[hop] branch master updated: added options to provide basic authentication in Hop Web container + docs. fixes #2423

Mon, 20 Feb 2023 13:11:40 -0800 

This is an automated email from the ASF dual-hosted git repository.

hansva pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hop.git


The following commit(s) were added to refs/heads/master by this push:
     new f87f81e764 added options to provide basic authentication in Hop Web 
container + docs. fixes #2423
     new 2f8d5e24f1 Merge pull request #2446 from bamaer/2423
f87f81e764 is described below

commit f87f81e76468460ca4f72c03a481f2de222acbb0
Author: Bart Maertens <[email protected]>
AuthorDate: Mon Feb 20 13:39:58 2023 +0100

    added options to provide basic authentication in Hop Web container + docs. 
fixes #2423
---
 docker/resources/run-web.sh                        |  12 ++
 .../hop-gui/hop-web-basic-authentication.png       | Bin 0 -> 44940 bytes
 .../modules/ROOT/pages/hop-gui/hop-web.adoc        | 140 +++++++++++++++++++++
 3 files changed, 152 insertions(+)

diff --git a/docker/resources/run-web.sh b/docker/resources/run-web.sh
index c9b3a0291a..96f01f7a31 100755
--- a/docker/resources/run-web.sh
+++ b/docker/resources/run-web.sh
@@ -103,6 +103,18 @@ else
 fi
 
 
+# if we have a /config/tomcat-users.xml file, copy it to the conf folder.
+if [ -f "/config/tomcat-users.xml" ]; then
+    log "copying users file to /usr/local/tomcat/conf/"
+    cp /config/tomcat-users.xml /usr/local/tomcat/conf/
+fi
+
+# if we have a /config/web.xml file, copy it to the WEB-INF folder.
+if [ -f "/config/web.xml" ]; then
+    log "copying web.xml file to /usr/local/tomcat/conf/"
+    cp /config/web.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/
+fi
+
 #
 # Stopping a running hop web container with 'docker stop' is obviously 
possible.
 # Doing it with CTRL-C is just more convenient.
diff --git 
a/docs/hop-user-manual/modules/ROOT/assets/images/hop-gui/hop-web-basic-authentication.png
 
b/docs/hop-user-manual/modules/ROOT/assets/images/hop-gui/hop-web-basic-authentication.png
new file mode 100644
index 0000000000..00e6c8284c
Binary files /dev/null and 
b/docs/hop-user-manual/modules/ROOT/assets/images/hop-gui/hop-web-basic-authentication.png
 differ
diff --git a/docs/hop-user-manual/modules/ROOT/pages/hop-gui/hop-web.adoc 
b/docs/hop-user-manual/modules/ROOT/pages/hop-gui/hop-web.adoc
index 7847079f40..4a36088a60 100644
--- a/docs/hop-user-manual/modules/ROOT/pages/hop-gui/hop-web.adoc
+++ b/docs/hop-user-manual/modules/ROOT/pages/hop-gui/hop-web.adoc
@@ -96,3 +96,143 @@ docker run -it --rm \
 Hop Web contains the default xref:hop-tools/index.adoc[Hop tools] like 
xref:hop-tools/hop-conf/hop-conf.adoc[hop-conf], 
xref:hop-run/index.adoc[hop-run] etc.
 
 The tools are available in `/usr/local/tomcat/webapps/ROOT` in a running Hop 
Web container.
+
+== Authentication
+
+Hop Web runs on a Tomcat server by default. You can extend Hop Web's tomcat 
configuration to add authentication.
+
+The default Hop Web docker image picks up `tomcat-users.xml` and `web.xml` 
files and moves them to the correct location before Hop Web starts.
+
+A minimal sample `tomcat-users.xml` file:
+
+[source,xml]
+----
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~       http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+<tomcat-users>
+  <role rolename="apachehop"/>
+  <user username="apachehop" password="password" roles="apachehop" />
+</tomcat-users>
+----
+
+The following sample `web.xml` extends Hop Web's default `web.xml` with the 
`<security-constraint />` and `<login-config />` elements required for basic 
authentication.
+
+[source, xml]
+----
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one or more
+  ~ contributor license agreements.  See the NOTICE file distributed with
+  ~ this work for additional information regarding copyright ownership.
+  ~ The ASF licenses this file to You under the Apache License, Version 2.0
+  ~ (the "License"); you may not use this file except in compliance with
+  ~ the License.  You may obtain a copy of the License at
+  ~
+  ~       http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~
+  -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
+         version="2.4">
+
+    <context-param>
+        <param-name>org.eclipse.rap.applicationConfiguration</param-name>
+        <param-value>org.apache.hop.ui.hopgui.HopWeb</param-value>
+    </context-param>
+
+    <listener>
+        
<listener-class>org.apache.hop.ui.hopgui.HopWebServletContextListener</listener-class>
+    </listener>
+
+    <servlet>
+        <servlet-name>HopGui</servlet-name>
+        <servlet-class>org.eclipse.rap.rwt.engine.RWTServlet</servlet-class>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>HopGui</servlet-name>
+        <url-pattern>/ui</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>welcome</servlet-name>
+        <jsp-file>/docs/English/welcome/index.html</jsp-file>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>welcome</servlet-name>
+        <url-pattern>/docs/English/welcome/index.html</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>Server</servlet-name>
+        <servlet-class>org.apache.hop.www.HopServerServlet</servlet-class>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>Server</servlet-name>
+        <url-pattern>/hop/*</url-pattern>
+    </servlet-mapping>
+
+    <security-constraint>
+      <web-resource-collection>
+        <web-resource-name>Wildcard means whole app requires 
authentication</web-resource-name>
+          <url-pattern>/*</url-pattern>
+          <http-method>GET</http-method>
+          <http-method>POST</http-method>
+        </web-resource-collection>
+      <auth-constraint>
+        <role-name>apachehop</role-name>
+      </auth-constraint>
+
+      <user-data-constraint>
+        <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
+        <transport-guarantee>NONE</transport-guarantee>
+      </user-data-constraint>
+    </security-constraint>
+
+    <login-config>
+      <auth-method>BASIC</auth-method>
+    </login-config>
+
+</web-app>
+----
+
+Check the https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html[Apache 
Tomcat documentation^] on REALM configuration for more advanced configurations.
+
+Mount your local configuration folder with these two files to a `/config` 
folder in the Apache Hop Web container to do so:
+
+[source,bash]
+----
+docker run -it --rm \
+    -p 8080:8080 \
+    -v <PATH_TO_YOUR_LOCAL_CONFIG_DIRECTORY>:/config/ \
+    apache/hop-web`
+----
+
+Hop Web will now ask for your username and password:
+
+image:hop-gui/hop-web-basic-authentication.png[Hop Web with basic 
authentication, width="90%"]
+

Reply via email to