Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The location of the shiro.ini file after installation of the JOC Cockpit is described below.

LDAP and Database Authentication

Example configurations for LDAP and Database authentication are not included with the JOC Cockpit. However, example configurations are presented later in this article (see Database Authentication) and in the separate LDAP Configuration Article. These configurations are intended to provide system administrators with sufficient information to implement these types of authentication themselves.

...

  • Note that the password hashes provided only work with the default password hashing configuration. This configuration is described in more detail in the [main] section below

Syntax

  • user=password, role1, role2
  • Where:
    • user is the user account name.
      • Names of accounts used with shiro authentication may not include blank spaces.
    • password is either saved in open text, which was the default for releases 1.11.0 to 1.11.4, or as a hash, which is the default for 1.11.5 onward.
    • role entries must be identical to roles specified in the [roles] section of the file. Any number of roles can be assigned to a user. Multiple roles are separated by commas.
    • Each entry is specified on a new line, password and role are separated by a comma.

...

Note that password hashing will not be automatically activated when updating an existing JOC Cockpit installation to version 1.11.5 or newer - see the next section for more information.

Password hashing is activated by the following lines of code in the [main] section of the shiro.ini file:

...

  • The shiro.ini file is not validated by the JOC Cockpit. This means that a configuration error will lead to that entry not being processed.
    • For example, a spelling error in a permission will lead to that permission not being set.
    • The permissions granted for an account can be inspected in the JOC Cockpit interface by logging into the interface using that account and checking the Permissions section of the User Profile view

Logging

To get a debug log file for the login procedure please add this to the file $JETTY_BASE/resources/joc/log4j.properties

Code Block
collapsetrue
#logger for security
log4j.logger.com.sos.auth=debug, shiro
log4j.additivity.com.sos.auth= false
log4j.appender.shiro = org.apache.log4j.FileAppender
log4j.appender.shiro.layout = org.apache.log4j.EnhancedPatternLayout
log4j.appender.shiro.layout.ConversionPattern = %d{ISO8601}{Europe/Berlin} %-5p %m%n%throwable{short}
#filename of shiro log
log4j.appender.shiro.File = ${jetty.base}/logs/JOCShiroLog.log

 

Additional Information

Jetty has to be restarted after changes are made to the [main] section of the shiro.ini file.

...