jenkins部署tomcat的war包403错误-The username you provided is not allowed to use the text-based Tomcat Mana

于 2024-09-07 16:42:05 发布
阅读量347 收藏
点赞数 3
文章标签: jenkins tomcat
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_56547063/article/details/141998279
版权
jenkins上面的错误提示 
Started by user admin
Running as SYSTEM
Building in workspace /var/lib/jenkins/workspace/maven-hello-war
The recommended git tool is: NONE
using credential root
 > git rev-parse --resolve-git-dir /var/lib/jenkins/workspace/maven-hello-war/.git # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url git@gitlab.wang.org:devops/hello-world-war.git # timeout=10
Fetching upstream changes from git@gitlab.wang.org:devops/hello-world-war.git
 > git --version # timeout=10
 > git --version # 'git version 2.34.1'
using GIT_SSH to set credentials root-ssh
Verifying host key using known hosts file
 > git fetch --tags --force --progress -- git@gitlab.wang.org:devops/hello-world-war.git +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision ac5842fa5e9c2dcfb72268f7ef1d665b6667478e (refs/remotes/origin/main)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f ac5842fa5e9c2dcfb72268f7ef1d665b6667478e # timeout=10
Commit message: "update README.md. 基于JDK-11,不支持JDK-8"
 > git rev-list --no-walk ac5842fa5e9c2dcfb72268f7ef1d665b6667478e # timeout=10
Parsing POMs
Established TCP socket on 45745
[maven-hello-war] $ java -cp /var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven35-agent-1.14.jar:/usr/share/maven/boot/plexus-classworlds-2.x.jar:/usr/share/maven/conf/logging jenkins.maven3.agent.Maven35Main /usr/share/maven /var/cache/jenkins/war/WEB-INF/lib/remoting-3248.v65ecb_254c298.jar /var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven35-interceptor-1.14.jar /var/lib/jenkins/plugins/maven-plugin/WEB-INF/lib/maven3-interceptor-commons-1.14.jar 45745
<===[JENKINS REMOTING CAPACITY]===>channel started
Executing Maven:  -B -f /var/lib/jenkins/workspace/maven-hello-war/pom.xml clean package -Dmaven.test.skip=true
[INFO] Scanning for projects...
[INFO] 
[INFO] --------------------< com.efsavage:hello-world-war >--------------------
[INFO] Building Hello World Web Application Repository 1.0.0
[INFO] --------------------------------[ war ]---------------------------------
[INFO] 
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ hello-world-war ---
[INFO] Deleting /var/lib/jenkins/workspace/maven-hello-war/target
[INFO] 
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ hello-world-war ---
[WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory /var/lib/jenkins/workspace/maven-hello-war/src/main/resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ hello-world-war ---
[INFO] No sources to compile
[INFO] 
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ hello-world-war ---
[INFO] Not copying test resources
[INFO] 
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ hello-world-war ---
[INFO] Not compiling test sources
[INFO] 
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ hello-world-war ---
[INFO] Tests are skipped.
[INFO] 
[INFO] --- maven-war-plugin:2.1.1:war (default-war) @ hello-world-war ---
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.thoughtworks.xstream.core.util.Fields (file:/var/lib/jenkins/.m2/repository/com/thoughtworks/xstream/xstream/1.3.1/xstream-1.3.1.jar) to field java.util.Properties.defaults
WARNING: Please consider reporting this to the maintainers of com.thoughtworks.xstream.core.util.Fields
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Packaging webapp
[INFO] Assembling webapp [hello-world-war] in [/var/lib/jenkins/workspace/maven-hello-war/target/hello-world-war-1.0.0]
[INFO] Processing war project
[INFO] Copying webapp resources [/var/lib/jenkins/workspace/maven-hello-war/src/main/webapp]
[INFO] Webapp assembled in [35 msecs]
[INFO] Building war: /var/lib/jenkins/workspace/maven-hello-war/target/hello-world-war-1.0.0.war
[INFO] WEB-INF/web.xml already added, skipping
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  4.333 s
[INFO] Finished at: 2024-09-07T16:10:53+08:00
[INFO] ------------------------------------------------------------------------
[JENKINS] Archiving /var/lib/jenkins/workspace/maven-hello-war/pom.xml to com.efsavage/hello-world-war/1.0.0/hello-world-war-1.0.0.pom
[JENKINS] Archiving /var/lib/jenkins/workspace/maven-hello-war/target/hello-world-war-1.0.0.war to com.efsavage/hello-world-war/1.0.0/hello-world-war-1.0.0.war
channel stopped
[maven-hello-war] $ /bin/sh -xe /tmp/jenkins13770657621525158122.sh
+ mv target/hello-world-war-1.0.0.war target/hello.war
[DeployPublisher][INFO] Attempting to deploy 1 war file(s)
