On 25 Nov 2011, at 04:43, Bill Wang <bw57...@gmail.com> wrote: > Hi Mark, > > Thanks, with your help, I find out this link: > http://onjava.com/onjava/2001/07/24/tomcat.html,
2001! :) p > seems you need me setup > MemoryRealm, then setup security constraint > in webapps/manager/WEB-INF/web.xml > > There is an exist role "manager" , I try to understand it and add a new > role "restart" in this web.xml, always get permission deny. > > So could you please give some instruction on how to setup below URL to that > role "restart" only? > > http://hostname:8181/manager/html/stop?path=/APPNAME > http://hostname:8181/manager/html/start?path=/APPNAME > > Regards, > Bill > On Thu, Nov 24, 2011 at 7:06 PM, <ma...@apache.org> wrote: > >> Bill Wang <bw57...@gmail.com> wrote: >> >>> Hi Tomcat guru, >>> >>> I have questions for the tomcat user roles setup. >>> >>> On-call team (24*7 support) need permission to restart one tomcat >>> services, if they get call. I think it is maybe possible to let them >>> restart tomcat throught "Tomcat Web Application Manager" (the admin url >>> http://server:port/manager) >>> >>> My request is, I can't give the admin username and password directly to >>> on-call team, admin account can not only restart the application, it >>> can >>> deploy and undeploy applications, that's too dangerous. >>> >>> So how can I setup the tomcat-users.xml or other config file to let >>> on-call >>> team has only permission to restart that particular application, not >>> else. >>> >>> Regards, >>> Bill >> >> You can create a new role in web.xml called restart and limit it to the >> list, start and stop commands since each command is part of the URL. Then >> you assign that role to a new user in your Realm. >> >> I'm on my phone so can't give an exact example. If that isn't enough info, >> I'm sure someone else can fill in the gaps for you. >> >> Mark >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org