New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tomcat Realm Security support #857
Comments
Yay I got a prototype up and working. All you had to setup is And the login screen works, and login is using conf/tomcat-users.xml file. |
great stuff; does the hawtio.realm=* work? (isn't that the default now when not in karaf?). So I guess we just need to enable authentication then maybe? I wonder if there's a way to detect, if inside tomcat if it should be authenticated? It'd be nice to just do the right thing; though that might not be possible... |
Yeah let us try to discover if we run in Tomcat, and it is only using the user database realm (the file stuff) then we can imply to use that, and just let end users set -Dhawtio.authenticationEnabled=true, and leave the realm as is. |
Okay added some docs at We got some basic Tomcat support for using conf/tomcat-users.xml. |
For end users that use Apache Tomcat, they may want to use its simple memory realm that uses the conf/tomcat-users.xml file for setting up users.
The current security in hawtio-web is JAAS based, and that would require Tomcat users to battle with its JAAS setup
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm
It would be nice if you could set a JVM property to tell hawtio to use the simple tomcat file, etc. Then that would be much easier to have some basic security using that conf/tomcat-users.xml file that many uses.
The text was updated successfully, but these errors were encountered: