Access Keys:
Skip to content (Access Key - 0)
 

USER AUTHENTICATION

Jordi Marimon

On Jun 17, 2011 15:31

Congratulations, I am surprised with Openremote.
I am a vocational teacher, and I am wondering to teach Openremote to our students.
I would like to know something else about two topics:

  • It's possible any king of user authentication?
  • In UI designer when you put a button, I've seen a navigation action LOGIN and LOGOUT. What those it means? What user/password can I use?
    Thanks.
 
Labels:
Participants: Adolfo Amo , Administrator , Andrew Ball , Eric Bariaux , Jordi Marimon , Nejc Šmid

Comments (12)

 

  1. Jun 23, 2011

    Eric Bariaux says:

    Yes, authentication is supported through the web container. It uses the standard...

    Yes, authentication is supported through the web container.
    It uses the standard mechanism defined by the servlet API and can be configured in the web.xml file and in your container (e.g. tomcat)

  2. Jun 26, 2011

    Jordi Marimon says:

    Thanks for your answer. I've been looking for information but I don't understand...

    Thanks for your answer.
    I've been looking for information but I don't understand very well how to do it.
    May you tell me some places to look for how to edit web.xml to use authentication?

    1. Jul 01, 2011

      Andrew Ball says:

      Look toward the end of web.xml, where you should several several commented out &...

      Look toward the end of web.xml, where you should several several commented out <security-constraint> elements. Uncomment them. In the simplest case, you can just edit tomcat-users.xml in the Tomcat conf directory to add users with passwords, which will need to have the "openremote" role.

      1. Jul 04, 2011

        Jordi Marimon says:

        Thanks, I did what you said and I got what I need. If somebody needs a sample o...

        Thanks, I did what you said and I got what I need.
        If somebody needs a sample of configuration changes I can show it.
        Thanks.

        1. Jul 05, 2011

          Administrator says:

          Sample configuration and documentation is most welcome. Can post it here or cre...

          Sample configuration and documentation is most welcome.

          Can post it here or create a separate wiki page to explain it.

          1. Jul 05, 2011

            Jordi Marimon says:

            Sample configuration: CONFIGURATION CHANGES TO USE USERS AND PASSWORDS. 1. Unco...

            Sample configuration:
            CONFIGURATION CHANGES TO USE USERS AND PASSWORDS.

            1. Uncomment "SECURITY CONFIGURATION" at the end of the file web.xml (...\webapps\controller\WEB-INF):

            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Control command RESTful service of Openremote Controller</web-resource-name>
            <description>Control command RESTful service of Openremote Controller</description>
            <url-pattern>/rest/control/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>openremote</role-name>
            </auth-constraint>
            </security-constraint>

            <!-- Constraint resource: /rest/panel/* -->

            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
            <description>Panel identity RESTful service of Openremote Controller</description>
            <url-pattern>/rest/panel/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>openremote</role-name>
            </auth-constraint>
            </security-constraint>

            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Status command RESTful service of Openremote Controller</web-resource-name>
            <description>Status command RESTful service of Openremote Controller</description>
            <url-pattern>/rest/status/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>openremote</role-name>
            </auth-constraint>
            </security-constraint>
            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Polling command RESTful service of Openremote Controller</web-resource-name>
            <description>Polling command RESTful service of Openremote Controller</description>
            <url-pattern>/rest/polling/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
            <role-name>openremote</role-name>
            </auth-constraint>
            </security-constraint>

            <login-config>
            <auth-method>BASIC</auth-method>
            <realm-name>OPENREMOTE_Controller</realm-name>
            </login-config>
            <security-role>
            <role-name>openremote</role-name>
            </security-role>

            2. Edit users.xml file (...\security):

            <tomcat-users>
            <role rolename="openremote"/>
            <user username="openremote" password="Tomcat" roles="openremote"/>
            </tomcat-users>

            You can create diferent users, with their own password and assign the role: openremote.

            This way use plain text passwords, but I know that there are others ways to encode passwords (digesting user passwords (SHA, MD2 or MD5)). I am going to try but now I do not know how to do.

            1. Jul 06, 2011

              Administrator says:

              Thanks.

              Thanks.

            2. Feb 13, 2012

              Adolfo Amo says:

              Hi Jordi, I tried the settings you mention and it works, but it requests a pass...

              Hi Jordi,

              I tried the settings you mention and it works, but it requests a password to the user to access the server anyway.

              Could you explain in which cases you use this configuration? How the Login option at Navigation is used?

              I'm trying to prompt the user a password to access a particular screen, ie a security screen where you can activate the alarm, close valves, etc.., but for the rest not.

              Any suggestions?

              Thanx!

              1. Feb 15, 2012

                Eric Bariaux says:

                There is currently no way to limit access to a particular screen, only to a part...

                There is currently no way to limit access to a particular screen, only to a particular panel.
                Once the UI is defined, you should "replicate" the UI from one panel to the other and remove the screen that should be protected.

                There are ways to make this replication much easier than I would seem.
                Unfortunately, I've discovered that a few bugs in the modeler make those difficult / impossible for now.
                As soon as a new version of the modeler is online with fixes to those, I'll post back here and explain a bit more how this works.

                1. Jun 07, 2012

                  Nejc Šmid says:

                  Hi Eric, I have one question. How to specify particular password for particular...

                  Hi Eric,

                  I have one question. How to specify particular password for particular panel?

                  Thanks for the help.

                  Regards,
                  Nejc

                  1. Jun 08, 2012

                    Eric Bariaux says:

                    What you can do is have 2 different users, assign a specific role to each user a...

                    What you can do is have 2 different users, assign a specific role to each user and protect each panel access with a different role.

                    Protect the panels like this

                    <security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/panel1</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>panel1role</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/panel2</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>panel2role</role-name>
</auth-constraint>
</security-constraint>

                    Define the 2 roles

                    <login-config>
<auth-method>BASIC</auth-method>
<realm-name>OPENREMOTE_Controller</realm-name>
</login-config>
<security-role>
<role-name>panel1role</role-name>
<role-name>panel2role</role-name>
</security-role>

                    Then in the tomcat users definition, create user1 with panel1role and user2 with panel2role.

                    1. Sep 27, 2012

                      Nejc Šmid says:

                      Eric, thanks for your explanation of Panel identity part in Security Configurati...

                      Eric, thanks for your explanation of Panel identity part in Security Configuration.

                      Now I would like to find out a bit more about Control, Status and Polling command part. In which case they can be used?

                      Thanks again for your explanation.

                      Regards,
                      Nejc
Adaptavist Theme Builder Powered by Atlassian Confluence