0

我在下面配置了我的 tomcat-users.xml:

<?xml version='1.0' encoding='utf-8'?> 
<tomcat-users> 
<role rolename="tomcat"/> 
<role rolename="role1"/> 
<role rolename="manager"/> 
<role rolename="admin"/> 
<user username="admin" password="admin" roles="admin,manager"/> 
<user username="tomcat" password="tomcat" roles="tomcat"/> 
<user username="role1" password="tomcat" roles="role1"/> 
<user username="both" password="tomcat" roles="tomcat,role1"/>  
</tomcat-users>

webapps/dupload/task.html我在向 servlet 提交查询表单的页面下放置了一个 html 页面。html代码如下:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
 <TITLE>A Sample Form Using POST</TITLE>
</HEAD>

<BODY BGCOLOR="#FDF5E6">
<H2 ALIGN="CENTER">SimpleTaskQuery</H2>

<FORM ACTION="http://10.5.20.78:8080/mps4/ui/SimpleTaskQueryServlet"
   METHOD="POST">
 <CENTER>
Task Id:
 <INPUT TYPE="TEXT" NAME="id" VALUE="111"><BR>
 <INPUT TYPE="SUBMIT">
 </CENTER>
</FORM>

</BODY>
</HTML>

但是当我提交表单时,tomcat 给出了以下错误:

HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Apache Tomcat/7.0.26

我已经编辑了 tomcat-users.xml 并使用管理员用户帐户登录。为什么这仍然不起作用?

更新:

webapp 的 web.xml 如下: web.xml: 

 <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLManger and Manager command</web-resource-name>
      <url-pattern>/ui/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>viewer</role-name>
    </auth-constraint>
  </security-constraint>
  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>Tomcat Manager Application</realm-name>
  </login-config>
  <security-role>
    <description> </description>
    <role-name>viewer</role-name>
  </security-role>

我把 tomcat-users.xml 编辑到:</p> 

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="viewer"/>
<role rolename="admin"/>
<role rolename="tomcat"/>
<user username="admin" password="admin" roles="manager-gui"/>
<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>
</tomcat-users>

但是还是不行。</p>

4

2 回答 2

0

你应该解决这个问题:

<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui,manager-script"/>

该用户需要删除角色“manager-script”,以便他可以通过 html-interface 获得访问权限。所以它应该看起来像:

<user username="viewer" password="viewer" roles="admin,tomcat,manager-gui"/>
于 2015-01-28T20:35:07.960 回答
0

您的 web.xml 说需要角色“查看者”。您以没有该角色的管理员用户身份登录。

如下更新您的 tomcat-users.xml:

<user username="admin" password="admin" roles="manager-gui, viewer"/>;

奇怪的是,您的“查看者”用户也没有查看者角色,但这不是导致问题的原因(如果您以管理员身份登录)

于 2015-01-28T21:41:50.320 回答