>
+ <li><%=request.getContextPath()%>/jmxproxy for the JMX proxy</li>
+ <li><%=request.getContextPath()%>/status for the status pages</li>
+ </ul>
+ <p>
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+ </p>
+ <p>
+ You probably need to adjust the URL you are using to access the Manager
+ application. However, there is always a chance you have found a bug in the
+ Manager application. If you are sure you have found a bug, and that the bug
+ has not already been reported, please report it to the Apache Tomcat team.
+ </p>
+ </body>
+</html>
<error-page>
<error-code>401</error-code>
- <location>/401.jsp</location>
+ <location>/WEB-INF/jsp/401.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
- <location>/403.jsp</location>
+ <location>/WEB-INF/jsp/403.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
- <location>/404.jsp</location>
+ <location>/WEB-INF/jsp/404.jsp</location>
</error-page>
</web-app>
projects / tomcat7.0 / commitdiff