403 tomcat 管理器页面访问被拒绝

403 tomcat 管理器页面访问被拒绝

我在 Google Cloud 上的 Centos7 上安装了 Tomcat。Tomcat 可以运行,但我无法访问 Tomcat 管理器页面。

我的 /opt/tomcat/conf/tomcat-users.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <!--
      Licensed to the Apache Software Foundation (ASF) under one or more
      contributor license agreements.  See the NOTICE file distributed with
      this work for additional information regarding copyright ownership.
      The ASF licenses this file to You under the Apache License, Version 2.0
      (the "License"); you may not use this file except in compliance with
      the License.  You may obtain a copy of the License at
          http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    -->
    <tomcat-users xmlns="http://tomcat.apache.org/xml"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
                  version="1.0">
    <!--
      By default, no user is included in the "manager-gui" role required
      to operate the "/manager/html" web application.  If you wish to use this app,
      you must define such a user - the username and password are arbitrary.
      Built-in Tomcat manager roles:
        - manager-gui    - allows access to the HTML GUI and the status pages
        - manager-script - allows access to the HTTP API and the status pages
        - manager-jmx    - allows access to the JMX proxy and the status pages
        - manager-status - allows access to the status pages only
      The users below are wrapped in a comment and are therefore ignored. If you
      wish to configure one or more of these users for use with the manager web
      application, do not forget to remove the <!.. ..> that surrounds them. You
      will also need to set the passwords to something appropriate.
    -->
    <!--
      <user username="admin" password="<must-be-changed>" roles="manager-gui"/>
      <user username="robot" password="<must-be-changed>" roles="manager-script"/>
    -->
    <!--
      The sample user and role entries below are intended for use with the
      examples web application. They are wrapped in a comment and thus are ignored
      when reading this file. If you wish to configure these users for use with the
      examples web application, do not forget to remove the <!.. ..> that surrounds
      them. You will also need to set the passwords to something appropriate.
    -->
    <role rolename="admin-gui"/>
    <role rolename="manager-gui"/>
    <user username="admin" password="notmyrealpassword" roles="admin-gui,manager-gui"/>
    </tomcat-users>

/opt/tomcat/webapps/manager/META-INF/context.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <!--
      Licensed to the Apache Software Foundation (ASF) under one or more
      contributor license agreements.  See the NOTICE file distributed with
      this work for additional information regarding copyright ownership.
      The ASF licenses this file to You under the Apache License, Version 2.0
      (the "License"); you may not use this file except in compliance with
      the License.  You may obtain a copy of the License at
    
          http://www.apache.org/licenses/LICENSE-2.0
    
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    -->
    <Context antiResourceLocking="false" privileged="true" >
      <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
                       sameSiteCookies="strict" />
    <!--
      <Valve className="org.apache.catalina.valves.RemoteAddrValve"
             allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
    -->
    <!--  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> -->
      <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
    </Context>

/opt/tomcat/webapps/host-manager/META-INF/context.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <!--
      Licensed to the Apache Software Foundation (ASF) under one or more
      contributor license agreements.  See the NOTICE file distributed with
      this work for additional information regarding copyright ownership.
      The ASF licenses this file to You under the Apache License, Version 2.0
      (the "License"); you may not use this file except in compliance with
      the License.  You may obtain a copy of the License at
    
          http://www.apache.org/licenses/LICENSE-2.0
    
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS,
      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      See the License for the specific language governing permissions and
      limitations under the License.
    -->
    <Context antiResourceLocking="false" privileged="true" >
      <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
                       sameSiteCookies="strict" />
    <!--  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
             allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
    -->
    <!--  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> -->
      <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
    </Context>

答案1

尝试注释倒数第二行。只需将“-->”放在下面两行即可。

<!-- 管理器 sessionAttributeValueClassNameFilter="java.lang.(?:Boolean|Integer|Long|Number|String)|org.apache.catalina.filters.CsrfPreventionFilter$LruCache(?:$1)?|java.util.(?:Linked)?HashMap"/> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.\d+.\d+.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
-->

如果您已在 tomcat/conf/server.xml 中配置了任何领域,请尝试不使用它们。祝您好运!

答案2

部署war包时经常出现403 Access Denied,下面可以供大家参考!
我用的是Ubuntu 22.04,Tomcat9,目录可能和你的不一样,但是配置文件名可以一样!

1.设置允许访问Tomcat9 manager的IP:
sudo vim /etc/tomcat9/Catalina/localhost/manager.xml
add<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="your allowed IPs here" denyStatus="404"/>
此项保存退出即可生效,无需重启Tomcat9。

2.sudo vim /usr/share/tomcat9-admin/manager/META-INF/context.xml
将您允许的 IP 添加到 allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"
例如。 allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|10\.10\.10\.\d+"

希望对您有帮助!

相关内容