Difference between revisions of "WebProtegeHttpsLogin"

From Protege Wiki
Jump to: navigation, search
(Removed this page from the Application category. The Application category is reserved for pages that describe an application like Protege, WebProtege, etc. This page is just documentation.)
 
(9 intermediate revisions by 2 users not shown)
Line 3: Line 3:
  
 
<div style="background:#F7F7F7; border:1px solid #999999; padding:1em; width:75%;">
 
<div style="background:#F7F7F7; border:1px solid #999999; padding:1em; width:75%;">
'''[[ID::WebProtege]]''' uses a form of client-side encryption for the http login configured by default. To use the more secure SSL login in Tomcat, start by enabling the https property in your protege.properties file.
+
'''[[ID::WebProtege]]''' uses a form of client-side encryption for the http login configured by default. To use the more secure SSL login in Tomcat, follow these instructions.  
 
 
 
 
 
 
<b>http://webprotege.stanford.edu</b>
 
 
 
 
 
'''14 Aug 2009:''' build 200 now available<br />
 
'''01 Aug 2009:''' build 103 now available - compatible with Protege 3.4.1 release and upgraded to GWT 1.7<br />
 
'''03 Apr 2009:''' build 102 now available - compatible with Protege 3.4 release<br />
 
'''26 Oct 2008:''' We are very pleased to announce the initial release of WebProtege 0.5 alpha
 
 
 
 
 
'''[[WebProtegeReleaseNotes|View Release Notes]]'''<br />
 
'''[[WebProtegeAdminGuide|View Download Instructions]]'''
 
 
 
 
 
<div style="color:#CC0000;font-weight:bold;">Help us evaluate WebProtege by taking a [http://www.surveymonkey.com/s.aspx?sm=WuTpnqnBem7JD77fSFDJLQ_3d_3d 3-minute survey].</div>
 
</div>
 
  
  
Line 31: Line 13:
 
windows:
 
windows:
  
<code>
+
<pre>
 
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore  
 
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore  
</code>
+
</pre>
  
 
unix:
 
unix:
  
<code>
+
<pre>
 
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore
 
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore
</code>
+
</pre>
  
 
== Configure Tomcat to Use HTTPS ==
 
== Configure Tomcat to Use HTTPS ==
  
For Tomcat to use https, some additional configuration is required.  
+
For Tomcat to use https, we need to add a new connector (Tomcat 6 is not configured for SSL by default) and point it to the keystore. To do this, simply add the following lines to your <code>server.xml</code>, found at <code>$TOMCAT_HOME/conf</code>:  
 
 
=== Edit the server.xml ===
 
Now begin editing your <code>server.xml</code> file at $TOMCAT_HOME/conf:  
 
  
<code>
+
<pre>
<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+
<-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
 
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
 
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
 
               maxThreads="150" scheme="https" secure="true"
 
               maxThreads="150" scheme="https" secure="true"
 
               clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my/keystore/.keystore" keystorePass="webprotege"/>
 
               clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my/keystore/.keystore" keystorePass="webprotege"/>
</code>
+
</pre>
A short [[WebProtegeUsersGuide|user guide]] with screenshots describing the main user interface elements in WebProtege.
 
 
 
=== [[WebProtegeAdminGuide|Download and Install - Administrator's Guide]] ===
 
A [[WebProtegeAdminGuide|step-by-step guide]] for site administrators who want to download and install WebProtege.
 
  
=== [[WebProtegeDevelopersGuide|Developer's Guide]] ===
+
Be careful to substitute the /path/to/my/keystore with the correct path to your keystore, which you generated in step one. Note that this connector is already present in the tomcat server.xml file, but it is commented-out. It is very important to set the connector to listen to port 443, because webprotege will always use the default https port, which is 443, and the default Tomcat connector will only listen on port 8443.
A [[WebProtegeDevelopersGuide|guide]] for developers who want to compile and run WebProtege from an IDE.
 
  
 +
== Change the https property in protege.properties ==
  
== Screenshots ==
+
To configure WebProtege to use https, change the protege.properties file to set the <code>login.with.https</code> property to true.
  
