tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <>
Subject Re: Error in documentation
Date Thu, 22 Dec 2011 15:17:23 GMT
On 22/12/2011 15:00, Peter Šály wrote:
> Hi all,
> I want to point on wrong setting example for tomcat manager in the
> documentation:

It is not wrong.  You just omitted the line beforehand:

"This file contains an XML <user> for each individual user, which
*might* look something like this:"		

(Starred as my emphasis.)

> <user name="craigmcc" password="secret" roles="standard,manager-script" />
> What should I put in tomcat-users.xml to access tomcat manager web app??

It depends how you want to access it.

Assuming you are using Tomcat 7.0.x, if you want to use a web-browser
you need the "manager-gui" role defined and configured for a user.

Please not, it says below the line you reference:

"The HTML interface is protected against CSRF but the text and JMX
interfaces are not. To maintain the CSRF protection:

users with the manager-gui role should not be granted either the
manager-script or manager-jmx roles.
if the text or jmx interfaces are accessed through a browser (e.g. for
testing since these interfaces are intended for tools not humans) then
the browser must be closed afterwards to terminate the session."




View raw message