[DeployPublisher][INFO] Deploying /var/lib/jenkins/workspace/maven-hello-war/target/hello.war to container Tomcat 9.x Remote with context null
ERROR: Build step failed with exception
org.codehaus.cargo.container.ContainerException: Failed to redeploy [/var/lib/jenkins/workspace/maven-hello-war/target/hello.war]
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:176)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:81)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:167)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:136)
	at hudson.FilePath.act(FilePath.java:1235)
	at hudson.FilePath.act(FilePath.java:1218)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter.redeployFile(CargoContainerAdapter.java:133)
	at PluginClassLoader for deploy//hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeployFile(PasswordProtectedAdapterCargo.java:95)
	at PluginClassLoader for deploy//hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:113)
	at jenkins.tasks.SimpleBuildStep.perform(SimpleBuildStep.java:123)
	at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:80)
	at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:47)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:818)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:767)
	at PluginClassLoader for maven-plugin//hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1072)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:711)
	at hudson.model.Run.execute(Run.java:1917)
	at PluginClassLoader for maven-plugin//hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
	at hudson.model.ResourceController.execute(ResourceController.java:101)
	at hudson.model.Executor.run(Executor.java:446)
Caused by: org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:710)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:882)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:895)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:161)
	... 19 more
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://10.0.0.201:8080/manager/text/list
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1945)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1541)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:577)
	... 22 more
org.codehaus.cargo.container.tomcat.internal.TomcatManagerException: The username you provided is not allowed to use the text-based Tomcat Manager (error 403)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:710)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.list(TomcatManager.java:882)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.getStatus(TomcatManager.java:895)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.AbstractTomcatManagerDeployer.redeploy(AbstractTomcatManagerDeployer.java:161)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:81)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:167)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter$DeployCallable.invoke(CargoContainerAdapter.java:136)
	at hudson.FilePath.act(FilePath.java:1235)
	at hudson.FilePath.act(FilePath.java:1218)
	at PluginClassLoader for deploy//hudson.plugins.deploy.CargoContainerAdapter.redeployFile(CargoContainerAdapter.java:133)
	at PluginClassLoader for deploy//hudson.plugins.deploy.PasswordProtectedAdapterCargo.redeployFile(PasswordProtectedAdapterCargo.java:95)
	at PluginClassLoader for deploy//hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:113)
	at jenkins.tasks.SimpleBuildStep.perform(SimpleBuildStep.java:123)
	at hudson.tasks.BuildStepCompatibilityLayer.perform(BuildStepCompatibilityLayer.java:80)
	at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:47)
	at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:818)
	at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:767)
	at PluginClassLoader for maven-plugin//hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1072)
	at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:711)
	at hudson.model.Run.execute(Run.java:1917)
	at PluginClassLoader for maven-plugin//hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:543)
	at hudson.model.ResourceController.execute(ResourceController.java:101)
	at hudson.model.Executor.run(Executor.java:446)
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: http://10.0.0.201:8080/manager/text/list
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1945)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1541)
	at PluginClassLoader for deploy//org.codehaus.cargo.container.tomcat.internal.TomcatManager.invoke(TomcatManager.java:577)
	... 22 more
Build step 'Deploy war/ear to a container' marked build as failure
Finished: FAILURE

