Versions Compared

Old Version 19

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

SecurityStartupFilter allows the Pentaho BI Platform to obtain a user's credentials (java.security.Principal) and inject it into the Pentaho user session. This requires a new bean definition:

Code Block
xml
xml
titleapplicationContext-acegi-security.xmlxml
<bean id="pentahoSecurityStartupFilter"
  class="org.pentaho.platform.web.http.security.SecurityStartupFilter" />

...

Notice the login_error=2 parameter on the filterProcessesUrl? The login page should test for login_error=2 and print the appropriate message describing what just happened.

Code Block
xml
xml
titleapplicationContext-acegi-security.xmlxml
<bean id="httpSessionReuseDetectionFilter"
  class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter">
  <property name="filterProcessesUrl" value="/j_acegi_security_check" />
  <property name="sessionReuseDetectedUrl" value="/Login?login_error=2" />
</bean>

...

PentahoLogoutHandler executes various cleanup tasks when the user logs out.

Code Block
xml
xml
titleapplicationContext-acegi-security.xmlxml
<bean id="logoutFilter"
  class="org.acegisecurity.ui.logout.LogoutFilter">
  <constructor-arg value="/index.jsp" />
  <!-- URL redirected to after logout -->
  <constructor-arg>
    <list>
      <bean
        class="org.pentaho.platform.web.http.security.PentahoLogoutHandler" />
      <ref bean="rememberMeServices" />
      <bean
        class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
    </list>
  </constructor-arg>
  <property name="filterProcessesUrl" value="/Logout" />
</bean>

...

RequestParameterAuthenticationFilter provides security services for Pentaho Spreadsheet Services (PSS). If you are using PSS, add this filter, along with the associated RequestParameterFilterEntryPoint bean to your Spring config.

Code Block
xml
xml
titleapplicationContext-acegi-security.xmlxml
<bean id="requestParameterProcessingFilter"
  class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter">
  <property name="authenticationManager">
    <ref local="authenticationManager" />
  </property>
  <property name="authenticationEntryPoint">
    <ref local="requestParameterProcessingFilterEntryPoint" />
  </property>
</bean>

<bean id="requestParameterProcessingFilterEntryPoint"
  class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" />

...

Warning: Note that the pentahoSecurityStartupFilter needs to be preceded by the httpSessionContextIntegrationFilter. Otherwise, when the Pentaho startup filter is triggered, the java.security.Principal will not be in the session and will fail.

Code Block
xml
xml
titleapplicationContext-acegi-security.xmlxml
<bean id="filterChainProxy"
  class="org.acegisecurity.util.FilterChainProxy">
  <property name="filterInvocationDefinitionSource">
    <value>
      <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      PATTERN_TYPE_APACHE_ANT
      /**=securityContextHolderAwareRequestFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter, \
      logoutFilter,authenticationProcessingFilter,basicProcessingFilter,requestParameterProcessingFilter,rememberMeProcessingFilter, \
      anonymousProcessingFilter,pentahoSecurityStartupFilter,switchUserProcessingFilter,exceptionTranslationFilter, \
      filterInvocationInterceptor]]>
    </value>
  </property>
</bean>