Greenstone 3 User Management

Greenstone software comes equipped with a system for registering and administering users. Greenstone users can register as a user with a login and password. Administrators can then assign them into various groups. These user groups are used for authenticating login to a remote Greenstone server, and for password protecting collections and documents, and for access to online document editing.

(Note, The greenstone 2 version of this page can be found here.)


  • Registering as a user
  • User groups
  • Editing users

Setting up the Recaptcha test for User Registration

NOTE: this applies to Greenstone 3.09 and later (3.09 nightly releases from September 2018).

Greenstone 3 is set up to use Recaptcha for authenticating users when they are registering. Recaptcha requires a public "site" key, and a private "secret" key. Greenstone is shipped with Google's testing keys, which always validate. You will need to generate your own key pair at and enter them into the web/sites/localsite/siteConfig.xml file:

<recaptcha name="site_key" value="6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI"/> 
<recaptcha name="secret_key" value="6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"/>

By default, Greenstone is set up to use the recaptcha test for the "register" and "adduser" operations. If you would like to add it to other operations (or remove it from the current ones) please edit the operations recaptcha element in siteConfig.xml:

<!-- edit this list to specify which operations use the recaptcha test-->
<!-- valid operations include Register, AddUser, Login, -->
<recaptcha name="operations" value="Register,AddUser"/>

Note: please restart Tomcat for these changes to take effect.

Disabling Recaptcha in earlier versions of Greenstone

Prior to 3.09 Greenstone used version 1 of recaptcha, which is no longer supported by Google. If you have an older Greenstone, you will not be able to use recaptcha any more (unless you update your Greenstone to 3.09 or later, or a nightly release). Please remove the following two recaptcha lines in the web/sites/localsite/siteConfig.xml file:

<recaptcha name="public_key" value="6LckI88SAAAAACUYjj97WMcnz5HPjVp3lI-x-ue8"/> 
<recaptcha name="private_key" value="6LckI88SAAAAAGnGy1PwuXYZzIMXZYoPxN51bWWG"/>

GS3 Tomcat authentication notes

We use Tomcat Realm to connect to JDBC database of users. Its specified in resources/tomcat/ (which gets copied to resources/tomcat/context-name.xml, and then to packages/tomcat/conf/Catalina/localhost/context-name.xml

   For embedded derby db:
<Realm className="org.apache.catalina.realm.JDBCRealm" 
        userTable="users" userNameCol="username" userCredCol="password"
        userRoleTable="roles" roleNameCol="role"

Will end up like

<Realm className="org.apache.catalina.realm.JDBCRealm" 
        userTable="users" userNameCol="username" userCredCol="password"
        userRoleTable="roles" roleNameCol="role"

Logins timeout when the tomcat session expires. Session expiry happens after a specified period of inactivity. In, have

  * the maximum interval that the cached info remains in session_ids_table
  * (in seconds) This is set in web.xml
  protected int session_expiration = 1800;

This can be overridden by putting a session-expiration init-param into your servlet specification in web/WEB-INF/servlets.xml (which is included by web.xml). This is specified in seconds.