The security features of the Pentaho BI Platform cannot be removed. However, they can be effectively removed by using the following steps. Essentially, the idea is to create a single user and role and give system-wide access to that user.
- Allow anonymous access to all web resources by editing the
objectDefinitionSource
on theFilterSecurityInterceptor
to look like the example below. - Use
PentahoAllowAnonymousAclVoter
as yourIAclVoter
implementation. See 03. pentaho.xml for a description of how to configure this voter. When configuring this voter, you will define the anonymous user and role. That user and/or role should be used when assigning ACLs. - Assign ACLs using the user and role defined in the previous step.
applicationContext-acegi-security.xml
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref local="httpRequestAccessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=ROLE_ANONYMOUS ]]> </value> </property> </bean>