This page last changed on Apr 12, 2015 by klaus1.
I downloaded the newest controller on my raspberrypi.
Everything works fine. BUT => I want to secure all, to use it over internet not only intranet.
First of all, I didn't find any configuration for securing my controller or for logging in from my clients. If I would open my firewall ports to 8080 to my raspberrypi, everyone can upload new war files or use my program...
Therefore I need two aspects:
- LOGIN with username + password for controller and android or webconsole users
- SSL Connection and SSL controller reachability.
Posted by pierre2302 at Apr 12, 2015 19:49
First step controller security Configuration does not show any other console.
There are only errors if uploading a file:
Exception: Maximum upload size of 10000000 bytes exceeded; nested exception is org.apache.commons.fileupload.FileUploadBase$SizeLimitExceededException: the request was rejected because its size (30242961) exceeds the configured maximum (10000000)
sync is possible: sync complete!
Reload configuration and clear cache: Failed to reload configuration and clear cache!
Can I be sure to have security set all right in my designer ?? I thought there is no button for sync or uploading shown...
SSL Connection and SSL controller reachability I also can't find...
Posted by klaus1 at Apr 13, 2015 14:50
For the ssl configuration I can not help you because I do not use it
On the other hand for the login, he simply uncomment the portion security configuration /OpenRemote-Controller/webapps/controller/WEB-INF/web.xml
Add in /OpenRemote-Controller/security/users.xml
<? xml version = '1.0' encoding = 'utf-8'?>
<role rolename = "OpenRemote" />
<user username = "YOUR_USER" password = "YOUR_PASSWORD" roles = "OpenRemote" />
This configuration allows a identify on each console
For the controller just use your login designer knowing that you can disable synchronization with the parameter (resource.upload.enable = false) in the designer options
Sorry if I do not really responds to your question but with the google translation is not always easy
Posted by pierre2302 at Apr 13, 2015 22:10
thanks for your reply.
USER PASSWORD authentication works fine. thx !
But if someone opens my Controller Page in the browser and upload with a new zip file can be made. or using other login username and password for syncing with designer.
I have the resource.upload.enable = false.
Should the controller site show upload buttons if the value is false?
I think this option does not work at my raspberrypi.
Posted by klaus1 at Apr 14, 2015 06:47
Indeed it seems that it does not work from designer (resource.upload.enable = false)
I suggest you try to put a false this function directly in the file /OpenRemote-Controller/webapps/controller/WEB-INF/classes/config.properties
then restart the OpenRemote Service
Posted by pierre2302 at Apr 14, 2015 22:04
thanks, that worked for disabling the upload or sync for the controller.
SSL Connection to the controller worked with standard Tomcat SSL selfSigned certificate.
Does the android app or the webconsole need the controller page or is it possible to use a basic authentication to this site ? Am I secure with publishing the controller in the www ?
Android App has a SSL property with port and works fine.
Posted by klaus1 at Apr 16, 2015 07:08