为什么 Ant 在部署时返回 403?
我正在尝试部署到 Tomcat 7 中的 war 文件。它给了我以下错误。
deploy:
[echo] Deploying on Tomcat.
BUILD FAILED
C:\Users\coder\workspace\projectName\build.xml:84: java.io.IOException: Server returned
HTTP response code: 403 for URL: http://localhost:8090/manager/deploy?path=%2FprojectName
这是我的构建文件
<project name="ProjectName" default="main"
basedir=".">
<!-- Tell ant to use my environment variables -->
<property environment="env"/>
<property file="./build.properties"/>
<property name="username" value="someUsername"/>
<property name="password" value="somePassword"/>
<taskdef name="deploy" classname="org.apache.catalina.ant.DeployTask"/>
<property name="tomcat.home"
value="${env.CATALINA_HOME}"/>
<property name="hibernate.home"
value="${env.CATALINA_HOME}"/>
<property name="servlet.jar"
value="${tomcat.home}/common/lib/servlet-api.jar"/>
<property name="jsp.jar"
value="${tomcat.home}/common/lib/jsp-api.jar"/>
<property name="hibernate.jar" value="C:/hibernate-distribution-3.6.4.Final/hibernate3.jar"/>
<property name="deploy.dir"
value="${tomcat.home}/webapps"/>
<property name="build.compiler" value="modern"/>
<property name="build.dir" value="build" />
<property name="src.dir" value="src"/>
<property name="war.file" value="projectName"/>
<property name="war.file.name" value="${war.file}.war"/>
<path id="project.class.path">
<fileset dir="./WEB-INF/lib/">
<include name="**/*.jar"/>
</fileset>
<pathelement path="${src.dir}"/>
<pathelement path="${servlet.jar}"/>
<pathelement path="${jsp.jar}"/>
<pathelement path="${hibernate.jar}"/>
</path>
<target name="clean">
<delete dir="${build.dir}" includeEmptyDirs="true" />
</target>
<target name="prep">
<mkdir dir="${build.dir}"/>
</target>
<target name="compile">
<javac srcdir="${src.dir}"
destdir="${build.dir}"
debug="on"
deprecation="on">
<include name="**/*.java"/>
<classpath refid="project.class.path"/>
</javac>
</target>
<target name="cleanWebApp">
<delete file="${deploy.dir}/${war.file.name}" />
<delete dir="${deploy.dir}/${war.file}"
includeEmptyDirs="true" />
</target>
<target name="war">
<war warfile="${war.file.name}"
webxml="./WEB-INF/web.xml">
<fileset dir="./" includes="**/*.*" excludes="*.war,
**/*.nbattrs, web.xml, **/WEB-INF/**/*.*,
**/project-files/**/*.*"/>
<webinf dir="./WEB-INF" includes="**/*"
excludes="web.xml, **/*.jar, **/*.class"/>
<lib dir="./WEB-INF/lib"/>
<classes dir="${build.dir}"/>
<classes dir="${src.dir}">
<include name="**/*.properties"/>
</classes>
</war>
</target>
<target name="deploy">
<echo message="Deploying on Tomcat." />
<deploy url="http://localhost:8090/manager" username="someUsername"
password="somePassword" path="/projectName" war="./${war.file.name}" />
</target>
<target name="main" depends="clean, prep, cleanWebApp,
compile, war, deploy"/>
</project>
I'm attempting to deploy to a war file in Tomcat 7. It's giving me the following error.
deploy:
[echo] Deploying on Tomcat.
BUILD FAILED
C:\Users\coder\workspace\projectName\build.xml:84: java.io.IOException: Server returned
HTTP response code: 403 for URL: http://localhost:8090/manager/deploy?path=%2FprojectName
Here's my build file
<project name="ProjectName" default="main"
basedir=".">
<!-- Tell ant to use my environment variables -->
<property environment="env"/>
<property file="./build.properties"/>
<property name="username" value="someUsername"/>
<property name="password" value="somePassword"/>
<taskdef name="deploy" classname="org.apache.catalina.ant.DeployTask"/>
<property name="tomcat.home"
value="${env.CATALINA_HOME}"/>
<property name="hibernate.home"
value="${env.CATALINA_HOME}"/>
<property name="servlet.jar"
value="${tomcat.home}/common/lib/servlet-api.jar"/>
<property name="jsp.jar"
value="${tomcat.home}/common/lib/jsp-api.jar"/>
<property name="hibernate.jar" value="C:/hibernate-distribution-3.6.4.Final/hibernate3.jar"/>
<property name="deploy.dir"
value="${tomcat.home}/webapps"/>
<property name="build.compiler" value="modern"/>
<property name="build.dir" value="build" />
<property name="src.dir" value="src"/>
<property name="war.file" value="projectName"/>
<property name="war.file.name" value="${war.file}.war"/>
<path id="project.class.path">
<fileset dir="./WEB-INF/lib/">
<include name="**/*.jar"/>
</fileset>
<pathelement path="${src.dir}"/>
<pathelement path="${servlet.jar}"/>
<pathelement path="${jsp.jar}"/>
<pathelement path="${hibernate.jar}"/>
</path>
<target name="clean">
<delete dir="${build.dir}" includeEmptyDirs="true" />
</target>
<target name="prep">
<mkdir dir="${build.dir}"/>
</target>
<target name="compile">
<javac srcdir="${src.dir}"
destdir="${build.dir}"
debug="on"
deprecation="on">
<include name="**/*.java"/>
<classpath refid="project.class.path"/>
