In many production environments, it is very useful to have the capability to deploy a new web application, or undeploy an existing one, without having to shut down and restart the entire container. In addition, you can request an existing application to reload itself, even if you have not declared it to be reloadable in the Tomcat 6 server configuration file.
To support these capabilities, Tomcat 6 includes a web application (installed by default on context path /manager) that supports the following functions:
- Deploy a new web application from the uploaded contents of a WAR file.
- Deploy a new web application, on a specified context path, from the server file system.
- List the currently deployed web applications, as well as the sessions that are currently active for those web apps.
- Reload an existing web application, to reflect changes in the contents of /WEB-INF/classes or /WEB-INF/lib.
- List the OS and JVM property values.
- List the available global JNDI resources, for use in deployment tools that are preparing <ResourceLink> elements nested in a <Context> deployment description.
- List the available security roles defined in the user database.
- Start a stopped application (thus making it available again).
- Stop an existing application (so that it becomes unavailable), but do not undeploy it.
- Undeploy a deployed web application and delete its document base directory (unless it was deployed from file system).
Configuring Manager Application access:
It would be quite unsafe to ship Tomcat with default settings that allowed anyone on the Internet to execute the Manager application on your server. Therefore, the Manager application is shipped with the requirement that anyone who attempts to use it must authenticate themselves, using a username and password that have the appropriate role associated with them. Further, there is no username in the default users file ($CATALINA_BASE/conf/tomcat-users.xml) that is assigned an appropriate role. Therefore, access to the Manager application is completely disabled by default.
To enable access to the Manager web application, you must either create a new username/password combination and associate on of the manager roles with it, or add a manager role to some existing username/password combination. There are four roles defined by the manager application:
- manager-gui - Allows access to the html interface
- manager-script - Allows access to the plain text interface
- manager-jmx - Allows access to the JMX proxy interface
- manager-status - Allows access to the read-only status pages
The manager application is configured to use the CSRF prevention filter. For this filter to be effective, any user assigned the manager-gui role must not be assigned the manager-script nor the manager-jmx roles.
Exactly where roles are associated to users depends on which Realm implementation you are using:
MemoryRealm
If you have not customized your $CATALINA_BASE/conf/server.xml to select a different one, Tomcat 6 defaults to an XML-format file stored at $CATALINA_BASE/conf/tomcat-users.xml, which can be edited with any text editor. This file contains an XML <user> for each individual user, which might look something like this:
which defines the username and password used by this individual to log on, and the role names he or she is associated with. You can add a role, e.g. manager-gui, to the comma-delimited roles attribute for one or more existing users, and/or create new users with that assigned role.
JDBCRealm
Your user and role information is stored in a database accessed via JDBC. Add the required role(s) to one or more existing users, and/or create one or more new users with the required role(s) assigned, following the standard procedures for your environment.
JNDIRealm
Your user and role information is stored in a directory server accessed via LDAP. Add the required role(s) to one or more existing users, and/or create one or more new users with the required role(s) assigned, following the standard procedures for your environment. Creating a user to access the Manager application:
Navigate to $CATALINA_HOME/conf
Open the tomcat-users.xml
Append the following before </tomcat-users>
<role rolename="manager-gui"/>
<user username="surendra" password="surendra" roles="manager-gui"/>
Save the file and restart the server.
Now enter the following url
http://localhost:8080
Click on Tomcat Manager
Enter the username and password.
Click Ok.
0 comments:
Post a Comment