Apache Jakarta and Beyond: A Java Programmeramp;#039;s Introduction [Electronic resources] نسخه متنی

17.10. Web-Based Management and Administration

Among the many other nice features provided with Tomcat are a complete set of Web-based monitoring and configuration tools. These are protected by security, so the first thing that must be done to use them is to create a user with the right security roles. Assuming the UserDatabaseRealm is being used, this can be done by adding

<user name="admin"
password="admin"
roles="standard,manager,admin" />

to tomcat-users.xml. There is nothing special about the username or password used here; any value could be chosen. Given the potential for abuse of these services, they should normally be disabled in a production server or at least protected by something stronger than a username and password. This is a good candidate for a client certificate.

The administration page is located at http://localhost:8080/admin and is shown in Figure 17.3. As the figure shows, much of Tomcat's configuration, both global and that of individual Web applications, can be viewed from this screen. In particular the figure shows the values of the environment variables used in the previous section.