This page last changed on May 29, 2013 by juha.

Hello everyone,
I am new to this forum. I am amazed by works done on openremote, thanks!

I installed controller 2.0.1 to a desktop PC running window7. with the original webconsole.war, I am getting a page stuck on loading. after I replaced it with the webconsole.war from this link: http://multimation.co.uk:8080/controller/webconsole.war. It works good for me.

Then i wanted to add user name and password to the controller. I did the following.

1. un-commented the security constraint section at web.xml under webapp/controller/WEB-INF, now it is like:

***

<!-- Constraint resource: /rest/control/* -->
  
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Control command RESTful service of Openremote Controller</web-resource-name>
        <description>Control command RESTful service of Openremote Controller</description>
        <url-pattern>/rest/control/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>openremote</role-name>
      </auth-constraint>
    </security-constraint>
  

  <!-- Constraint resource: /rest/panel/* -->
  
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
        <description>Panel identity RESTful service of Openremote Controller</description>
        <url-pattern>/rest/panel/*</url-pattern>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
        <role-name>openremote</role-name>
      </auth-constraint>
    </security-constraint>
  

  
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Status command RESTful service of Openremote Controller</web-resource-name>
       <description>Status command RESTful service of Openremote Controller</description>
       <url-pattern>/rest/status/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>openremote</role-name>
     </auth-constraint>
   </security-constraint>
   <security-constraint>
     <web-resource-collection>
       <web-resource-name>Polling command RESTful service of Openremote Controller</web-resource-name>
       <description>Polling command RESTful service of Openremote Controller</description>
       <url-pattern>/rest/polling/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>openremote</role-name>
     </auth-constraint>
   </security-constraint>
  
 
    <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>OPENREMOTE_Controller</realm-name>
    </login-config>
    <security-role>
      <role-name>openremote</role-name>
    </security-role>

****

2. went to /security and edited user.xml like:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="openremote"/>
  <user username="test" password="tomcat" roles="openremote"/>
</tomcat-users>

****

3. restarted server, synchronized controller and type in localhost:8080/webconsole. I am getting the controller list screen
4. after i edited the controller, all my panels show
5. after clicking on one of the panels, i was asked to enter user name and password, i entered "test" as username and "tomcat" as password. it redirects to the list of my panels again, if i click one panel, it will ask for username and password again. Look like controller is not taking the user name and password i entered.

What did i do wrong? Should i set up the user ID and PD somewhere else, not at /security/user.xml? please help me.


Untitled.jpg (image/jpeg)

The username, role and password have to be defined in a tomcat specific file.
It is in controller-2.0.1/conf/tomcat-users.xml.

You can also test the URL's in a browser which should also popup the password window.

Posted by mredeker at Dec 08, 2012 08:29

Hi Marcus

Thanks for your reply, but i don't see the tomcat-users.xml under /conf/
I only see the following files:

I also tried to add tom-users.xml to this folder with the contents below, but it still won't work.

*****
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="openremote"/>
<user username="test" password="tomcat" roles="openremote"/>
</tomcat-users>
****

Do you have any other suggestions?
I download controller2.0.1 from this link: http://sourceforge.net/projects/openremote/files/OpenRemote-Controller-2.0.1.zip/download, is it correct?

Thanks

Posted by fong at Dec 09, 2012 04:35

@Marcus,
What is the purpose of the existing users.xml that resides in the /security/ directory of the distribution files?
Its contents are:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
</tomcat-users>

Posted by pz1 at Dec 09, 2012 09:48

I originally thought that users.xml at /security would be for setting up user ID and PD. But it did not work for me.

Thanks

Posted by fong at Dec 09, 2012 14:37

Yes, I understood that from your perfect description. I was only curious about the purpose of the users.xml under security.

Posted by pz1 at Dec 09, 2012 15:48

I just double checked and the 2.0.1 download from sourceforge indeed needs the security configured in /security/users.xml
The config in the first post looks ok to me and I just pinged Richard to take a look at this.

Posted by mredeker at Dec 09, 2012 17:10

Hi Fong,

From your information it looks like you have correctly configured security on the controller; the problem you have is that the current Controller.2.0.1 download on sourceforge doesn't have a patch I created to allow security to work with the Web Console which is why it isn't working for you. I have placed a version of Controller.2.0.0 on my server which has the patches applied; you can try that if you wish: -

http://multimation.co.uk:8080/controller/OpenRemote-Controller-2.0.0_Patched.zip

Please let us know if this works for you.

Rich

Posted by kurrazyman at Dec 09, 2012 17:22

Thanks Rich and Marcus and PE, I tried the controller from http://multimation.co.uk:8080/controller/OpenRemote-Controller-2.0.0_Patched.zip and replaced webconsole.war with webconsole from http://multimation.co.uk:8080/controller/webconsole.war. It works perfectly now.

May I ask whether the source code for webconsole is at https://openremote.svn.sourceforge.net/svnroot/openremote/workspace/richturner/WebConsole_2_0_0_template/?

Fong

Posted by fong at Dec 09, 2012 19:32

Glad to hear it is working now. Yes that is where the source code is for the web console.

Rich

Posted by kurrazyman at Dec 09, 2012 19:34

Hi

Just following on from this.

Is it possible to restrict which panels each user can see?

For example, a parent in a home can access everything, but each child can only access communal panels and their own specific panel?

Cheers
Stuart

Posted by mdar at Jun 30, 2015 15:42

Indeed it is possible to restrict access on a per panel basis by creating panel specific security constraints see below example for a panel named 'test' : -

<security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/test</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>openremote</role-name>
</auth-constraint>
</security-constraint>

Posted by kurrazyman at Jun 30, 2015 16:51

Somehow I just knew the answer would be "Yes"

So

Correct me if I'm wrong...

Role-name must be assigned to each panel.

Then each user must be associated with a 'role-name'

But, can multiple role names be assigned to panels?

<security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/communal</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>openremote</role-name>
<role-name>child1</role-name>
<role-name>child2</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/Child1</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>openremote</role-name>
<role-name>child1</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Panel identity RESTful service of Openremote Controller</web-resource-name>
<description>Panel identity RESTful service of Openremote Controller</description>
<url-pattern>/rest/panel/child2</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>openremote</role-name>
<role-name>child2</role-name>
</auth-constraint>
</security-constraint>

With the user list looking something like this?

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="openremote"/>
<role rolename="child1"/>
<role rolename="child2"/>

<user username="Parent1" password="boss" roles="openremote"/>

<user username="Parent2" password="biggerboss" roles="openremote"/>

<user username="firstborn" password="boss" roles="child1"/>

<user username="secondborn" password="biggerboss" roles="child2"/>

</tomcat-users>

Or is it that users can have multiple roles, where 1 role is assigned to a panel?

Or should I just pay someone to do this bit for me

Posted by mdar at Jun 30, 2015 17:36

Multiple role names can be used within a single constraint and a user can be belong to multiple roles, some info can be found at: -

http://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html

Posted by kurrazyman at Jun 30, 2015 18:18
Document generated by Confluence on Jun 05, 2016 09:44