Password Protect escenic-admin

escenic-admin is a web application for administration of the Content Store. In a default installation it is installed without password protection. escenic-admin is, however, a powerful tool and should definitely not be openly accessible in a production environment. You are therefore strongly recommended to limit access to a small group of competent users.

To password protect escenic-admin:

  1. Set escenic-admin-authentication = true in the assemblytool properties file before running the assemblytool.

  2. Define one or more user log-ins for escenic-admin in Tomcat's tomcat-users.xml file.

To define an escenic-admin user in Tomcat, you need to add an entry like this to tomcat-users.xml:

<user username="admin-user" password="admin-password" roles="ECEAdmin"/>

where:

  • admin-user is the user name you want to use for logging in to escenic-admin

  • admin-password is the password you want to use for logging in to escenic-admin

It is obviously not a good idea to enter the password in this file as plain text. For a description of how to encrypt the password, see http://www.jdev.it/encrypting-passwords-in-tomcat/.