Interactive Login
When a user enters his or her username and password and clicks submit on a login form, it is referred to as an interactive login. The act of processing that form post is called authentication. Note that authentication is a prerequisite to authorization. The Pentaho Professional BI Platform uses Acegi Security to process authentication requests. All of the authentication mechanisms mentioned below delegate to an AuthenticationManager
, an Acegi Security type, to make the authentication decision. Out-of-the-box authentication mechanisms provided by the platform are form, basic, and request parameter.
Form-Based Authentication
Form-based authentication lets developers customize the authentication user interface. While the J2EE specifications provide a standard way to specify the login page URL access requirements, there still is container-specific configuration to specify how to read usernames and passwords from a security datastore. This is one reason that the platform uses Acegi Security. The Acegi Security class that processes form posts is AuthenticationProcessingFilter
.
Login Page
Logout Page
Basic Authentication
Basic authentication is part of the HTTP specification. It is simple but relatively inflexible. Acegi Security implements Basic authentication using BasicProcessingFilter
and BasicProcessingFilterEntryPoint
.
Request Parameter Authentication
RequestParameterAuthenticationFilter
provides security services for Pentaho Spreadsheet Services (PSS). It allows the user requesting access to provide his or her username and password on the query string of the URL. The credentials are unencrypted.