[GitHub] [tomcat] kkolinko edited a comment on pull request #412: Adding default manager roles in tomcat users config.

GitBox Mon, 12 Apr 2021 02:05:39 -0700


kkolinko edited a comment on pull request #412:
URL: https://github.com/apache/tomcat/pull/412#issuecomment-817630063



    `  <user username="admin" password="<must-be-changed>" 
roles="manager-gui,manager-jmx"/>
   `
   
   -1 for the above line. The "manager-jmx" role is not intended to be used by 
human users: it does not have CSRF protection.
   
   See
   
https://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access
   
   `  <role rolename="manager-gui"/> etc.
   `
   
   There rarely is a need to explicitly create roles like the above. When 
parsing the tomcat-users.xml file, all roles mentioned in users are created 
automatically.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [tomcat] kkolinko edited a comment on pull request #412: Adding default manager roles in tomcat users config.

Reply via email to