Creating Your Own Security Data Access Object
Custom Security DAO
If the out-of-the-box security DAOs (memory, jdbc, and ldap) do not meet your needs, here are instructions for creating your own. Security Data Access Objects introduces the two key interfaces that fetch security data: UserDetailsService
and IUserRoleListService
. In order to implement a new security data access object, one needs to implement UserDetailsService, a Spring Security interface, and IUserRoleListService, a Pentaho interface.
Implement UserDetailsService
UserDetailsService
defines a single method:
UserDetails loadUserByUsername(String username)
Given a username, it returns a UserDetails
instance. A UserDetails
object can return the username, password, authorities (also known as roles), account expired status, password expired status, account locked status, and account enabled status associated with the username passed to the loadUserByUsername
method.
Implement IUserRoleListService
IUserRoleListService defines four methods:
Method |
Purpose |
---|---|
|
Return all authorities (also known as roles) that should be known to Pentaho. |
|
Return all usernames that should be known to Pentaho. |
|
Return the usernames that have been granted the given authority. Another way of stating this is, "What users are in the given role." |
|
Return the authorities that have been granted to the given username. This list should be exactly the same as |
Configure Your UserDetailsService Implementation
Make a copy of pentaho-solutions/system/applicationContext-spring-security-jdbc.xml
. Name the copy {{applicationContext-spring-security-mydao.xml
. Replace the bean definition with an id of userDetailsService
(keeping the same id) with your bean definition.
Configure Your IUserRoleListService Implementation
Make a copy of pentaho-solutions/system/applicationContext-pentaho-security-jdbc.xml
. Name the copy {{applicationContext-pentaho-security-mydao.xml
. Replace the bean definition with an id of jdbcUserRoleListService
(renaming the id if you like) with your bean definition. Now change userRoleListService
property of the bean definition with an id of pentahoUserRoleListService
to refer to your new bean. For example, if you called your new bean myUserRoleListService
, your userRoleListService
property would look like this:
<property name="userRoleListService"> <ref local="myUserRoleListService" /> </property>
Start Using Your Implementations
Edit pentaho-solutions/system/pentaho-spring-beans.xml
and change the includes to reference your new applicationContext-spring-security-mydao.xml
and applicationContext-pentaho-security-mydao
files. It should look like this when you are done:
<beans> <import resource="pentahoSystemConfig.xml" /> <import resource="adminPlugins.xml" /> <import resource="systemListeners.xml" /> <import resource="sessionStartupActions.xml" /> <import resource="applicationContext-spring-security.xml" /> <import resource="applicationContext-common-authorization.xml" /> <import resource="applicationContext-spring-security-mydao.xml" /> <import resource="applicationContext-pentaho-security-mydao.xml" /> <import resource="pentahoObjects.spring.xml" /> </beans>