Open ma78 opened 11 years ago
We have created a ServletFilter based protection mechanism which uses a key. The ice instance is configured with this key and users must pass it as a parameter on a first call to Ice. The key then gets stored in the cookies. We will make a Pull Request in the coming weeks.
can anyone please direct me to some documentation on implementing a ServletFilter? I get the feeling this has been solved but code is not being shared yet?
Equally, you could run the application behind httpd
and implement basic auth in there.
Some examples: http://wiki.apache.org/httpd/TomcatReverseProxy http://wiki.apache.org/httpd/PasswordBasicAuth
This method has the advantage of allowing you to swap out basic auth for SSL certificate authentication, or some other mechanism, without having to update ice
at all.
Hi Stuart. We haven't made a PullRequest yet because the authentication code in our ServletFilter is integrated with our SaaS service to provide SSO between our service and our fork of Ice. Also, the code uses a parameter (classed "access protection key") that needs to be passed on to Ice at startup (we do that through a CloudFormation parameter and a cloudinit script).
So there is more than just the ServletFilter to include in the PullRequest. And we've been too time constrained to isolate all that and make a PullRequest for now.
In the meantime, you can run our fork (for free) on your AWS account.
http://ice.teevity.com/register/.
You can start it using a CloudFormation and it has the access protection thingy and a few other things like the ability to group several tags together under a single ResourceGroup (useful when all your tags have not exactly the same name). And, thanks to the ServletFilter, it has SSO integration with our SaaS dashboard ;-)
I may work this into the existing ice_cookbook for those of you using chef to build infrastructure. Probably via nginx.
How can we password protect the ice dashboard?