</update>
</changelog>
</subsection>
- <subsection name="Documentation">
+ <subsection name="Web applications">
<changelog>
<update>
- <rev>631321</rev> Update changelog to support the <rev> element.
- (fhanik)
+ <rev>631321</rev> Update changelog to support the <rev> element
+ in the documentation. (fhanik)
</update>
+ <add>
+ A number of additional roles were added to the Manager application to
+ separate out permissions for the HTML interface, the text interface and
+ the JMX proxy. (markt)
+ </add>
</changelog>
</subsection>
<subsection name="Extras">
<p>All commands that the Manager application knows how to process are
specified in a single request URI like this:</p>
<source>
-http://{host}:{port}/manager/{command}?{parameters}
+http://{host}:{port}/manager/text/{command}?{parameters}
</source>
<p>where <code>{host}</code> and <code>{port}</code> represent the hostname
and port number on which Tomcat is running, <code>{command}</code>
<subsection name="Deploy A New Application Remotely">
<source>
-http://localhost:8080/manager/deploy?path=/foo
+http://localhost:8080/manager/text/deploy?path=/foo
</source>
<p>Upload the web application archive (WAR) file that is specified as the
directory for the manager webapp will contain the previously deployed WARs;
removing it would make the deployment fail.
<source>
-http://localhost:8080/manager/deploy?path=/footoo&tag=footag
+http://localhost:8080/manager/text/deploy?path=/footoo&tag=footag
</source>
</p>
<code>/path/to/foo</code> on the Tomcat server is deployed as the
web application context named <code>/footoo</code>.
<source>
-http://localhost:8080/manager/deploy?path=/footoo&war=file:/path/to/foo
+http://localhost:8080/manager/text/deploy?path=/footoo&war=file:/path/to/foo
</source>
</p>
so the context path defaults to the name of the web application archive
file without the ".war" extension.
<source>
-http://localhost:8080/manager/deploy?war=jar:file:/path/to/bar.war!/
+http://localhost:8080/manager/text/deploy?war=jar:file:/path/to/bar.war!/
</source>
</p>
deployed as the web application context named <code>/foo</code>. Notice
that the context path used is the name of the web application directory.
<source>
-http://localhost:8080/manager/deploy?war=foo
+http://localhost:8080/manager/text/deploy?war=foo
</source>
</p>
Host appBase directory on the Tomcat server is deployed as the web
application context named <code>/bar</code>.
<source>
-http://localhost:8080/manager/deploy?war=bar.war
+http://localhost:8080/manager/text/deploy?war=bar.war
</source>
</p>
<p>Here is an example of deploying an application using a Context
configuration ".xml" file.
<source>
-http://localhost:8080/manager/deploy?config=file:/path/context.xml
+http://localhost:8080/manager/text/deploy?config=file:/path/context.xml
</source>
</p>
configuration ".xml" file and a web application ".war" file located
on the server.
<source>
-http://localhost:8080/manager/deploy?config=file:/path/context.xml&war=jar:file:/path/bar.war!/
+http://localhost:8080/manager/text/deploy?config=file:/path/context.xml&war=jar:file:/path/bar.war!/
</source>
</p>
<subsection name="List Currently Deployed Applications">
<source>
-http://localhost:8080/manager/list
+http://localhost:8080/manager/text/list
</source>
<p>List the context paths, current status (<code>running</code> or
<subsection name="Reload An Existing Application">
<source>
-http://localhost:8080/manager/reload?path=/examples
+http://localhost:8080/manager/text/reload?path=/examples
</source>
<p>Signal an existing application to shut itself down and reload. This can
<subsection name="List OS and JVM Properties">
<source>
-http://localhost:8080/manager/serverinfo
+http://localhost:8080/manager/text/serverinfo
</source>
<p>Lists information about the Tomcat version, OS, and JVM properties.</p>
<subsection name="List Available Global JNDI Resources">
<source>
-http://localhost:8080/manager/resources[?type=xxxxx]
+http://localhost:8080/manager/text/resources[?type=xxxxx]
</source>
<p>List the global JNDI resources that are available for use in resource
<subsection name="List Available Security Roles">
<source>
-http://localhost:8080/manager/roles
+http://localhost:8080/manager/text/roles
</source>
<p>List the security role names (and corresponding descriptions) that are
<subsection name="Session Statistics">
<source>
-http://localhost:8080/manager/sessions?path=/examples
+http://localhost:8080/manager/text/sessions?path=/examples
</source>
<p>Display the default session timeout for a web application, and the
<subsection name="Start an Existing Application">
<source>
-http://localhost:8080/manager/start?path=/examples
+http://localhost:8080/manager/text/start?path=/examples
</source>
<p>Signal a stopped application to restart, and make itself available again.