尽管已经允许了特定IP地址访问Manager应用,但仍然收到HTTP 403错误,这意味着用户没有足够的权限使用基于文本的Manager接口。根据错误信息,“The username you provided is not allowed to use the text-based Tomcat Manager (error 403)” 显示您的凭据不足以访问Manager的文本接口。

解决方案

jenkins上面curl后端的服务器:403错误

[root@jenkins maven-hello-war]#curl -u tomcat:123456 http://10.0.0.201:8080/manager/text/list
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
 <head>
  <title>403 Access Denied</title>
  <style type="text/css">
    <!--
    BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
    H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
    PRE, TT {border: 1px dotted #525D76}
    A {color : black;}A.name {color : black;}
    -->
  </style>
 </head>
 <body>
   <h1>403 Access Denied</h1>
   <p>
    You are not authorized to view this page.
   </p>
   <p>
    By default the Manager is only accessible from a browser running on the
    same machine as Tomcat. If you wish to modify this restriction, you'll need
    to edit the Manager's <tt>context.xml</tt> file.
   </p>
   <p>
    If you have already configured the Manager application to allow access and
    you have used your browsers back button, used a saved book-mark or similar
    then you may have triggered the cross-site request forgery (CSRF) protection
    that has been enabled for the HTML interface of the Manager application. You
    will need to reset this protection by returning to the
    <a href="/manager/html">main Manager page</a>. Once you
    return to this page, you will be able to continue using the Manager
    application's HTML interface normally. If you continue to see this access
    denied message, check that you have the necessary permissions to access this
    application.
   </p>
   <p>
    If you have not changed
    any configuration files, please examine the file
    <tt>conf/tomcat-users.xml</tt> in your installation. That
    file must contain the credentials to let you use this webapp.
   </p>
   <p>
    For example, to add the <tt>manager-gui</tt> role to a user named
    <tt>tomcat</tt> with a password of <tt>s3cret</tt>, add the following to the
    config file listed above.
   </p>
<pre>
&lt;role rolename="manager-gui"/&gt;
&lt;user username="tomcat" password="s3cret" roles="manager-gui"/&gt;
</pre>
   <p>
    Note that for Tomcat 7 onwards, the roles required to use the manager
    application were changed from the single <tt>manager</tt> role to the
    following four roles. You will need to assign the role(s) required for
    the functionality you wish to access.
   </p>
    <ul>
      <li><tt>manager-gui</tt> - allows access to the HTML GUI and the status
          pages</li>
      <li><tt>manager-script</tt> - allows access to the text interface and the
          status pages</li>
      <li><tt>manager-jmx</tt> - allows access to the JMX proxy and the status
          pages</li>
      <li><tt>manager-status</tt> - allows access to the status pages only</li>
    </ul>
   <p>
    The HTML interface is protected against CSRF but the text and JMX interfaces
    are not. To maintain the CSRF protection:
   </p>
   <ul>
    <li>Users with the <tt>manager-gui</tt> role should not be granted either
        the <tt>manager-script</tt> or <tt>manager-jmx</tt> roles.</li>
    <li>If the text or jmx interfaces are accessed through a browser (e.g. for
        testing since these interfaces are intended for tools not humans) then
        the browser must be closed afterwards to terminate the session.</li>
   </ul>
   <p>
    For more information - please see the
    <a href="/docs/manager-howto.html" rel="noopener noreferrer">Manager App How-To</a>.
   </p>
 </body>

</html>

先看web上面放行的ip

[root@ubuntu2204 etc]#find / -name context.xml
/usr/share/tomcat9-admin/manager/META-INF/context.xml
/usr/share/tomcat9-admin/host-manager/META-INF/context.xml
/usr/share/tomcat9-root/default_root/META-INF/context.xml
/usr/share/tomcat9-examples/examples/META-INF/context.xml
/usr/share/tomcat9/etc/context.xml
/var/lib/tomcat9/webapps/ROOT/META-INF/context.xml
/etc/tomcat9/context.xml

[root@ubuntu2204 etc]#vim /usr/share/tomcat9-admin/manager/META-INF/context.xml


<?xml version="1.0" encoding="UTF-8"?>
<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<Context antiResourceLocking="false" privileged="true" >
  <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
                   sameSiteCookies="strict" />
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|10\.0\.0\.\d+" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

web少了manager-script权限

[root@ubuntu2204 ~]#vim /var/lib/tomcat9/conf/tomcat-users.xml
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="tomcat" password="tomcat" roles="manager-gui,manager-script"/>
</tomcat-users>

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值