password protection?

[ma78]

How can we password protect the ice dashboard?

[nfonrose]

We have created a ServletFilter based protection mechanism which uses a key. The ice instance is configured with this key and users must pass it as a parameter on a first call to Ice. The key then gets stored in the cookies. We will make a Pull Request in the coming weeks.

[stuart-macintosh]

can anyone please direct me to some documentation on implementing a ServletFilter? I get the feeling this has been solved but code is not being shared yet?

[grahamlyons]

Equally, you could run the application behind httpd and implement basic auth in there.

Some examples: http://wiki.apache.org/httpd/TomcatReverseProxy http://wiki.apache.org/httpd/PasswordBasicAuth

This method has the advantage of allowing you to swap out basic auth for SSL certificate authentication, or some other mechanism, without having to update ice at all.

[nfonrose]

Hi Stuart. We haven't made a PullRequest yet because the authentication code in our ServletFilter is integrated with our SaaS service to provide SSO between our service and our fork of Ice. Also, the code uses a parameter (classed "access protection key") that needs to be passed on to Ice at startup (we do that through a CloudFormation parameter and a cloudinit script).

So there is more than just the ServletFilter to include in the PullRequest. And we've been too time constrained to isolate all that and make a PullRequest for now.

In the meantime, you can run our fork (for free) on your AWS account.

http://ice.teevity.com/register/.

You can start it using a CloudFormation and it has the access protection thingy and a few other things like the ability to group several tags together under a single ResourceGroup (useful when all your tags have not exactly the same name). And, thanks to the ServletFilter, it has SSO integration with our SaaS dashboard ;-)

[rayrod2030]

I may work this into the existing ice_cookbook for those of you using chef to build infrastructure. Probably via nginx.