Configuring Administration

Some parts of MDWorkbench Server are restricted to administrators. This applies to a few web pages and to some servlets that require authentication:

When a user tries to access an administrator-only web page, the server will require the user to log-in so that his role can be verified. The access is validated only if the user has the following role: mdw-admin

The authentication and role verification is configured in the web container itself. MDWorkbench Server relies on standard Java EE web application security architecture.

The user management depends on the actual web container used. You are recommended to refer to its documentation for more information. The information provided below is provided as a quick start guide.

Authentication in Apache Tomcat

Below is some information on how to declare users in Tomcat:
Realm Configuration HOW-TO

A typical implementation for user management in Tomcat is UserDatabaseRealm. In this case, you need to add some users in the <Tomcat>/conf/tomcat-users.xml file and assign them a roles="mdw-admin" attribute.

Authentication in Jetty

If you use Jetty for developing extensions to MDWorkbench Server, make sure to carefully follow the configuration recommended in the Testing with Jetty section.

To declare users in Jetty:

Create a file somewhere in your file system.

Edit this file in a text editor and for each administrator to create add a line like the following:

        <userName>: <password>,mdw-admin

e.g.

        Administrator: mySimplePassword,mdw-admin

You might encrypt the password, to avoid having it declared in plain text in the file, using the Java class org.eclipse.jetty.util.security.Password provided in the org.eclipse.jetty.util.security plug-in.
Reference this file path in the Java VM argument mdw.server.jetty.users.location in your Eclipse. launch configuration. See Testing with Jetty for more information.