欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  数据库

HTTP Status 403 – Access to the requested resource has been

程序员文章站 2024-01-11 09:08:34
...

访问地址: http://localhost:8080/manager/status http://localhost:8080/manager/html 错误提示 HTTP Status 403 – Access to the requested resource has been denied type Status report message Access to the requested resource has been denied des

访问地址:

http://localhost:8080/manager/status

http://localhost:8080/manager/html

错误提示

HTTP Status 403 – Access to the requested resource has been denied


type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


Apache Tomcat/7.0.21

解决方法:

先进入manager所在目录
[root@localhost tomcat]# cd webapps/manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml

  
  
  HTML Manager interface (for humans) /html/* 对应:http://localhost:8080/manager/html
     manager-gui 定义了访问这个页面的角色名:manage-gui
    Text Manager interface (for scripts)/text/*manager-scriptJMX Proxy interface/jmxproxy/*manager-jmxStatus interface /status/* 对应:http://localhost:8080/manager/status  
     manager-gui
       manager-scriptmanager-jmxmanager-status

进入host-manager所在目录
[root@localhost tomcat]# cd webapps/host-manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xml

  HTMLHostManager commands/html/*对应:http://192.168.14.219:8080/host-manager/html
     admin-gui 定义了管理角色名称
  
  The role that is required to log in to the Host Manager Application HTML
 interface
    admin-gui
  
      The role that is required to log in to the Host Manager Application text
      interface
    admin-script

编辑Tomcat用户配置文件,添加角色
[root@localhost tomcat]# vi conf/tomcat-users.xml


  
  
  >
  --> 这里有个注释符号去掉,是下面的生效

重启 tomcat

[root@localhost tomcat]# ./bin/shutdown.sh
[root@localhost tomcat]# ./bin/startup.sh

HTTP Status 403 – Access to the requested resource has been

总结:
虚拟目录/WEB-INF/web.xml一般定义了访问这个目录的安全角色名称,得知这个安全角色名称后便可在conf/tomcat-users.xml添加对应的访问角色,获得访问权限。(于是这里也是个黑客可以利用的后门。。。)