
您现在的位置是:首页 >  工具



Tomcat配置编程语言 详解 管理员
2023-06-13 09:20:43 时间
服务器安装了Apache Tomcat后会默认开放8080端口供外部连接,一般在浏览器中输入“IP:8080”或者域名来访问Apache Tomcat页面,如下图所示。
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0" !-- NOTE: By default, no user is included in the "manager-gui" role required to operate the "/manager/html" web application. If you wish to use this app, you must define such a user - the username and password are arbitrary. It is strongly recommended that you do NOT use one of the users in the commented out section below since they are intended for use with the examples web application. !-- NOTE: The sample user and role entries below are intended for use with the examples web application. They are wrapped in a comment and thus are ignored when reading this file. If you wish to configure these users for use with the examples web application, do not forget to remove the !.. .. that surrounds them. You will also need to set the passwords to something appropriate. !-- role rolename="tomcat"/ role rolename="role1"/ user username="tomcat" password=" must-be-changed " roles="tomcat"/ user username="both" password=" must-be-changed " roles="tomcat,role1"/ user username="role1" password=" must-be-changed " roles="role1"/ !-- 配置角色 -- role rolename="manager-gui"/ role rolename="admin-gui"/ !-- 配置管理员账号,密码及其权限 -- user username="你的用户名" password="你的密码" roles="admin-gui,manager-gui"/ /tomcat-users  
注释上写的很清楚,要进入Manager App就需要manage-gui具有角色权限的用户,具有admin-gui角色的用户可以进入Host Manager,暂时就简单这样理解了,具体的这边就不去深究了。进入到Tomcat Web Application Manager,效果如下:
Tomcat提供了在线管理,本案例也正式利用在线管理来构建后门的。在第一个图中单击左上角下面的“Tomcat Manager”链接后,会弹出一个要求输入用户名和密码的窗口,如下图所示。
部署的文件夹是以*.war文件的名称,例如上传的文件是esite.war,则在Tomcat目录中会对应生成一个“esite”文件夹(将war解压出来的文件夹) 。
在部署管理页面的下方有一个“WAR file to deploy”,单击浏览选择一个已经设置好的后门war文件,在本例中的后门程序为esite.war,单击“deploy”将该文件部署到服务器上。