HTTP Status 403 – Access to the requested resource has been denied
来源:互联网 发布:交换机端口设置ip 编辑:程序博客网 时间:2024/05/21 15:01
访问地址:
http://localhost:8080/manager/status
http://localhost:8080/manager/html
错误提示
HTTP Status 403 – Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Apache Tomcat/7.0.21
解决方法:
先进入manager所在目录
[root@localhost tomcat]# cd webapps/manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml
<!-- Define a Security Constraint on this Application --> <!-- NOTE: None of these roles are present in the default users file --> <security-constraint> <web-resource-collection> <web-resource-name>HTML Manager interface (for humans)</web-resource-name> <url-pattern>/html/*</url-pattern> 对应:http://localhost:8080/manager/html </web-resource-collection> <auth-constraint> <role-name>manager-gui</role-name> 定义了访问这个页面的角色名:manage-gui </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Text Manager interface (for scripts)</web-resource-name> <url-pattern>/text/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager-script</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>JMX Proxy interface</web-resource-name> <url-pattern>/jmxproxy/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>manager-jmx</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Status interface</web-resource-name> <url-pattern>/status/*</url-pattern> 对应:http://localhost:8080/manager/status </web-resource-collection> <auth-constraint> <role-name>manager-gui</role-name> <role-name>manager-script</role-name> <role-name>manager-jmx</role-name> <role-name>manager-status</role-name> </auth-constraint> </security-constraint>
进入host-manager所在目录
[root@localhost tomcat]# cd webapps/host-manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml
<security-constraint> <web-resource-collection> <web-resource-name>HTMLHostManager commands</web-resource-name> <url-pattern>/html/*</url-pattern> 对应:http://192.168.14.219:8080/host-manager/html </web-resource-collection> <auth-constraint> <!-- NOTE: This role is not present in the default users file --> <role-name>admin-gui</role-name> 定义了管理角色名称</auth-constraint> </security-constraint>
<!-- Security roles referenced by this web application --> <security-role> <description> The role that is required to log in to the Host Manager Application HTML interface </description> <role-name>admin-gui</role-name> </security-role> <security-role> <description> The role that is required to log in to the Host Manager Application text interface </description> <role-name>admin-script</role-name> </security-role>
编辑Tomcat用户配置文件,添加角色
[root@localhost tomcat]# vi conf/tomcat-users.xml
<tomcat-users><!-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary.--><!-- NOTE: The sample user and role entries below are wrapped in a comment and thus are ignored when reading this file. Do not forget to remove <!.. ..> that surrounds them.--><!-- 这里有个注释符号去掉,使下面的生效 <role rolename="tomcat"/> <role rolename="role1"/><!--添加管理页面访问角色--> <role rolename="manager-gui"/> <role rolename="admin-gui"/> <user username="manager" password="manager" roles="manager-gui,admin-gui"/> <user username="tomcat" password="tomcat" roles="tomcat"/> <user username="both" password="tomcat" roles="tomcat,role1"/> <user username="role1" password="tomcat" roles="role1"/>--> 这里有个注释符号去掉,是下面的生效</tomcat-users>
重启 tomcat
[root@localhost tomcat]# ./bin/shutdown.sh
[root@localhost tomcat]# ./bin/startup.sh
总结:
虚拟目录/WEB-INF/web.xml一般定义了访问这个目录的安全角色名称,得知这个安全角色名称后便可在conf/tomcat-users.xml添加对应的访问角色,获得访问权限。(于是这里也是个黑客可以利用的后门。。。)
- HTTP Status 403 – Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- [Tomcat]HTTP Status 403 - Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- tomcat HTTP Status 403 - Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource has been denied
- Access to the requested resource has been denied
- Access to the requested resource has been denied
- TOMCAT "Access to the requested resource has been denied" 的解决办法
- Tomcat进入manager页面--Access to the requested resource has been denied
- HTTP Status 403 - Access to the requested resource
- 上传自己的镜像被拒绝denied: requested access to the resource is denied
- 上传自己的镜像被拒绝denied: requested access to the resource is denied
- DOCKER push失败:denied: requested access to the resource is denied
- 上传自己的镜像被拒绝denied: requested access to the resource is denied
- Fedora16 使用mono和silverlight
- 使用WebRequest 检测 手机号归属地。 C#通用 使用json 和可设定超时的WebClient
- Android笔记 26:标准化时间,让app的时间在全球运行一致
- unlink使用的时候需要注意的问题。
- SQL Server 2008 Analysis Services 入门教案
- HTTP Status 403 – Access to the requested resource has been denied
- 正则表达式使用
- poj 3261 Milk Patterns 【后缀数组】
- 用NDK编译FFmpeg
- json在线小工具
- El表达式判断是否为空
- c# 的一些基本知识回顾
- curl工具使用指南
- List列表实现统计文档中单词出现的次数
