访问地址: http://localhost:8080/manager/status http://localhost:8080/manager/html 错误提示 HTTP Status 403 – Access to the requested resource has been denied type Status report message Access to the requested resource has been denied des
访问地址:
http://localhost:8080/manager/status
http://localhost:8080/manager/html
错误提示
HTTP Status 403 – Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Apache Tomcat/7.0.21解决方法:
先进入manager所在目录
[root@localhost tomcat]# cd webapps/manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xmlHTML Manager interface (for humans) /html/* 对应:http://localhost:8080/manager/html manager-gui 定义了访问这个页面的角色名:manage-gui Text Manager interface (for scripts) /text/* manager-script JMX Proxy interface /jmxproxy/* manager-jmx Status interface /status/* 对应:http://localhost:8080/manager/status manager-gui manager-script manager-jmx manager-status进入host-manager所在目录
[root@localhost tomcat]# cd webapps/host-manager/WEB-INF/
查看 web.xml
[root@localhost WEB-INF]# more web.xmlHTMLHostManager commands /html/* 对应: http://192.168.14.219:8080/host-manager/ htm l admin-gui 定义了管理角色名称The role that is required to log in to the Host Manager Application HTML interface admin-gui The role that is required to log in to the Host Manager Application text interface admin-script
编辑Tomcat用户配置文件,添加角色
[root@localhost tomcat]# vi conf/tomcat-users.xmlthat surrounds them. --> > --> 这里有个注释符号去掉,是下面的生效重启 tomcat
[root@localhost tomcat]# ./bin/shutdown.sh
[root@localhost tomcat]# ./bin/startup.sh
总结:
虚拟目录/WEB-INF/web.xml一般定义了访问这个目录的安全角色名称,得知这个安全角色名称后便可在conf/tomcat-users.xml添加对应的访问角色,获得访问权限。(于是这里也是个黑客可以利用的后门。。。)查看更多关于HTTPStatus403–Accesstotherequestedresourcehasbeen的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did95898