On 22/12/2011 15:00, Peter Šály wrote: > Hi all, > > I want to point on wrong setting example for tomcat manager in the > documentation: > http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access
It is not wrong. You just omitted the line beforehand: "This file contains an XML <user> for each individual user, which *might* look something like this:" (Starred as my emphasis.) > <user name="craigmcc" password="secret" roles="standard,manager-script" /> > > What should I put in tomcat-users.xml to access tomcat manager web app?? It depends how you want to access it. Assuming you are using Tomcat 7.0.x, if you want to use a web-browser you need the "manager-gui" role defined and configured for a user. Please not, it says below the line you reference: "The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection: users with the manager-gui role should not be granted either the manager-script or manager-jmx roles. if the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session." p -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
