Opening Up Some Action Sequences for Anonymous Access
If you want to disable security for a particular action sequence, you'll need to (1) set the appropriate access control list (ACL) entries on the action sequence, (2) switch your IAclVoter
implementation, and (3) adjust the authorization rules for the ViewAction
servlet in applicationContext-spring-security.xml
.
Assume that you have a folder named public
in the solution named myorgfinance
that you want to open up to unauthenticated (i.e. anonymous) users. In other words, you want to allow anonymous users to run any action sequence in the public
folder of the myorgfinance
solution.
- Login to the Pentaho User Console as a Pentaho administrator.
- Navigate to the
public
folder in themyorgfinance
solution. - Right-click the
public
folder and click Properties. - Click on the Share tab.
- Grant appropriate permissions (for example, Execute) to the role named
Anonymous
. - Open
pentahoObjects.spring.xml
and change theIAclVoter
implementation class toorg.pentaho.platform.engine.security.acls.voter.PentahoAllowAnonymousAclVoter
. Note thatPentahoAllowAnonymousAclVoter
does not by itself allow access by anonymous users to anything--it simply creates an anonymous token for use in voting decisions. You still have to grant access to theAnonymous
role (like you did in the steps above).- If your file makes use of metadata, you will need to adjust the protections accordingly. As an alternative, you can disable metadata security completely by changing the class of the bean with id
IMetadataDomainRepository
toorg.pentaho.platform.plugin.services.metadata.MetadataDomainRepository
. This will apply for all files!
- If your file makes use of metadata, you will need to adjust the protections accordingly. As an alternative, you can disable metadata security completely by changing the class of the bean with id
- Open
applicationContext-spring-security.xml
, located in thepentaho-solutions/system
, and edit thefilterInvocationInterceptor
bean'sobjectDefinitionSource
property.Warning: All characters between the
\A
and\Z
must be lowercase in order for a match to occur.applicationContext-spring-security.xml... \A/viewaction.*solution.myorgfinance.*path.public.*\Z=Anonymous,Authenticated ... \A/.*\Z=Authenticated
- Example to open up ALL PRPTs:
applicationContext-spring-security.xml
... \A/js.browserlocale.js.*\Z=Anonymous,Authenticated \A/content/reporting.*\Z=Anonymous,Authenticated ... \A/.*\Z=Authenticated
- Example to open up ALL PRPTs:
- Restart the Pentaho BI Server.