<subsection name="Stop an Existing Application">
<source>
-http://localhost:8080/manager/stop?path=/examples
+http://localhost:8080/manager/text/stop?path=/examples
</source>
<p>Signal an existing application to make itself unavailable, but leave it
<subsection name="Undeploy an Existing Application">
<source>
-http://localhost:8080/manager/undeploy?path=/examples
+http://localhost:8080/manager/text/undeploy?path=/examples
</source>
<p><strong><font color="red">WARNING</font> - This command will delete any web
<property name="path" value="/myapp"/>
<!-- Configure properties to access the Manager application -->
- <property name="url" value="http://localhost:8080/manager"/>
+ <property name="url" value="http://localhost:8080/manager/text"/>
<property name="username" value="myusername"/>
<property name="password" value="mypassword"/>
You are not authorized to view this page. If you have not changed
any configuration files, please examine the file
<tt>conf/tomcat-users.xml</tt> in your installation. That
- file will contain the credentials to let you use this webapp.
+ file must contain the credentials to let you use this webapp.
</p>
<p>
- You will need to add <tt>manager</tt> role to the config file listed above.
- For example:
+ For example, to add the <tt>manager</tt> role to a user named
+ <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
+ config file listed above.
<pre>
<role rolename="manager"/>
<user username="tomcat" password="s3cret" roles="manager"/>
</pre>
</p>
<p>
+ Note that for Tomcat 7 onwards, the roles required to use the manager
+ application were changed from the single <tt>manager</tt> role to the
+ following four roles. You will need to assign the role(s) required for
+ the functionality you wish to access.
+ <ul>
+ <li><tt>manager</tt> - allows access to the HTML GUI and the status
+ pages</li>
+ <li><tt>manager-scripts</tt> - allows access to the text interface and the
+ status pages</li>
+ <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
+ pages</li>
+ <li><tt>manager-status</tt> - allows access to the just status pages</li>
+ </ul>
+ </p>
+ <p>
For more information - please see the
<a href="/docs/manager-howto.html">Manager App HOW-TO</a>.
</p>
--- /dev/null
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<%@ page import="org.apache.catalina.util.RequestUtil" %>
+<html>
+ <head>
+ <title>404 Not found</title>
+ <style>
+ <!--
+ BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
+ H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
+ PRE, TT {border: 1px dotted #525D76}
+ A {color : black;}A.name {color : black;}
+ -->
+ </style>
+ </head>
+ <body>
+ <h1>404 Not found</h1>
+ <p>
+ The page you tried to access
+ (<%=RequestUtil.filter((String) request.getAttribute(
+ "javax.servlet.error.request_uri"))%>)
+ does not exist.
+ </p>
+ <p>
+ The Manager application has been re-structured for Tomcat 7 onwards and some
+ of URLs have changed. All URLs used to access the Manager application should
+ now start with one of the following options:
+ <ul>
+ <li><%=request.getContextPath()%>/html for the HTML GUI</li>
+ <li><%=request.getContextPath()%>/text for the text interface</li>
+ <li><%=request.getContextPath()%>/jmxproxy for the JMX proxy</li>
+ <li><%=request.getContextPath()%>/status for the status pages</li>
+ </ul>
+ Note that the URL for the text interface has changed from
+ "<%=request.getContextPath()%>" to
+ "<%=request.getContextPath()%>/text".
