tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Wang <bw57...@gmail.com>
Subject Re: Tomcat user roles
Date Fri, 09 Dec 2011 00:33:02 GMT
Thanks to all for the explanation.

I have a new question regarding the admin role.

With default setup, if I login as admin, I can start,stop, undeploy and
deploy the application. Now, because the admin password has been shared by
team, and I can't not share it with team.

So I plan to disable undeploy and deploy function from the web admin URL
for the admin account. If anyone need deploy new version, they have to
login the Unix box to do it manually. With that I can trace and have
records easily.

So I edit the file webapps/manager/WEB-INF/web.xml, and remove all the xml
sessions for remove, install, undeploy, deploy and save. But after I
restart the tomcat server, *I still can deploy and undeploy*.

Something I missed?

part of tomcat-users.xml

  <role rolename="manager"/>
  <role rolename="tomcat"/>
  <role rolename="admin"/>
  <role rolename="role1"/>
  <role rolename="monitoring"/>
  <user username="admin" password="XXX" roles="admin,manager"/>
  <user username="monitoring" password="XXX" roles="monitoring"/>

Below are the lines I remove from the web.xml file.

  <servlet-mapping>
    <servlet-name>Manager</servlet-name>
      <url-pattern>/install</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>Manager</servlet-name>
      <url-pattern>/remove</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>Manager</servlet-name>
      <url-pattern>/deploy</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
    <servlet-name>Manager</servlet-name>
      <url-pattern>/undeploy</url-pattern>
  </servlet-mapping>

      <url-pattern>/remove</url-pattern>
      <url-pattern>/deploy</url-pattern>
      <url-pattern>/undeploy</url-pattern>
      <url-pattern>/reload</url-pattern>

I don't find the admin part in web.xml.

Regards,
Bill

On Wed, Nov 30, 2011 at 5:25 AM, Mark Thomas <markt@apache.org> wrote:

> On 29/11/2011 17:05, Christopher Schultz wrote:
> > Mark,
> >
> > On 11/29/11 11:15 AM, markt@apache.org wrote:
> >> Christopher Schultz <chris@christopherschultz.net> wrote:
> >
> >>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >>>
> >>> Bill,
> >>>
> >>> On 11/28/11 7:08 PM, Bill Wang wrote:
> >>>> Here I have the last question, what's the reload option, is
> >>>> it same as stop/start?
> >>>
> >>> According to markt (who is known to be occasionally
> >>> trustworthy):
> >>>
> >>> reload = stop + start
> >
> >> I'm pretty sure I didn't say that.
> >
> > Sorry, you said:
> >
> > On 11/25/11 12:47 PM, Mark Thomas wrote:
> >> There is no such command as restart. You'll need:
> >> <url-pattern>/html/stop</url-pattern>
> >> <url-pattern>/html/start</url-pattern>
> >
> > I drew my own (perhaps incorrect) conclusion from that.
>
> In short:
> reload != restart
>
> Fuller explanation below. There is a subtle but important difference.
>
> Mark
>
> >> Reload keeps the same Context object (and doesn't reread the
> >> Context config) but does re-read web.xml and allows Jars to be
> >> updated.
> >
> >> Stop/start creates a new Context object (as well as re-reading
> >> web.xml) and is therefore is a full restart of the context.
> >> Reload is sort of half a restart. There is no single command
> >> equivalent to stop/start.
> >
> > Gotcha.
> >
> > -chris
> >
> > ---------------------------------------------------------------------
> >
> >
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message