Type: New Feature
Affects Version/s: 4.8.1 GA (4.8.1 GA Suite Release), 4.8.2 GA (4.8.2 GA Suite Release), 4.8.3 GA, 22.214.171.124 GA, 126.96.36.199 GA, 5.0.0 GA (5.0.0 GA Suite Release), 5.0.1 GA, 5.0.2 GA, 5.0.3 GA, 5.0.4 GA
Fix Version/s: 5.1.0 Backlog
QA Validation Status:
(taken from https://github.com/webdetails/bi-platform-engine-security-multipleuserrole)
We needed to add support for multiple authentication in Pentaho. Currently, there are several providers that can be used, like LDAP, hibernate and jdbc, but it's not possible to use several at the same time.
Pentaho doesn't allow for that out of the box, but it's simple enough, so we created a project to do just that, than you can find on github
This project allows for that by implementing a bean that will cycle through all the desired providers
This project is hosted at https://github.com/webdetails/bi-platform-engine-security-multipleuserrole
How to use
Following this steps should get you going:
Compile the project
Just run ant and you shuold be all set
Deploy the jar in Pentaho
Copy the resulting file to pentaho's lib dir, (eg: /opt/pentaho/server/webapps/pentaho/WEB-INF/lib/).
Copy the muiltiple provider spring config files to solution/system
Copy the following files from resources/ to pentaho-solutions/system/:
Change pentaho-spring-beans.xml to load the new files
Instead of loading one of the individual files (defaults to hibernate authentication), tell pentaho to instead load the new configuration files.
pentaho-spring-beans.xml should then look something like:
<import resource="pentahosystemconfig.xml" />
<import resource="adminplugins.xml" />
<import resource="systemlisteners.xml" />
<import resource="sessionstartupactions.xml" />
<import resource="applicationcontext-spring-security.xml" />
<import resource="applicationcontext-common-authorization.xml" />
<import resource="applicationcontext-spring-security-multiple.xml" />
<import resource="applicationcontext-pentaho-security-multiple.xml" />
<import resource="pentahoobjects.spring.xml" />
Note: This snippet is taken from pentaho 4.8, different versions may have files with different content
Change the list of providers in applicationContext-spring-security.xml
In applicationContext-spring-security.xml, look for a bean named authenticationManager, and add the providers you want. If you're using the sample file applicationContext-spring-security-multiple.xml, the 2 referenced beans are called daoAuthenticationProvider and daoAuthenticationProvider2. You're not limited to just 2 providers.
Edit applicationContext-spring-security-multiple.xml and
applicationContext-pentaho-security-multiple.xml for your case
This is the part where you configure the types of authentication you want. Even if it seems complicated at first, you'll notice that the 2 configuration files for multiple authentication are simply a concatenations of the individual files provided by pentaho, making sure the bean names don't colide.
On this example case we have hibernate and memory authentication joined together.
Launch the bi-server
Launch the BI server and hopefully you're all set.
Of course this won't work out of the box. Pay close attention to the logs. One of the most common errors is bean id collision, which is reported in the pentaho logs.
One other option is setting the spring logs to debug in log4j.xml
Questions / doubts