HTTP Status 403 – Access to the requested resource has been

访问地址： http://localhost:8080/manager/status http://localhost:8080/manager/html 错误提示 HTTP Status 403 – Access to the requested resource has been denied type Status report message Access to the requested resource has been denied des

访问地址：

http://localhost:8080/manager/

本文来源gao!%daima.com搞$代*!码$网3

status

http://localhost:8080/manager/html

错误提示

HTTP Status 403 – Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.

Apache Tomcat/7.0.21

解决方法：

先进入manager所在目录
[root@localhost tomcat]# cd webapps/manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml

                HTML Manager interface (for humans)      /html/* 对应:http://localhost:8080/manager/html               manager-gui 定义了访问这个页面的角色名：manage-gui                  Text Manager interface (for scripts)      /text/*               manager-script                  JMX Proxy interface      /jmxproxy/*               manager-jmx                  Status interface     /status/* 对应：http://localhost:8080/manager/status                 manager-gui        manager-script       manager-jmx       manager-status

进入host-manager所在目录
[root@localhost tomcat]# cd webapps/host-manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml

            HTMLHostManager commands      /html/* 对应：http://192.168.14.219:8080/host-manager/html                      admin-gui 定义了管理角色名称

              The role that is required to log in to the Host Manager Application HTML interface        admin-gui              The role that is required to log in to the Host Manager Application text      interface        admin-script

编辑Tomcat用户配置文件,添加角色
[root@localhost tomcat]# vi conf/tomcat-users.xml

<!---ecms -ecms   NOTE:  The sample user and role entries below are wrapped in a comment  and thus are ignored when reading this file. Do not forget to remove   that surrounds them.--><!---ecms -ecms  这里有个注释符号去掉，使下面的生效           <user username="manager" password="manager" roles="manager-gui,admin-gui"/>      --> 这里有个注释符号去掉，是下面的生效

重启 tomcat

[root@localhost tomcat]# ./bin/shutdown.sh
[root@localhost tomcat]# ./bin/startup.sh

总结：
虚拟目录/WEB-INF/web.xml一般定义了访问这个目录的安全角色名称，得知这个安全角色名称后便可在conf/tomcat-users.xml添加对应的访问角色，获得访问权限。（于是这里也是个黑客可以利用的后门。。。）

搞代码网（gaodaima.com）提供的所有资源部分来自互联网，如果有侵犯您的版权或其他权益，请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected]‍，我们会在看到邮件的第一时间内为您处理，或直接联系QQ：872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接：HTTP Status 403 – Access to the requested resource has been

错误提示

HTTP Status 403 – Access to the requested resource has been denied

Apache Tomcat/7.0.21

解决方法：

Hi，您需要填写昵称和邮箱！