How to install webpasswordsafe 1.3 WAR on Centos 6

Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.

Prerequiste:

You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :

Howto install JDK 7 with JCE

Howto install Tomcat 7 on centos 6

I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..

  • Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
    • Don’t forget to run mysql_secure_installation and change the root password..

 

  • Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )

 

 

Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:

# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*

If you see a file there, skip the copy, you already have the JDBC driver installed.

# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/

Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.

# mysql -u root -p
 mysql> create database webpasswordsafe;
 mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE';
 mysql> grant all privileges on webpasswordsafe.* to wps@localhost;
 mysql> grant usage on webpasswordsafe.* to wps@localhost;
 mysql> flush privileges;
 mysql> exit

Now we will deploy the WAR for the first time, and configure some settings:

Stop tomcat if it run:

# /etc/init.d/tomcat-webpasswordsafe stop

Copy the WAR in the webapp directory of your tomcat install and we will rename it:

# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/
# mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war

Start Tomcat:

# /etc/init.d/tomcat-webpasswordsafe start

Now let’s configure few basics settings:

Set a new secret key at encryptor.jasypt.password

# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3
# vim WEB-INF/encryption.properties

Edit the config to access the database:

# vim WEB-INF/jdbc.properties
 set db user key
 jdbc.username=wps
 jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE

 uncomment mysql config:
 # MySQL/MariaDB settings
 hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe
 jdbc.validationQuery=select 1

Now restart Tomcat and we’ll see if everything work:

# /etc/init.d/tomcat-webpasswordsafe restart

Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/

If you are using the default LocalAuthenticator the user/pass are: admin/admin

That’s it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.

 

Be sure to setup a SSL connection if you want to use this in production… You don’t want to access your password manager via http… You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.

 

Note:

Advertisements
    • eatinglogic
    • September 10th, 2014

    After copying the war file to the webapp directory your directions say to move (rename) the file, but it doesn’t include the path so it just renames the source file.

    Later, when setting the secret key, you instruct to cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3 when in fact /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3 is a war file not a directory? EDIT: You should specify that this needs to be extracted.

      • ioan chirita
      • October 16th, 2015

      being a .war file it will be extracted by the tomcat server, no need to extract manually.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: