What would you like to happen?
[Feature Request]: User-based Project Authorization in Hop Web
Problem / Motivation
Currently, Hop Web supports basic authentication via Tomcat's tomcat-users.xml (username + password), but all authenticated users share the same Hop environment and can see all available projects. There is no built-in mechanism to restrict which projects a specific user is allowed to access.
This is a significant limitation for teams and organizations that:
- Host a single shared Hop Web instance for multiple users or departments
- Need to isolate projects per team, client, or security boundary
- Want to avoid spinning up a separate Docker container per user/project just to enforce access control
Proposed Solution
Add user-to-project authorization support in Hop Web, so that after a user authenticates (via Tomcat basic auth or any future auth provider), they only see and can access the projects they are explicitly authorized for.
This could be implemented as:
- A configuration file (e.g. hop-web-users.xml or extending tomcat-users.xml) that maps users/roles to allowed project names.
- Role-based access: define roles per project and assign users to those roles.
- UI enforcement: after login, the Hop Web GUI only shows projects the authenticated user is permitted to open.
Example configuration (conceptual)
xml
ahmet
admin
elif
admin
Current Workaround
The only current workaround is running one Hop Web Docker container per project/user group on different ports, which is operationally expensive and hard to maintain.
Additional Context
Impact
This feature would make Hop Web significantly more viable as a shared, multi-tenant platform for enterprise and team use cases.
Issue Priority
Priority: 1
Issue Component
Component: Other
What would you like to happen?
[Feature Request]: User-based Project Authorization in Hop Web
Problem / Motivation
Currently, Hop Web supports basic authentication via Tomcat's tomcat-users.xml (username + password), but all authenticated users share the same Hop environment and can see all available projects. There is no built-in mechanism to restrict which projects a specific user is allowed to access.
This is a significant limitation for teams and organizations that:
Proposed Solution
Add user-to-project authorization support in Hop Web, so that after a user authenticates (via Tomcat basic auth or any future auth provider), they only see and can access the projects they are explicitly authorized for.
This could be implemented as:
Example configuration (conceptual)
xml
ahmet
admin
elif
admin
Current Workaround
The only current workaround is running one Hop Web Docker container per project/user group on different ports, which is operationally expensive and hard to maintain.
Additional Context
Impact
This feature would make Hop Web significantly more viable as a shared, multi-tenant platform for enterprise and team use cases.
Issue Priority
Priority: 1
Issue Component
Component: Other