Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0, 2.1
    • Fix Version/s: moreinfo
    • Component/s: tomcat7
    • Labels:
    • Environment:
      Ubuntu 12.04, Linux 3.5.0-26-generic, AMD64, Apache Tomcat/7.0.30, JVM 1.7.0_21-b02

      Description

      Following the documentation for deployment does not work and is consternating.

      According to the docs, the default values of "http://localhost:8080/manager/html" should be used with tomcat7:deploy and tomcat7:deploy-only. However, this will consistently return 403.

      Using http://localhost:8080/manager/text however works fine. Testing with /jmxproxy, /status, and /html do not however succeed, even if all manager permissions are given to the credentialed user.

      Please update the docs and the defaults so that deployment works as expected out of the box.

      For more details and reproducible examples, see the SO thread:
      http://stackoverflow.com/questions/9940701/maven-tomcat7deploy-fails-with-access-denied

        Activity

        Hide
        Konstantin Kolinko added a comment -

        > According to the docs, the default values of "http://localhost:8080/manager/html"
        > should be used with tomcat7:deploy and tomcat7:deploy-only. However, this will consistently return 403.

        What documentation? Please be specific.
        What are the URLs of incorrect pages?

        Searching through the sources, the only file with such an URL that I can find is
        \tomcat6-maven-plugin\src\site\apt\examples\deployment-tomcat7.apt.vm
        which
        a) is not linked anywhere, so you should not have seen it.
        b) is offtopic in the scope of "tomcat6" plugin, so I think it is a good time to remove if.

        Anyway, the Manager GUI URLs (/manager/html) will not work for an automated tool
        neither in Tomcat 7 nor in recent versions of Tomcat 6
        thanks to CSRF protection for those URLs in the Manager Web Application.

        Show
        Konstantin Kolinko added a comment - > According to the docs, the default values of "http://localhost:8080/manager/html" > should be used with tomcat7:deploy and tomcat7:deploy-only. However, this will consistently return 403. What documentation? Please be specific. What are the URLs of incorrect pages? Searching through the sources, the only file with such an URL that I can find is \tomcat6-maven-plugin\src\site\apt\examples\deployment-tomcat7.apt.vm which a) is not linked anywhere, so you should not have seen it. b) is offtopic in the scope of "tomcat6" plugin, so I think it is a good time to remove if. Anyway, the Manager GUI URLs (/manager/html) will not work for an automated tool neither in Tomcat 7 nor in recent versions of Tomcat 6 thanks to CSRF protection for those URLs in the Manager Web Application.

          People

          • Assignee:
            Olivier Lamy (*$^¨%`£)
            Reporter:
            Joseph Lust
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:

              Development