소스 파일 최초 업로드

tomcat/webapps.dist/manager/WEB-INF/web.xml

@@ -0,0 +1,212 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+                      http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+  version="4.0"
+  metadata-complete="true">
+
+  <display-name>Tomcat Manager Application</display-name>
+  <description>
+    A scriptable management web application for the Tomcat Web Server;
+    Manager lets you view, load/unload/etc particular web applications.
+  </description>
+
+  <request-character-encoding>UTF-8</request-character-encoding>
+
+  <servlet>
+    <servlet-name>Manager</servlet-name>
+    <servlet-class>org.apache.catalina.manager.ManagerServlet</servlet-class>
+    <init-param>
+      <param-name>debug</param-name>
+      <param-value>2</param-value>
+    </init-param>
+  </servlet>
+  <servlet>
+    <servlet-name>HTMLManager</servlet-name>
+    <servlet-class>org.apache.catalina.manager.HTMLManagerServlet</servlet-class>
+    <init-param>
+      <param-name>debug</param-name>
+      <param-value>2</param-value>
+    </init-param>
+    <!-- Uncomment this to show proxy sessions from the Backup manager or a
+         StoreManager in the sessions list for an application
+    <init-param>
+      <param-name>showProxySessions</param-name>
+      <param-value>true</param-value>
+    </init-param>
+    -->
+    <multipart-config>
+      <!-- 50MB max -->
+      <max-file-size>52428800</max-file-size>
+      <max-request-size>52428800</max-request-size>
+      <file-size-threshold>0</file-size-threshold>
+    </multipart-config>
+  </servlet>
+  <servlet>
+    <servlet-name>Status</servlet-name>
+    <servlet-class>org.apache.catalina.manager.StatusManagerServlet</servlet-class>
+    <init-param>
+      <param-name>debug</param-name>
+      <param-value>0</param-value>
+    </init-param>
+  </servlet>
+
+  <servlet>
+    <servlet-name>JMXProxy</servlet-name>
+    <servlet-class>org.apache.catalina.manager.JMXProxyServlet</servlet-class>
+  </servlet>
+
+  <!-- Define the Manager Servlet Mapping -->
+  <servlet-mapping>
+    <servlet-name>Manager</servlet-name>
+      <url-pattern>/text/*</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>Status</servlet-name>
+    <url-pattern>/status/*</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>JMXProxy</servlet-name>
+      <url-pattern>/jmxproxy/*</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>HTMLManager</servlet-name>
+    <url-pattern>/html/*</url-pattern>
+  </servlet-mapping>
+
+  <filter>
+    <filter-name>CSRF</filter-name>
+    <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class>
+    <init-param>
+      <param-name>entryPoints</param-name>
+      <param-value>/html,/html/,/html/list,/index.jsp</param-value>
+    </init-param>
+  </filter>
+
+  <!-- Configured to set X-FRAME-OPTIONS. Disable HSTS in case it interferes -->
+  <!-- with an existing setting. Keep X-Content-Type-Options and             -->
+  <!-- X-XSS-Protection as they are page specific.                           -->
+  <filter>
+    <filter-name>HTTP header security filter</filter-name>
+    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+    <init-param>
+      <param-name>hstsEnabled</param-name>
+      <param-value>false</param-value>
+    </init-param>
+  </filter>
+
+  <filter-mapping>
+    <filter-name>CSRF</filter-name>
+    <servlet-name>HTMLManager</servlet-name>
+  </filter-mapping>
+
+  <filter-mapping>
+    <filter-name>HTTP header security filter</filter-name>
+    <url-pattern>/*</url-pattern>
+  </filter-mapping>
+
+  <!-- Define a Security Constraint on this Application -->
+  <!-- NOTE:  None of these roles are present in the default users file -->
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>HTML Manager interface (for humans)</web-resource-name>
+      <url-pattern>/html/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <role-name>manager-gui</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Text Manager interface (for scripts)</web-resource-name>
+      <url-pattern>/text/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <role-name>manager-script</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>JMX Proxy interface</web-resource-name>
+      <url-pattern>/jmxproxy/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <role-name>manager-jmx</role-name>
+    </auth-constraint>
+  </security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Status interface</web-resource-name>
+      <url-pattern>/status/*</url-pattern>
+    </web-resource-collection>
+    <auth-constraint>
+       <role-name>manager-gui</role-name>
+       <role-name>manager-script</role-name>
+       <role-name>manager-jmx</role-name>
+       <role-name>manager-status</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Define the Login Configuration for this Application -->
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>Tomcat Manager Application</realm-name>
+  </login-config>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <description>
+      The role that is required to access the HTML Manager pages
+    </description>
+    <role-name>manager-gui</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access the text Manager pages
+    </description>
+    <role-name>manager-script</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access the HTML JMX Proxy
+    </description>
+    <role-name>manager-jmx</role-name>
+  </security-role>
+  <security-role>
+    <description>
+      The role that is required to access to the Manager Status pages
+    </description>
+    <role-name>manager-status</role-name>
+  </security-role>
+
+  <error-page>
+    <error-code>401</error-code>
+    <location>/WEB-INF/jsp/401.jsp</location>
+  </error-page>
+  <error-page>
+    <error-code>403</error-code>
+    <location>/WEB-INF/jsp/403.jsp</location>
+  </error-page>
+  <error-page>
+    <error-code>404</error-code>
+    <location>/WEB-INF/jsp/404.jsp</location>
+  </error-page>
+
+</web-app>