I have an instance of Hawtio-offline deployed on a TomCat server which is authenticated through TomCat authentication (so, for example, the users are defined in the conf/tomcat-users.xml file). I was wondering if there is a way to enforce user roles and permissions solely through TomCat authentication.
For example, I would like to have a guest user that can only view each tab but not change anything. Or have a role that can only start or pause camel contexts and cannot destroy contexts.
Is this possible? If so what is the best way to implement this? Thank you!
At this moment, RBAC (Role-Based Access Control) is supported only on Apache Karaf container.
If you would like to enable RBAC for Tomcat you would need to implement a JMXSecurityMBean for Tomcat and register it to the platform MBean server so that Hawtio can look it up:
https://github.com/hawtio/hawtio/blob/hawtio-2.0.3/hawtio-system/src/main/java/io/hawt/jmx/JMXSecurityMBean.java
but it is hard.