https://issues.apache.org/bugzilla/show_bug.cgi?id=56370
Bug ID: 56370
Summary: tomcat-users.xml contains legacy roles
Product: Tomcat 7
Version: unspecified
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: martin.spa...@gmail.com
The configuration file .\conf\tomcat-users.xml contains the follow comment
which includes a number of legacy usernames and roles.
<!--
<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="tomcat"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>
-->
The 401 Unauthorized error page .\webapps\manager\WEB-INF\jsp\401.jsp contains
a number of new roles.
I propose the examples placed in .\conf\tomcat-users.xml should reflect these
new roles, e.g.
<!-- manager-gui - allows access to the HTML GUI and the status pages -->
<!-- manager-script - allows access to the text interface and the status
pages -->
<!-- manager-jmx - allows access to the JMX proxy and the status pages -->
<!-- manager-status - allows access to the status pages only -->
<!--
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="manager-gui" password="*****" roles="manager-gui"/>
<user username="manager-script" password="*****" roles="manager-script"/>
<user username="manager-jmx" password="*****" roles="manager-jmx"/>
<user username="manager-status" password="*****" roles="manager-status"/>
-->
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