+ </p>
+ <p>
+ You probably need to adjust the URL you are using to access the Manager
+ application. However, there is always a chance you have found a bug in the
+ Manager application. If you are sure you have found a bug, and that the bug
+ has not already been reported, please report it to the Apache Tomcat team.
+ </p>
+ </body>
+</html>
Manager lets you view, load/unload/etc particular web applications.
</description>
- <!-- Define the Manager Servlet
- Change servlet-class to: org.apache.catalina.servlets.HTMLManagerServlet
- to get a Servlet with a more intuitive HTML interface, don't change if you
- have software that is expected to parse the output from ManagerServlet
- since they're not compatible.
- -->
<servlet>
<servlet-name>Manager</servlet-name>
<servlet-class>org.apache.catalina.manager.ManagerServlet</servlet-class>
<!-- Define the Manager Servlet Mapping -->
<servlet-mapping>
<servlet-name>Manager</servlet-name>
- <url-pattern>/list</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/expire</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/sessions</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/start</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/stop</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/install</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/remove</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/deploy</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/undeploy</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/reload</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/save</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/serverinfo</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/roles</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Manager</servlet-name>
- <url-pattern>/resources</url-pattern>
+ <url-pattern>/text/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Status</servlet-name>
</resource-env-ref>
<!-- Define a Security Constraint on this Application -->
+ <!-- NOTE: None of these roles are present in the default users file -->
<security-constraint>
<web-resource-collection>
- <web-resource-name>HTMLManger and Manager command</web-resource-name>
- <url-pattern>/jmxproxy/*</url-pattern>
+ <web-resource-name>HTML Manger interface (for humans)</web-resource-name>
<url-pattern>/html/*</url-pattern>
- <url-pattern>/list</url-pattern>
- <url-pattern>/expire</url-pattern>
- <url-pattern>/sessions</url-pattern>
- <url-pattern>/start</url-pattern>
- <url-pattern>/stop</url-pattern>
- <url-pattern>/install</url-pattern>
- <url-pattern>/remove</url-pattern>
- <url-pattern>/deploy</url-pattern>
- <url-pattern>/undeploy</url-pattern>
- <url-pattern>/reload</url-pattern>
- <url-pattern>/save</url-pattern>
- <url-pattern>/serverinfo</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Text Manger interface (for scripts)</web-resource-name>
+ <url-pattern>/text/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager-scripts</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>JMX Proxy interface</web-resource-name>
+ <url-pattern>/jmxproxy/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager-jmx</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Status interface</web-resource-name>
<url-pattern>/status/*</url-pattern>
- <url-pattern>/roles</url-pattern>
- <url-pattern>/resources</url-pattern>
</web-resource-collection>
<auth-constraint>
- <!-- NOTE: This role is not present in the default users file -->
<role-name>manager</role-name>
+ <role-name>manager-scripts</role-name>
+ <role-name>manager-jmx</role-name>
+ <role-name>manager-status</role-name>
</auth-constraint>
</security-constraint>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
- The role that is required to log in to the Manager Application
+ The role that is required to access the HTML Manager pages
</description>
<role-name>manager</role-name>
</security-role>
+ <security-role>
+ <description>
+ The role that is required to access the text Manager pages
+ </description>
+ <role-name>manager-scripts</role-name>
+ </security-role>
+ <security-role>
+ <description>
+ The role that is required to access the HTML JMX Proxy
+ </description>
+ <role-name>manager-jmx</role-name>
+ </security-role>
+ <security-role>
+ <description>
+ The role that is required to access to the Manager Status pages
+ </description>
+ <role-name>manager-status</role-name>
+ </security-role>
<error-page>
<error-code>401</error-code>
<location>/401.jsp</location>
</error-page>
+ <error-page>
+ <error-code>404</error-code>
+ <location>/404.jsp</location>
+ </error-page>
</web-app>
projects / tomcat7.0 / commitdiff