Hi Mark, Thanks, with your help, I find out this link: http://onjava.com/onjava/2001/07/24/tomcat.html, seems you need me setup MemoryRealm, then setup security constraint in webapps/manager/WEB-INF/web.xml
There is an exist role "manager" , I try to understand it and add a new role "restart" in this web.xml, always get permission deny. So could you please give some instruction on how to setup below URL to that role "restart" only? http://hostname:8181/manager/html/stop?path=/APPNAME http://hostname:8181/manager/html/start?path=/APPNAME Regards, Bill On Thu, Nov 24, 2011 at 7:06 PM, <ma...@apache.org> wrote: > Bill Wang <bw57...@gmail.com> wrote: > > >Hi Tomcat guru, > > > >I have questions for the tomcat user roles setup. > > > >On-call team (24*7 support) need permission to restart one tomcat > >services, if they get call. I think it is maybe possible to let them > >restart tomcat throught "Tomcat Web Application Manager" (the admin url > >http://server:port/manager) > > > >My request is, I can't give the admin username and password directly to > >on-call team, admin account can not only restart the application, it > >can > >deploy and undeploy applications, that's too dangerous. > > > >So how can I setup the tomcat-users.xml or other config file to let > >on-call > >team has only permission to restart that particular application, not > >else. > > > >Regards, > >Bill > > You can create a new role in web.xml called restart and limit it to the > list, start and stop commands since each command is part of the URL. Then > you assign that role to a new user in your Realm. > > I'm on my phone so can't give an exact example. If that isn't enough info, > I'm sure someone else can fill in the gaps for you. > > Mark > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
