How to Turn on Basic Server-side Authentication for Lucee

Here’s the instructions I use whenever I need to remember how to set up basic server-side authentication on a Lucee server. These are really instructions for Apache Tomcat, which Lucee uses as its web server.

This is something I often do for development sites, but not production. It will allow your Lucee website to authenticate against a static file of users.
(If you are looking for a way to do this dynamically one option is to connect your website to Active Directory. This is how our production sites are configured and I’ve documented the process here.)

If you’re like me and migrating from Apache Webserver this process is similar to adding users to a password file using the htpasswd command.

First we will create an xml file with our user data. Store this outside of your web root! The format looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
	<role rolename="canaccessMYAPP"/>
	<user username="gaspard" password="abcd1234" roles="canaccessMYAPP"/>
</tomcat-users>

The userstore ends up being global within Tomcat, so I’ve made the security role specific to MYAPP. Later on you’ll see how I use this in the web.xml to control access to only MYAPP.

In our server.xml file, now we will tell Tomcat about our file with the user data by making an entry inside the <GlobalNamingResources> tag.

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
			  
	<Resource name="MY_APP_UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"            
               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="C:\MY_APP-users.xml" />
  </GlobalNamingResources>

(you can remove the default user store on lines 2-6)

Now that we’ve told Tomcat about our XML file with user data, let’s tell Tomcat that this file is available within the engine.

<Engine name="Catalina" defaultHost="127.0.0.1">
      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
		<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="MY_APP_UserDatabase"/>
      </Realm>
<Host name="MY_APP.test" appBase="webapps" unpackWARs="true" autoDeploy="true" >
		<Context path="" docBase="C:\wwwroot\MY_APP\public_html\" />
		<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" />
		</Host>

    </Engine>

We’ve also defined our host within the <engine> area. You can read more about that here.

Now lets tell our website to authenticate against our list of users. In our web.xml we will add the following:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 
id="WebApp_ID" version="3.1">
	<display-name>test</display-name>
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
		<welcome-file>index.htm</welcome-file>
		<welcome-file>index.cfm</welcome-file>
		<welcome-file>default.html</welcome-file>
		<welcome-file>default.htm</welcome-file>
		<welcome-file>default.cfm</welcome-file>
	</welcome-file-list>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name></web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>canaccessMYAPP</role-name>
		</auth-constraint>
	</security-constraint>
	<security-role>
    <role-name>canaccessMYAPP</role-name>
  </security-role>
	<login-config>
		<auth-method>BASIC</auth-method>
	</login-config>
</web-app>

As I said at the start, I usually only use this for dev environments. But if you have multiple user files for multiple web apps on one server the user accounts are global. We don’t want the users from MYAPP #1 getting access to MYAPP #2. In the above example I am controlling access by stating that this website only allows users with “canaccessMYAPP”. If I had a second user database I would make a role for those users called “canaccessOTHERAPP” and configure that web.xml to only allow the users with that role to access.

Hope some of you find this useful!

Building a Rain Barrel Water Tower for the Chicken Coup

I was given this old barrel that originally stored non-toxic antifreeze. My plan was to build a Whizbang chicken plucker, but buying a small backyard chicken plucker turned out to be nearly the same price as buying all the hardware needed to build my own. (It might be worth it if you already have all the parts on hand)

So what to do with the barrel?

I have automatic feeders and I have automatic waterers for my chickens, but the current waterers leak everywhere and I have a garden hose running across my backyard to the coup. Its time to reengineer the poultry watering system. It would be a good start to have a water source at the coup. A rain barrel is just what I need.

No plans needed!

Just need it up high enough to let gravity do the work.

That should be about right. Now we need to add the spigot

I had to cut off the cover in order to access the inside and install the spigot and give the inside a good washing. Now how to reattach the cover?

Mistakes were made, but its finally back on securely.

Now to place it behind the chicken coup. Its in just the right spot to catch the rain once I install the gutter.

Hmm, that looks a little dangerous. Better add a safety rope to keep it from tipping over and crushing someone.

Lets’ secure the bottom as well…

Ok now let’s do some plumbing.
I have a few scraps of piping left over from a different project, but it will do fine. Maybe I should buy the correct kind of elbow? Nah.

Looking good!

Water was flowing out both sides, so I had to plug up this hole until I get to the hardware store for the correct elbow.

That’s a good start!
Ok, let’s lets connect up the new chicken waterers.

Two buckets hooked up. Each bucket has a float valve and watering cups. The rain barrel is high enough for the water to flow downstream and refill the buckets when the float valves open.

I put a rock inside the bucket as a counter weight to the float.

My goal is to be able to go away for a few days without worrying about the chicken’s water. I’m using Grandfather’s Feeders for automatic feeding which hold 40lbs of food and work great. But water had always been an issue.

Previously I was using the 6 gallon buckets shown in the photo below. There is a float on the bottom that is supposed to slowly let out the water, but they only worked correctly if the buckets were perfectly level and often the water would slowly drip out the side after only a day or two. I tried hanging the buckets, but then the chickens knocked them around and splashed the water out. I also tried modifying the buckets to use a float valve on top connected to the hose, but that just lead to them continually refilling and causing an even bigger mess. The chickens would also poop in the trough causing the water to get completely dirty.

