This page last changed on May 09, 2013 by javentinus.

Hi all,

I got a question in terms of user account management. Unfortunately, the research I did so far could not give me an adequate answer.

Is there something like authentication, authorization and accounting implemented into OpenRemote? Would it be possible to use this software in an apartment building where different users are only allowed to access particular home appliances and where all control actions need to be logged?

Thanks in advance for your help!

Regards Johannes

You can limit certain panels to certain users using general JEE web security features.
If a user would know the REST call to activate a certain button, it will be hard to also limit this to certain user since button id's change during redeploymnet wheres panel names normally don't change.
Logging can be done through web page logging since every action is a REST call.

Posted by mredeker at May 10, 2013 20:22

Thanks a lot for your answer, Marcus.
Did I get you right that there is no secure solution at all for providing different tenants with different access permissions?
Do you know about any other free software/approach offering such functionality?

Posted by javentinus at May 22, 2013 14:19

You can provide tenants with access permissions.
So user "a" would only see panels related to his appartement and therefore can only control his lights or whatever.

But:
If a user hits a button on his panel a call is made to the server which includes the button id. This is translated on the server to perform the action.
You could also secure this server call but the problem is that after a redeployment your button id's change and you would have to modify the security settings accordingly.

Posted by mredeker at May 22, 2013 14:35

Sorry, Marcus, for my late answer, I am quite busy with exams at the moment.
Does the button's ID change after being pressed? If not, what triggers the change? How would this call be secured? Using HTTPS?

Do you know about any documentation of these security aspects? Unfortunately, I didn't find anything...

Thanks a lot!

Posted by javentinus at May 31, 2013 09:49

The ID changes when you deploy a new design.
I am not sure about HTTPS.
Some forum threads have info. I don't know if there is a more detailed documentation somewhere.

Posted by mredeker at May 31, 2013 09:57

Alright, thanks!
I just came across the DomoTop project in this forum (http://www.openremote.org/display/forums/Security+in+OpenRemote).
Are there any news? So far, I just found the source code / WAR file on github (https://github.com/DomoTop/DomoTop/tree/master/Product).

Unfortunately, my Linux and Tomcat knowledge is quite poor, so I could not install the WAR file. Do I understand it right that this howto is based on a separate installation of Tomcat (not using the Tomcat instance which comes with the OpenRemote Controller)? I also could not find the hsqldb.jar which is said to be located in Controller/lib/hsqldb/.

Would you please help me with that?

Posted by javentinus at Jun 03, 2013 11:30

I guess I could make some progress. I installed tomcat6 and went through the DomoTop installation as described in the link in my previous post.
However, it seems that two applications try to listen on the same port (8005) now:

--------------------------------------------------------------------

  DEPLOYING NEW CONTROLLER RUNTIME...

--------------------------------------------------------------------

INFO 2013-06-04 10:46:19,717 : No rule definitions found in '/home/debian/OpenRemote-Controller-2.0.2/webapps/controller/rules'.
INFO 2013-06-04 10:46:19,717 : Initialized event processor : Drools Rule Engine
INFO 2013-06-04 10:46:19,719 : Startup complete.
INFO 2013-06-04 10:46:19,721 : Controller Definition File Watcher for Default Deployer started.
Jun 4, 2013 10:46:19 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Jun 4, 2013 10:46:19 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2066 ms
Jun 4, 2013 10:46:19 AM org.apache.catalina.core.StandardServer await
SEVERE: StandardServer.await: create[8005]: 
java.net.BindException: Address already in use
	at java.net.PlainSocketImpl.socketBind(Native Method)
	at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:353)
	at java.net.ServerSocket.bind(ServerSocket.java:336)
	at java.net.ServerSocket.<init>(ServerSocket.java:202)
	at org.apache.catalina.core.StandardServer.await(StandardServer.java:373)
	at org.apache.catalina.startup.Catalina.await(Catalina.java:642)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:602)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Jun 4, 2013 10:46:19 AM org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Jun 4, 2013 10:46:20 AM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Jun 4, 2013 10:46:21 AM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
debian@debian:~$

For me it looks like there are two instances of tomcat running. Netstat tells me the following (before starting the OR controller):
root@debian:/home/debian# netstat -anp | grep 8005
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1652/java
root@debian:/home/debian#

What configuration do I have to do to prevent OR controller from starting another tomcat instance?

Thanks for your help!

Posted by javentinus at Jun 04, 2013 10:55

Not sure I understood your question about starting "another" Tomcat – we only start one, where the controller is hosted.

You can however change the default port(s) which are used by modifying the server.xml file. This is described here: Change Controller Default Port.

The same server.xml also allows you to change the default shutdown port (8005), it is the first entry in the file.

HTH

Posted by juha at Jun 18, 2013 21:47
Document generated by Confluence on Jun 05, 2016 09:40