Motivation
This article is part I of three different scenarios:
- Hawtio deployed on Tomcat 7
- Hawtio deployed on JBoss Fuse
- Hawtio deployed on JBoss EAP
Hawtio authentication with LDAP on Tomcat 7
This section will show you how to setup authentication for Hawtio on Tomcat. For this purpose we will
- Install Tomcat 7 (part of EWS 2.0.1)
- Configure LDAP authentication on Tomcat 7
- Install Apache Directory Server
- Deploy Hawtio on Tomcat 7
Install Tomcat 7
- Download Red Hat JBoss Web Server 2.0.1-1 Application Servers for RHEL 6, x86_64
- Extract the archive
- Create jboss-ews-2.0/tomcat7/bin/setenv.sh with the following content
-Dhawtio.rolePrincipalClasses=com.sun.security.auth.UserPrincipal"
Configure LDAP authentication on Tomcat 7
- Create jboss-ews-2.0/tomcat7/conf/jaas.config
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://localhost:10389/ou=people,dc=example,dc=com"
bindPrincipal="uid=admin,ou=system"
bindCredentials="secret"
bindAuthenticationType="simple"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{OU}"
useSSL=false
debug=true;
};
- In jboss-ews-2.0/tomcat7/conf/server.xml insert into the Host section (after the Valve)
<Realm className="org.apache.catalina.realm.JAASRealm" appName="hawtio"/>
</Context>
Install Apache Directory Server
- Install Apache Directory Studio in Eclipse (more info at http://directory.apache.org/studio/). I have used JBDS 7.1 for this purpose.
- In Eclipse navigate to "Help / Install New Software" and add http://directory.apache.org/studio/update/2.x/.
- Choose version 2.0.0.v20130628, but omit "Apache Directory Studio RCP" as there was an issue with missing dependencies
- Create a Apache DS instance
- Open the LDAP perspective
- Create a new LDAP server of type "ApacheDS 2.0.0"
- Create a new Connection
- Assign port 10389
- Specify bind user/password as uid=admin,ou=system/secret
- Import schema
- Open the connection with the bind user/password uid=admin,ou=system/secret
- Do a right-click on "Root DSE" and choose Import / LDIF Import
- Import the example LDIF file you can download here
Deploy Hawtio on Tomcat 7
- Download Hawtio hawtio-default-1.2.2.war from here
- Copy hawtio-default-1.2.2.war to jboss-ews-2.0/tomcat7/webapps/
- Startup Tomcat by executing
- In a browser enter the URL http://localhost:8080/hawtio-default-1.2.2/
- Observe catalina.out with
- Login with admin/hawtorwhat. This should succeed and the following output is shown in catalina.out
[LdapLoginModule] user provider: ldap://localhost:10389/ou=people,dc=example,dc=com
[LdapLoginModule] searching for entry belonging to user: admin
[LdapLoginModule] found entry: uid=admin,ou=people,dc=example,dc=com
[LdapLoginModule] attempting to authenticate user: admin
[LdapLoginModule] authentication succeeded
[LdapLoginModule] added LdapPrincipal "uid=admin,ou=people,dc=example,dc=com" to Subject
[LdapLoginModule] added UserPrincipal "admin" to Subject
[LdapLoginModule] added UserPrincipal "admins" to Subject
- Logout and try to login with johndoe/notsohawt. This should fail and this output appears in catalina.out
[LdapLoginModule] user provider: ldap://localhost:10389/ou=people,dc=example,dc=com
[LdapLoginModule] searching for entry belonging to user: johndoe
[LdapLoginModule] found entry: uid=johndoe,ou=people,dc=example,dc=com
[LdapLoginModule] attempting to authenticate user: johndoe
[LdapLoginModule] authentication succeeded
[LdapLoginModule] added LdapPrincipal "uid=johndoe,ou=people,dc=example,dc=com" to Subject
[LdapLoginModule] added UserPrincipal "johndoe" to Subject
[LdapLoginModule] added UserPrincipal "programmers" to Subject
When do you plan to write about Hawtio authentication with LDAP on JBoss Fuse 6.1?
ReplyDeleteFinally this article is up now. On JBoss EAP there are some technical issue preventing the implementation, so I will post it, once resolved.
ReplyDelete