如何登录使用密码Tomcat Administration？

如何登录Tomcat Administration？

按照页面的帮助文档：

You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.

<role rolename="manager-gui"/>

<user username="tomcat" password="s3cret" roles="manager-gui"/>

Note that for Tomcat 6.0.30 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.

manager-gui - allows access to the HTML GUI and the status pages

manager-script - allows access to the text interface and the status pages

manager-jmx - allows access to the JMX proxy and the status pages

manager-status - allows access to the status pages only

The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:

The deprecated manager role should not be assigned to any user.

Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles.

If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.

我们可以知道，修改conf/tomcat-users.xml文件，可以实现用户密码与权限的分配,目前有四种角色可以设置：

manager-gui  允许用户访问HTML来看tomcat的状态页面

manager-script  允许用户访问命令界面(不能GUI看)和查看tomcat的status页面

manager-jmx 允许用户查看JMX代理和状态页面

manager-status  仅允许用户查看状态页面

默认情况下，是没有设置任何的密码与用户的，需要你自己设置 。

一、过时的经理用户不能分配给任何用户，现在为用户设置一个管理角色：

#vim /usr/local/tomcat/conf/tomcat-users.xml

<role rolename="manager-gui"/>

<user username="cheng" password="redhat" roles="manager-gui"/>

二、重启tomcat，测试！可以尝试打开status,Tomcat Manager页面进行测试！