Opening Up Some Action Sequences for Anonymous Access
- Former user (Deleted)
Owned by Former user (Deleted)
If you want to disable security for a particular action sequence, you'll need to (1) set the appropriate access control list (ACL) entries on the action sequence, (2) switch your IAclVoter implementation, and (3) adjust the authorization rules for the ViewAction servlet in applicationContext-spring-security.xml.
Assume that you have a folder named public in the solution named myorgfinance that you want to open up to unauthenticated (i.e. anonymous) users. In other words, you want to allow anonymous users to run any action sequence in the public folder of the myorgfinance solution.
- Login to the Pentaho User Console as a Pentaho administrator.
- Navigate to the
publicfolder in themyorgfinancesolution. - Right-click the
publicfolder and click Properties. - Click on the Share tab.
- Grant appropriate permissions (for example, Execute) to the role named
Anonymous. - Open
pentahoObjects.spring.xmland change theIAclVoterimplementation class toorg.pentaho.platform.engine.security.acls.voter.PentahoAllowAnonymousAclVoter. Note thatPentahoAllowAnonymousAclVoterdoes not by itself allow access by anonymous users to anything--it simply creates an anonymous token for use in voting decisions. You still have to grant access to theAnonymousrole (like you did in the steps above).- If your file makes use of metadata, you will need to adjust the protections accordingly. As an alternative, you can disable metadata security completely by changing the class of the bean with id
IMetadataDomainRepositorytoorg.pentaho.platform.plugin.services.metadata.MetadataDomainRepository. This will apply for all files!
- If your file makes use of metadata, you will need to adjust the protections accordingly. As an alternative, you can disable metadata security completely by changing the class of the bean with id
- Open
applicationContext-spring-security.xml, located in thepentaho-solutions/system, and edit thefilterInvocationInterceptorbean'sobjectDefinitionSourceproperty.Warning: All characters between the
\Aand\Zmust be lowercase in order for a match to occur.applicationContext-spring-security.xml... \A/viewaction.*solution.myorgfinance.*path.public.*\Z=Anonymous,Authenticated ... \A/.*\Z=Authenticated
- Example to open up ALL PRPTs:
applicationContext-spring-security.xml
... \A/js.browserlocale.js.*\Z=Anonymous,Authenticated \A/content/reporting.*\Z=Anonymous,Authenticated ... \A/.*\Z=Authenticated
- Example to open up ALL PRPTs:
- Restart the Pentaho BI Server.