Rumah > pangkalan data > tutorial mysql > HTTP Status 403 – Access to the requested resource has been

HTTP Status 403 – Access to the requested resource has been

WBOY
Lepaskan: 2016-06-07 15:30:43
asal
6109 orang telah melayarinya

访问地址: http://localhost:8080/manager/status http://localhost:8080/manager/html 错误提示 HTTP Status 403 – Access to the requested resource has been denied type Status report message Access to the requested resource has been denied des

访问地址:

http://localhost:8080/manager/status

http://localhost:8080/manager/html

错误提示

HTTP Status 403 – Access to the requested resource has been denied


type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


Apache Tomcat/7.0.21

解决方法:

先进入manager所在目录
[root@localhost tomcat]# cd webapps/manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more  web.xml

  <!-- Define a Security Constraint on this Application -->
  <!-- NOTE:  None of these roles are present in the default users file -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTML Manager interface (for humans)</web-resource-name>
     <span> <url-pattern>/html/*</url-pattern> 对应:http://localhost:8080/manager/html</span>
    </web-resource-collection>
    <auth-constraint>
      <span> <role-name>manager-gui</role-name> 定义了访问这个页面的角色名:manage-gui</span>
    </auth-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Text Manager interface (for scripts)</web-resource-name>
      <url-pattern>/text/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>manager-script</role-name>
    </auth-constraint>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>JMX Proxy interface</web-resource-name>
      <url-pattern>/jmxproxy/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>manager-jmx</role-name>
    </auth-constraint>
  </security-constraint>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Status interface</web-resource-name>
    <span> <url-pattern>/status/*</url-pattern> 对应:http://localhost:8080/manager/status  </span>
    </web-resource-collection>
    <auth-constraint>
      <span> <role-name>manager-gui</role-name> </span>
       <role-name>manager-script</role-name>
       <role-name>manager-jmx</role-name>
       <role-name>manager-status</role-name>
    </auth-constraint>
  </security-constraint>
Salin selepas log masuk

进入host-manager所在目录
[root@localhost tomcat]# cd webapps/host-manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more  web.xml

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>HTMLHostManager commands</web-resource-name>
      <url-pattern><span>/html/*</span></url-pattern> <span>对应:<span>http://192.168.14.219:8080/host-manager/</span>htm</span>l
    </web-resource-collection>
    <auth-constraint>
       <!-- NOTE:  This role is not present in the default users file -->
      <span> <role-name>admin-gui</role-name> 定义了管理角色名称</span></auth-constraint>
  </security-constraint>
Salin selepas log masuk
  <!-- Security roles referenced by this web application -->
  <security-role>
    <description>
      <span>The role that is required to log in to the Host Manager Application HTML</span>
<span> interface</span>
    </description>
    <span><role-name>admin-gui</role-name></span>
  </security-role>
  <security-role>
    <description>
      The role that is required to log in to the Host Manager Application text
      interface
    </description>
    <role-name>admin-script</role-name>
  </security-role>
Salin selepas log masuk

 

编辑Tomcat用户配置文件,添加角色
[root@localhost tomcat]# vi conf/tomcat-users.xml

<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
<span><!-- 这里有个注释符号去掉,使下面的生效</span>
  <role rolename="tomcat"/>
  <role rolename="role1"/>
<!--添加管理页面访问角色-->
 <span> <role rolename="manager-gui"></role> </span>
 <span> <role rolename="admin-gui"></role></span>
  <span><user username="manager" password="manager" roles="manager-gui,admin-gui">>
  <user username="tomcat" password="tomcat" roles="tomcat"></user>
  <user username="both" password="tomcat" roles="tomcat,role1"></user>
  <user username="role1" password="tomcat" roles="role1"></user>
<span>--> 这里有个注释符号去掉,是下面的生效</span>
</user></span></span></tomcat-users>
Salin selepas log masuk

重启 tomcat

[root@localhost tomcat]# ./bin/shutdown.sh
[root@localhost tomcat]# ./bin/startup.sh

总结:
虚拟目录/WEB-INF/web.xml一般定义了访问这个目录的安全角色名称,得知这个安全角色名称后便可在conf/tomcat-users.xml添加对应的访问角色,获得访问权限。(于是这里也是个黑客可以利用的后门。。。)


Label berkaitan:
sumber:php.cn
Kenyataan Laman Web ini
Kandungan artikel ini disumbangkan secara sukarela oleh netizen, dan hak cipta adalah milik pengarang asal. Laman web ini tidak memikul tanggungjawab undang-undang yang sepadan. Jika anda menemui sebarang kandungan yang disyaki plagiarisme atau pelanggaran, sila hubungi admin@php.cn
Tutorial Popular
Lagi>
Muat turun terkini
Lagi>
kesan web
Kod sumber laman web
Bahan laman web
Templat hujung hadapan