Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #453 - Add auth with encrypted password sample #474

Merged
merged 3 commits into from Aug 26, 2018
Merged

Fix #453 - Add auth with encrypted password sample #474

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1801dfa
Add auth with encrypted password sample
nsteinmetz Jul 11, 2018
63266a8
Add password generation mechanism
nsteinmetz Aug 13, 2018
39618b6
Merge branch 'master' into add_doc_auth
nsteinmetz Aug 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
54 changes: 49 additions & 5 deletions src/docs/content/docs/usage/authentication.md
View file
Open in desktop
Expand Up @@ -12,16 +12,18 @@ Authentication can be activated in Reaper for the web UI only. It relies on [Apa

To activate authentication, add the following block to your Reaper yaml file :

```
```ini
accessControl:
sessionTimeout: PT10M
shiro:
iniConfigs: ["file:/path/to/shiro.ini"]
```

## With clear passwords

Create a `shiro.ini` file and adapt it from the following sample :

```
```ini
[main]
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /webui/login.html
Expand All @@ -42,10 +44,52 @@ user2 = password2
/** = anon
```

Then start Reaper.
## With encrypted passwords

Based on [Shiro's document on Encrypting passwords](https://shiro.apache.org/configuration.html#Configuration-EncryptingPasswords) :

```ini
[main]
authc = org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
authc.loginUrl = /webui/login.html
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
iniRealm.credentialsMatcher = $sha256Matcher

[users]
john = 807A09440428C0A8AEF58BD3ECE32938B0D76E638119E47619756F5C2C20FF3A


[urls]
# Allow anonynous access to login page (and dependencies), but no other pages
/webui/ = authc
/webui = authc
/webui/login.html = anon
/webui/*.html* = authc
/webui/*.js* = anon
/ping = anon
/login = anon
/** = anon
```

To generate a password, you case use for example :

Both the REST API and the `/webui/login.html` pages will be accessible anonymously, but all other pages will require to be authenticated.
* From the command line :

```shell
echo -n "Hello World" | shasum -a 256
echo -n "Hello World" | sha256sum
```

* Or some language of your choice (like Python here) :

```python
import hashlib
hash_object = hashlib.sha256(b'Hello World')
hex_dig = hash_object.hexdigest()
print(hex_dig)
a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e
```

Then start Reaper.

Both the REST API and the `/webui/login.html` pages will be accessible anonymously, but all other pages will require to be authenticated.