Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Interactive Login

When a user enters his or her username and password and clicks submit on a login form, it is referred to as an interactive login. The act of processing that form post is called authentication. Note that authentication is a prerequisite to authorization. The Pentaho Professional BI Platform uses Acegi Security to process authentication requests. All of the authentication mechanisms mentioned below delegate to an AuthenticationManager, an Acegi Security type, to make the authentication decision. Out-of-the-box authentication mechanisms provided by the platform are form, basic, and request parameter.

Form-Based Authentication

Form-based authentication lets developers customize the authentication user interface. While the J2EE specifications provide a standard way to specify the login page URL access requirements, there still is container-specific configuration to specify how to read usernames and passwords from a security datastore. This is one reason that the platform uses Acegi Security. The Acegi Security class that processes form posts is AuthenticationProcessingFilter.

Login Page

Below are some screenshots of the login page in different states. To customize this page, including changing strings, see Customizing the Login Page.

Login Page

Blank Login Form

Login Form After Bad Credentials Submitted


This is the message that a user will get if a username and password combination is unrecognized.

Login Form After Generic Security Error


This is the message that a user will get if there is a generic security error, such as the security datastore being unavailable. The root cause will be in the log.

Login Form While Logged In

Login Form After Session Re-Use Detected


This is the message that a user will get if he or she attempts to login again without first logging out. See HttpSessionReuseDetectionFilter.

Logout Page

There is no logout page. The page to which a user is redirected after a logout is specified in the logoutFilter bean in applicationContext-acegi-security.xml.

Basic Authentication

Basic authentication is part of the HTTP specification. It is simple but relatively inflexible. Acegi Security implements Basic authentication using BasicProcessingFilter and BasicProcessingFilterEntryPoint.

Request Parameter Authentication

RequestParameterAuthenticationFilter provides security services for Pentaho Spreadsheet Services (PSS). It allows the user requesting access to provide his or her username and password on the query string of the URL. The credentials are unencrypted.

  • No labels