I’m really happy with how this came out. Now I have non-spilling waterers and 50 gallons of reserve water that will automatically refill itself when it rains (or I could fill up from the garden hose if there’s no rain). My next step will be to make covers for the water buckets to keep the leaves and mosquitos out.

Success! The poults like it!

How to Install a Certificate in ColdFusion

I have to do this so infrequently that I always have to look up the instructions again. Putting these here so I can find them easily.

I’m always surprised that there isn’t an easy way to download the cert from the command line. If there was then this could be made into a nice little script. Grabbing the cert via your browser is still the easiest way.

Step 1:
Go to https:\URL and click on lock icon, and download the cert into the C:\ColdFusion11\jre\lib\security\ directory or whatever the jre\lib\security directory is for your CF install

Step 2:
On the command line, go to your jre\bin directory
cd C:\ColdFusion11\jre\bin

Step 3:
Run the following command. (Adjust your paths and cert names as necessary.)
keytool -import -trustcacerts -keystore C:\ColdFusion11\jre\lib\security\cacerts -storepass changeit -noprompt -alias MYCERTNICKNAME -file C:\ColdFusion11\jre\lib\security\MYCERTFILENAME

The MYCERTFILENAME should match the filename, the MYCERTNICKNAME can be anything, but I like to keep it the same as the filename

Step 4:
Restart the Coldfusion Application service

Linux Mint Windows Disappear When Minimized

I run Linux Mint on multiple computers at home. Recently I reinstalled Linux Mint and was having this strange issue where windows disappeared when I minimized them. They were no where on the taskbar and I couldn’t remember the keyboard shortcut to switch between running applications. After a little digging I realized that “Window List” was not active on my taskbar. Not sure how that happened, but easy enough to fix.

To fix the issue right-click on the taskbar, choose “Add to Panel…” and then add “Windows List”. Easy!

Hatching Aquasaurs

Triops aka “Aquasaurs” are small prehistoric creatures that can remain in suspended animation for a long time. They hatch out once they get wet and grow quickly. In that way they are like sea monkeys, but they grow much much bigger.

Here is a video taken on 2020-03-24. The Triops have hatched out and they were finally big enough to see:

Here they are four days later:

And finally here they are today, just eight days from the first video. They are getting huge!

New Garden

The coronavirus quarantine has given us lot more time in the backyard this week. The weather is beautiful, so we’ve begun working on a new garden.

Last year we built our first tiered garden and it worked out great. So this year we’ve decided build a second tiered garden to mirror the first.

We are hoping to grow a lot more of our own food this year. We especially love making pickles so we need twice as much space for cucumbers!

After measuring out the space for the new garden, we began to cut sod. We put the sod squares into the Turkey run as last year’s turkeys turned the run into a mud pit.

I’ve been playing a lot of Minecraft and all I can think about is how quick cutting this sod would go in the game. LOL!

Once the garden area is cleared we hope to have the wood needed to edge the garden delivered as we continue to reduce our exposure to coronavirus.

Migrating to Lucee from Adobe CF

I’ve been migrating a lot of older sites from old installs of Adobe Coldfusion to new servers and fresh installs of Lucee Coldfusion lately. The majority of these applications were migrated without much trouble.  I’ve found that Lucee Coldfusion is also easy to keep secure and current as it has continual stable releases and monthly patches that can be installed from the admin area.

For the most part the migration to Lucee is a simple matter of installing Lucee Coldfusion, and adding the application codebase. After thoroughly testing that the application works locally I stand up a Test server and repeat the process. After passing UAT, the test server is cloned to create the production server and the datasource is re-pointed to the production db on the new production server. Finally the DNS entry is repointed to move the web traffic from the old existing server to the new server.

Below is the process I use when starting on a new migration

  1. Stand up a Lucee dev environment
    1. I’ve been moving to Linux servers at the same time as migrating to Lucee, but for now let’s assume we’re in Windows
    2. If you’re new to Lucee, just grab the express install from Lucee.org and install it.
  2. Checkout the site’s codebase into the Lucee ROOT directory.
    1. You are using version control right?
    2. I make a new branch to track any code changes needed. If your site is simple it most likely will just work. Otherwise check this list for ideas of what might need to be changed.
    3. Alternatively you can configure it to look at a directory other than ROOT. See this blog post
    4. If you may need to set up multiple Lucee dev sites you may want to read this
    5. If you need to turn on server side authentication read this
  3. Configure any datasource your site may need in the Lucee admin area.
    1. http://YOUR_DOMAIN_NAME/lucee/admin/server.cfm
  4. While you’re in the Lucee admin area install and activate the Log Analyzer plugin.
    1. This will allow you to view the server logs much like you would in Adobe’s CFAdmin. Very handy!
  5. At this point your site may just work.
    1. If your site works, congratulations! You can begin to validate that everything really does still works
    2. If not, usually you will get an error that explains what the issue is.
    3. For more ideas of what might be wrong: Common Issues when Migrating Existing Codebases to Lucee Coldfusion.