Motivation
This article is part I of three different scenarios:
- Hawtio deployed on Tomcat 7
- Hawtio deployed on JBoss Fuse
- Hawtio deployed on JBoss EAP
Hawtio authentication with LDAP on Tomcat 7
This section will show you how to setup authentication for Hawtio on Tomcat. For this purpose we will
- Install Tomcat 7 (part of EWS 2.0.1)
- Configure LDAP authentication on Tomcat 7
- Install Apache Directory Server
- Deploy Hawtio on Tomcat 7
Install Tomcat 7
- Download Red Hat JBoss Web Server 2.0.1-1 Application Servers for RHEL 6, x86_64
- Extract the archive
- Create jboss-ews-2.0/tomcat7/bin/setenv.sh with the following content
-Dhawtio.rolePrincipalClasses=com.sun.security.auth.UserPrincipal"
Configure LDAP authentication on Tomcat 7
- Create jboss-ews-2.0/tomcat7/conf/jaas.config
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=example,dc=com"
bindPrincipal="uid=admin,ou=system"
bindCredentials="secret"
bindAuthenticationType="simple"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{OU}"
useSSL=false
debug=true;
};
- In jboss-ews-2.0/tomcat7/conf/server.xml insert into the Host section (after the Valve)
<Realm className="org.apache.catalina.realm.JAASRealm" appName="hawtio"/>
</Context>
Install Apache Directory Server
- Install Apache Directory Studio in Eclipse (more info at http://directory.apache.org/studio/). I have used JBDS 7.1 for this purpose.
- In Eclipse navigate to "Help / Install New Software" and add http://directory.apache.org/studio/update/2.x/.
- Choose version 2.0.0.v20130628, but omit "Apache Directory Studio RCP" as there was an issue with missing dependencies
- Create a Apache DS instance
- Open the LDAP perspective
- Create a new LDAP server of type "ApacheDS 2.0.0"
- Create a new Connection
- Assign port 10389
- Specify bind user/password as uid=admin,ou=system/secret
- Import schema
- Open the connection with the bind user/password uid=admin,ou=system/secret
- Do a right-click on "Root DSE" and choose Import / LDIF Import
- Import the example LDIF file you can download here
Deploy Hawtio on Tomcat 7
- Download Hawtio hawtio-default-1.2.2.war from here
- Copy hawtio-default-1.2.2.war to jboss-ews-2.0/tomcat7/webapps/
- Startup Tomcat by executing
- In a browser enter the URL http://localhost:8080/hawtio-default-1.2.2/
- Observe catalina.out with
- Login with admin/hawtorwhat. This should succeed and the following output is shown in catalina.out
[LdapLoginModule] user provider: ldap://localhost:10389/ou=people,dc=example,dc=com
[LdapLoginModule] searching for entry belonging to user: admin
[LdapLoginModule] found entry: uid=admin,ou=people,dc=example,dc=com
[LdapLoginModule] attempting to authenticate user: admin
[LdapLoginModule] authentication succeeded
[LdapLoginModule] added LdapPrincipal "uid=admin,ou=people,dc=example,dc=com" to Subject
[LdapLoginModule] added UserPrincipal "admin" to Subject
[LdapLoginModule] added UserPrincipal "admins" to Subject
- Logout and try to login with johndoe/notsohawt. This should fail and this output appears in catalina.out
[LdapLoginModule] user provider: ldap://localhost:10389/ou=people,dc=example,dc=com
[LdapLoginModule] searching for entry belonging to user: johndoe
[LdapLoginModule] found entry: uid=johndoe,ou=people,dc=example,dc=com
[LdapLoginModule] attempting to authenticate user: johndoe
[LdapLoginModule] authentication succeeded
[LdapLoginModule] added LdapPrincipal "uid=johndoe,ou=people,dc=example,dc=com" to Subject
[LdapLoginModule] added UserPrincipal "johndoe" to Subject
[LdapLoginModule] added UserPrincipal "programmers" to Subject
