TOMCAT 7配置问题 403 Access Denied

Posted 2023-04-19

<tomcat-users>
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->

<role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<user username="admin" password="secret" roles="manager-gui"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>

</tomcat-users>

这是错误页面的信息：
You are not authorized to view this page.

If you have already configured the Host Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Host Manager application. You will need to reset this protection by returning to the main Host Manager page. Once you return to this page, you will be able to continue using the Host Manager appliction's HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.

If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

我感觉没有错啊， 请高手指导

参考技术A 403无访问权限，不知你访问的哪个页面报的错。
1.
先把 <role rolename="tomcat"/>
<role rolename="role1"/>
<role rolename="manager-gui"/>
<user username="admin" password="secret" roles="manager-gui"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>

全注掉，看正常不。
如果还不正常，访问页面有什么提示？那可能是上面这个有错，找个正常的配置文件copy进来就好了。
看了其他人只改一个地方
我只这样改的：
<user username="admin" password="" roles="manager-gui"/>
主要是roles里的值不是以前的manager了，现在改成manager-gui就行了本回答被提问者和网友采纳 参考技术B <role rolename="manager" />
<user username="jason" password="admin" roles="manager" />
改成manager试试呢 参考技术C <!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
<role rolename="manager-gui"/>
<user username="admin" password="" roles="manager-gui"/>

Tomcat8.5管理页面403 Access Denied的解决方法

安装tomcat之后，访问server status、manager app、host manager等页面，出现403 Access Denied错误，

 

 

解决方法:

1.  在conf/tomcat-users.xml文件里面，在</tomcat-users>前面添加如下代码：

          <role rolename="manager-gui"/>

         <user username="tomcat" password="admin888" roles="manager-gui"  />

 

      注：如果要访问host manager，还需要做一些修改，改成如下：

          <role rolename="manager-gui"/>

         <user username="tomcat" password="admin888" roles="manager-gui,admin-gui"  />

      然后重启tomcat，重新访问manager app页面，如果此时仍然出现403 Access Denied错误，

     那么就是访问的ip地受到了限制，

 

2.  我们打开webapps/manager/META-INF/目录下context.xml文件，不是conf/目录下的context.xml文件

我们将里面的内容注释掉或者修改为

<Valve className="org.apache.catalina.valves.RemoteAddrValve"

allow="192\.168\.234\.\d+|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

 

注：如果要访问host manager，还需要修改webapps/host-manager/META-INF/目录下的context.xml文件，修改内容和上面一样。

保存，然后重启tomcat，重新访问server status、manager app页面，输出上面设置的用户名和密码，即可访问页面。