How to install webpasswordsafe 1.3 WAR on Centos 6

Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.

Prerequiste:

You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :

Howto install JDK 7 with JCE

Howto install Tomcat 7 on centos 6

I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..

• Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
  • Don’t forget to run mysql_secure_installation and change the root password..

 

• Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )

 

• Download the webpasswordsafe war on google code: https://code.google.com/p/webpasswordsafe/downloads/list

 

Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:

# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*

If you see a file there, skip the copy, you already have the JDBC driver installed.

# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/

Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.

# mysql -u root -p
 mysql> create database webpasswordsafe;
 mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE';
 mysql> grant all privileges on webpasswordsafe.* to wps@localhost;
 mysql> grant usage on webpasswordsafe.* to wps@localhost;
 mysql> flush privileges;
 mysql> exit

Now we will deploy the WAR for the first time, and configure some settings:

Stop tomcat if it run:

# /etc/init.d/tomcat-webpasswordsafe stop

Copy the WAR in the webapp directory of your tomcat install and we will rename it:

# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/
# mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war

Start Tomcat:

# /etc/init.d/tomcat-webpasswordsafe start

Now let’s configure few basics settings:

Set a new secret key at encryptor.jasypt.password

# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3
# vim WEB-INF/encryption.properties

Edit the config to access the database:

# vim WEB-INF/jdbc.properties
 set db user key
 jdbc.username=wps
 jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE

 uncomment mysql config:
 # MySQL/MariaDB settings
 hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe
 jdbc.validationQuery=select 1

Now restart Tomcat and we’ll see if everything work:

# /etc/init.d/tomcat-webpasswordsafe restart

Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/

If you are using the default LocalAuthenticator the user/pass are: admin/admin

That’s it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.

 

Be sure to setup a SSL connection if you want to use this in production… You don’t want to access your password manager via http… You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.

 

Note:

• Here’s the admin documentation http://webpasswordsafe.googlecode.com/svn/trunk/docs/AdministratorGuide.html
• Thanks to Jonathon who posted the steps he took to install webpassword safe on debian in the group. ( https://groups.google.com/d/msg/webpasswordsafe/IUTko0NGuv4/UANDeTbFnsEJ )