...
- Define the anonymous role. Note that this is already defined by default. If you must change it, change it here. Note also that the username assigned by the anonymous processing filter is not relevant to Pentaho security code that runs later in the request. Only the anonymous role is relevant. In this example, the anonymous username is
anonymousUserand the anonymous role isAnonymous. Note where the roleAnonymousoccurs in subsequent examples. Note finally that role names are case-sensitive.Code Block xml xml title applicationContext-acegi-security.xml <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <!-- omitted --> <property name="userAttribute" value="anonymousUser,Anonymous" /> </bean>
- Allow anonymous access to all web resources by editing the
objectDefinitionSourceon theFilterSecurityInterceptorto look like the example below.Code Block xml xml title applicationContext-acegi-security.xml <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref local="httpRequestAccessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/.*\Z=Anonymous ]]> </value> </property> </bean> - Use
PentahoAllowAnonymousAclVoteras yourIAclVoterimplementation. You configure yourIAclVoterimplementation partially inpentahoObjects.See 03.spring.xmland partially inpentaho.xmlfor a description of how to configure this voter. When configuring this voter, you will define the anonymous user and role. That user and/or role should be used when assigning ACLs.Code Block xml xml title pentaho.xml <pentaho-system> <!-- omitted --> <objects> <anonymous-authentication> <anonymous-user>anonymous</anonymous-user> <IAclVoter scope="global">com.pentaho.security.acls.voter.PentahoAllowAnonymousAclVoter</IAclVoter> <anonymous-role>Anonymous</anonymous-role> </anonymous-authentication> <!-- omitted --> </objects>pentaho-system>
Code Block xml xml title pentahoObjects.spring.xml <beans> <!-- omitted --> <anonymous-authentication> <bean id="IAclVoter" <anonymous-user>anonymous</anonymous-user> <anonymous-role>Anonymous</anonymous-role> </anonymous-authentication>class="org.pentaho.platform.engine.security.acls.voter.PentahoAllowAnonymousAclVoter" scope="singleton" /> <!-- omitted --> </pentaho-system>beans>
- Assign ACLs using the user and role defined in the previous step. Use these steps along with the settings below.
Code Block xml xml title pentaho.xml <pentaho-system> <!-- omitted --> <acl-publisher> <default-acls> <acl-entry role="Anonymous" acl="ADMIN_ALL" /> </default-acls> <!-- remove any active overrides entries --> </acl-publisher> <!-- omitted --> </pentaho-system> - Finally, tell Pentaho the role that should be treated as the Pentaho administrator. In this case, it's the anonymous role mentioned earlier.
If you use global system actions, then you'll need to execute a few extra steps.Code Block xml xml title pentaho.xml <pentaho-system> <!-- omitted --> <acl-voter> <admin-role>Anonymous</admin-role> </acl-voter> <!-- omitted --> </pentaho-system> - Compile and deploy the attached
GlobalSystemActionsFilter.java. Add the filter to
applicationContext-acegi-security.xml.
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
<![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=...,globalSystemActionsFilter,pentahoSecurityStartupFilter,...]]>
</value>
</property>
</bean>
<bean id="globalSystemActionsFilter" class="com.pentaho.security.GlobalSystemActionsFilter" />
pentaho.xml.
|