Re: Unable to logon to /manager/html - "TOMCAT6"

Thu, 06 Mar 2014 08:04:16 -0800 

Konstantin,

On 3/6/2014 12:56 AM, Konstantin Kolinko wrote:

2014-03-06 11:13 GMT+04:00 Mark Eggers <its_toas...@yahoo.com>:

On 3/5/2014 10:08 PM, N, Ravikiran wrote:


Hi,


 From the documentation at
http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Supported_Manager_Commands:

All commands that the Manager application knows how to process are specified
in a single request URI like this:

http://{host}:{port}/manager/{command}?{parameters}



+1


You're trying to use Tomcat 7 commands on a Tomcat 6 instance.



He is trying to use GUI commands.


Thanks for clearing up my confusion.



If it is an up-to-date Tomcat 6, then those commands are protected
against CSRF exploit and thus cannot be called programmatically.

If it is an awfully old Tomcat 6 (like it seems they are using), then
there are no such roles as "manager-gui" and "manager-script", but it
is not protected against CSRF exploits either.




Looks like it was added in 6.0.34 (if I can read changelogs without 
coffee). So unless RedHat has added that into the patched RPM, then 
manager-gui and manager-script roles don't exist.



6.0.24 is rather old, but it might have been heavily patched by
maintainer, so I do not really know what it is.
http://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5



In general, RedHat is pretty good about back-porting patches to their 
RPMs. I don't know the particulars about their packaged version of 
Tomcat since I follow the advice given in the FAQ you posted.





I just tried the following on Tomcat 6.0.37 (I know, I'll upgrade in a bit,
this is on my local development machine):

wget --user=username --password=password \
      http://localhost:8080/manager/stop?path=/examples

This worked as expected for both users with a manager-gui role and a
manager-script role.

. . . . just my two cents
/mde/


Best regards,
Konstantin Kolinko


Off to make coffee before responding to any more mail.

Mark
/mde/


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org























					Reply via email to