</javac>
</target>
<target name="cleanWebApp">
<delete file="${deploy.dir}/${war.file.name}" />
<delete dir="${deploy.dir}/${war.file}"
includeEmptyDirs="true" />
</target>
<target name="war">
<war warfile="${war.file.name}"
webxml="./WEB-INF/web.xml">
<fileset dir="./" includes="**/*.*" excludes="*.war,
**/*.nbattrs, web.xml, **/WEB-INF/**/*.*,
**/project-files/**/*.*"/>
<webinf dir="./WEB-INF" includes="**/*"
excludes="web.xml, **/*.jar, **/*.class"/>
<lib dir="./WEB-INF/lib"/>
<classes dir="${build.dir}"/>
<classes dir="${src.dir}">
<include name="**/*.properties"/>
</classes>
</war>
</target>
<target name="deploy">
<echo message="Deploying on Tomcat." />
<deploy url="http://localhost:8090/manager" username="someUsername"
password="somePassword" path="/projectName" war="./${war.file.name}" />
</target>
<target name="main" depends="clean, prep, cleanWebApp,
compile, war, deploy"/>
</project>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
manager.username 和 manager.password 中提到的帐户必须处于“manager-script”角色(或者“admin-script”,如果这不起作用)。
在 Tomcat 7 中,“manager”和“admin”角色似乎更改为“manager-gui”、“admin-gui”、“manager-script”(用于文本连接)、“admin-script”(用于文本连接)我
从下面的错误页面中找到了 4 个与经理相关的角色:
403 访问被拒绝
您无权查看此页面。
如果您已经将管理器应用程序配置为允许访问,并且使用了浏览器后退按钮、保存的书签或类似内容,那么您可能已经触发了为 HTML 启用的跨站点请求伪造 (CSRF) 保护Manager 应用程序的界面。您需要返回主管理器页面来重置此保护。返回此页面后,您将能够继续正常使用管理器应用程序的 HTML 界面。如果您继续看到此访问被拒绝消息,请检查您是否具有访问此应用程序所需的权限。
如果您没有更改任何配置文件,请检查安装中的conf/tomcat-users.xml 文件。该文件必须包含允许您使用此 Web 应用程序的凭据。
例如,要将 manager-gui 角色添加到名为 tomcat、密码为 s3cret 的用户,请将以下内容添加到上面列出的配置文件中。
请注意,从 Tomcat 7 开始,使用管理器应用程序所需的角色从单一管理器角色更改为以下四个角色。您需要分配您希望访问的功能所需的角色。
manager-gui - 允许访问 HTML GUI 和状态页面
manager-script - 允许访问文本界面和状态页面
manager-jmx - 允许访问 JMX 代理和状态页面
manager-status - 允许访问仅状态页
HTML 界面受到 CSRF 保护,但文本和 JMX 界面则不然。为了维护 CSRF 保护:
不应向具有 manager-gui 角色的用户授予 manager-script 或 manager-jmx 角色。
如果通过浏览器访问文本或 jmx 接口(例如用于测试,因为这些接口是为工具而不是人类设计的),则必须随后关闭浏览器以终止会话。
有关更多信息 - 请参阅管理器应用程序操作指南。
The account mentioned in manager.username and manager.password, has to be in the role of "manager-script" (or "admin-script" also if that does't work).
It seems that "manager" and "admin" roles are changed to "manager-gui", "admin-gui", "manager-script" (for text connection), "admin-script" (for text connection) in Tomcat 7.
I found 4 roles relevant to manager from below error page:
403 Access Denied
You are not authorized to view this page.
If you have already configured the Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Manager application. You will need to reset this protection by returning to the main Manager page. Once you return to this page, you will be able to continue using the Manager appliction's HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.
If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.
For example, to add the manager-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above.
Note that for Tomcat 7 onwards, the roles required to use the manager application were changed from the single manager role to the following four roles. You will need to assign the role(s) required for the functionality you wish to access.
manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only
The HTML interface is protected against CSRF but the text and JMX interfaces are not. To maintain the CSRF protection:
Users with the manager-gui role should not be granted either the manager-script or manager-jmx roles.
If the text or jmx interfaces are accessed through a browser (e.g. for testing since these interfaces are intended for tools not humans) then the browser must be closed afterwards to terminate the session.
For more information - please see the Manager App HOW-TO.
您应该使用的基本 URL 应该是:
http://localhost:8090/manager/textThe base URL you should be using should be:
http://localhost:8090/manager/text您收到访问被拒绝错误。
这是可能的,因为您的用户名或密码不正确,或者您没有正确添加角色。
这是 Tomcat 文档中的简介——
希望有帮助。
You're getting an access denied error.
This is possible because either your username or password is incorrect or you haven't added roles correctly.
Here is a blurb from the Tomcat documentation --
Hope that helps.
我在 Tomcat 6 中遇到了同样的问题,但上述任何解决方案都没有帮助我。
因此,我通过向 tomcat-users 中的用户添加额外的角色(“经理”)来修复它。
I had the same problem with Tomcat 6, but any solutions above don't help me.
So I fixed it by adding additional role ('manager') to user in tomcat-users.
我最近遇到了这个错误,但这些方法都没有帮助我。
解决方案是显式将角色写入 tomcat-users.xml:
运行脚本不需要角色
admin-gui和admin-script,我需要它们使用此用户在 Web GUI 中管理 tomcat。I've recently encountered this error and none of these approaches helped me.
The solution was to explicitly write roles into tomcat-users.xml:
Roles
admin-guiandadmin-scriptare not required to run the script, I need them to use this user to admin tomcat in a web gui.