'''Viewing the list of available ontologies on the server:'''
+
== Start Tomcat ==
 
 
[[Image:Webprotege-Mywebprotege.png|thumb|none|800px|My WebProtege tab]]
 
 
 
 
 
'''Viewing the class tree for the NCI Thesaurus:'''
 
 
 
[[Image:Webprotege-nci.png|thumb|none|800px|Classes tab]]
 
 
 
 
 
==[[WebProtegeRoadMap|WebProtege Roadmap]] ==
 
 
 
To see what our future plans for WebProtege are, and to add feature requests, please go to the [[WebProtegeRoadMap|WebProtege roadmap]] wiki page.
 
  
 +
You are now ready to start Tomcat. Note that on some versions of Unix, you may need to run the Tomcat server as root or another user with authority over the lower ports; port 443 is secured by default.
  
 
== About WebProtege ==
 
== About WebProtege ==
 
WebProtege is currently under development by the [http://protege.stanford.edu/aboutus/aboutus.html Protege team] at the [[Affiliated with::Stanford Center for Biomedical Informatics Research]].
 
WebProtege is currently under development by the [http://protege.stanford.edu/aboutus/aboutus.html Protege team] at the [[Affiliated with::Stanford Center for Biomedical Informatics Research]].
  
 +
== Contact Us ==
 +
If you have questions or comments, please post them on the [https://mailman.stanford.edu/mailman/listinfo/webprotege-feedback WebProtege mailing list].<br /><br /><br />
  
== References ==
 
 
* A short paper describing WebProtege was presented as a poster at [http://www.webont.org/owled/2008dc/ OWLED 2008].  The paper is available for [http://www.webont.org/owled/2008/papers/owled2008eu_submission_40.pdf download from the OWLED website].
 
 
* WebProtege is a web-client for [[Collaborative Protege]] - a Protege extension that supports the collaborative ontology development process.
 
 
* Collaborative Protege and WebProtege tutorial at the 11th Intl. Protege Conference in Amsterdam. Slides are available [http://protege.stanford.edu/conference/2009/slides/CollabProtegeTutorial.pdf here]
 
 
 
== Contact Us ==
 
If you have questions or comments, please post them on the [http://mailman.stanford.edu/mailman/listinfo/protege-discussion protege-discussion mailing list].<br /><br /><br />
 
  
[[Category:Application]]
 
 
[[Category:WebProtege documentation]]
 
[[Category:WebProtege documentation]]

Latest revision as of 12:38, March 21, 2013

Securing the WebProtege login window using SSL


WebProtege uses a form of client-side encryption for the http login configured by default. To use the more secure SSL login in Tomcat, follow these instructions.


Generate a Key

If you do not have a signed certificate from a certifying authority, you will need to generate a dummy certificate that webprotege can use. Enter a password value of webprotege when prompted, and be sure to keep a record of where you save the keystore to.

windows:

%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore 

unix:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore

Configure Tomcat to Use HTTPS

For Tomcat to use https, we need to add a new connector (Tomcat 6 is not configured for SSL by default) and point it to the keystore. To do this, simply add the following lines to your server.xml, found at $TOMCAT_HOME/conf:

<-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -->
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/path/to/my/keystore/.keystore" keystorePass="webprotege"/>

Be careful to substitute the /path/to/my/keystore with the correct path to your keystore, which you generated in step one. Note that this connector is already present in the tomcat server.xml file, but it is commented-out. It is very important to set the connector to listen to port 443, because webprotege will always use the default https port, which is 443, and the default Tomcat connector will only listen on port 8443.

Change the https property in protege.properties

To configure WebProtege to use https, change the protege.properties file to set the login.with.https property to true.

Start Tomcat

You are now ready to start Tomcat. Note that on some versions of Unix, you may need to run the Tomcat server as root or another user with authority over the lower ports; port 443 is secured by default.

About WebProtege

WebProtege is currently under development by the Protege team at the Stanford Center for Biomedical Informatics Research.

Contact Us

If you have questions or comments, please post them on the WebProtege mailing list.