Pentaho BA Platform
  1. Pentaho BA Platform
  2. BISERVER-7829

Support multiple provider authentication in pentaho

    Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Medium Medium
    • Resolution: Unresolved
    • Affects Version/s: 4.8.1 GA (4.8.1 GA Suite Release), 4.8.2 GA (4.8.2 GA Suite Release), 4.8.3.0 GA, 4.8.3.2 GA, 4.8.3.3 GA, 5.0.0 GA (5.0.0 GA Suite Release), 5.0.1 GA, 5.0.2 GA, 5.0.3 GA, 5.0.4 GA
    • Fix Version/s: Not Planned
    • Component/s: Administration, Security
    • Labels:
      None
    • Customer Case:
    • Notice:
      When an issue is open, the "Fix Version/s" field conveys a target, not necessarily a commitment. When an issue is closed, the "Fix Version/s" field conveys the version that the issue was fixed in.
    • QA Validation Status:
      Not Yet Validated

      Description

      (taken from https://github.com/webdetails/bi-platform-engine-security-multipleuserrole)

      Objective

      We needed to add support for multiple authentication in Pentaho. Currently, there are several providers that can be used, like LDAP, hibernate and jdbc, but it's not possible to use several at the same time.

      Pentaho doesn't allow for that out of the box, but it's simple enough, so we created a project to do just that, than you can find on github

      This project allows for that by implementing a bean that will cycle through all the desired providers

      Source code

      This project is hosted at https://github.com/webdetails/bi-platform-engine-security-multipleuserrole

      How to use

      Following this steps should get you going:
      Compile the project

      Just run ant and you shuold be all set
      Deploy the jar in Pentaho

      Copy the resulting file to pentaho's lib dir, (eg: /opt/pentaho/server/webapps/pentaho/WEB-INF/lib/).
      Copy the muiltiple provider spring config files to solution/system

      Copy the following files from resources/ to pentaho-solutions/system/:

      applicationContext-pentaho-security-multiple.xml
      applicationContext-spring-security-multiple.xml

      Change pentaho-spring-beans.xml to load the new files

      Instead of loading one of the individual files (defaults to hibernate authentication), tell pentaho to instead load the new configuration files.

      pentaho-spring-beans.xml should then look something like:

      <beans>
      <import resource="pentahosystemconfig.xml" />
      <import resource="adminplugins.xml" />
      <import resource="systemlisteners.xml" />
      <import resource="sessionstartupactions.xml" />
      <import resource="applicationcontext-spring-security.xml" />
      <import resource="applicationcontext-common-authorization.xml" />
      <import resource="applicationcontext-spring-security-multiple.xml" />
      <import resource="applicationcontext-pentaho-security-multiple.xml" />
      <import resource="pentahoobjects.spring.xml" />
      </beans>

      Note: This snippet is taken from pentaho 4.8, different versions may have files with different content
      Change the list of providers in applicationContext-spring-security.xml

      In applicationContext-spring-security.xml, look for a bean named authenticationManager, and add the providers you want. If you're using the sample file applicationContext-spring-security-multiple.xml, the 2 referenced beans are called daoAuthenticationProvider and daoAuthenticationProvider2. You're not limited to just 2 providers.
      Edit applicationContext-spring-security-multiple.xml and

      applicationContext-pentaho-security-multiple.xml for your case

      This is the part where you configure the types of authentication you want. Even if it seems complicated at first, you'll notice that the 2 configuration files for multiple authentication are simply a concatenations of the individual files provided by pentaho, making sure the bean names don't colide.

      On this example case we have hibernate and memory authentication joined together.
      Launch the bi-server

      Launch the BI server and hopefully you're all set.
      Troubleshooting

      Of course this won't work out of the box. Pay close attention to the logs. One of the most common errors is bean id collision, which is reported in the pentaho logs.

      One other option is setting the spring logs to debug in log4j.xml
      Questions / doubts

        Activity

        Hide
        Pedro Alves added a comment -

        In order to implement this in 4.x codebase, this file has to be added to project bi-platform-engine-security:

        https://raw.github.com/webdetails/bi-platform-engine-security-multipleuserrole/master/src/org/pentaho/platform/engine/security/userrole/MultiUserRoleListService.java

        And this is the diff for bi-platform-sample-solution:

        Index: system/applicationContext-spring-security.xml
        ===================================================================
        — system/applicationContext-spring-security.xml (revision 51183)
        +++ system/applicationContext-spring-security.xml (working copy)
        @@ -26,6 +26,8 @@
        <property name="providers">
        <list>
        <ref bean="daoAuthenticationProvider" />
        + <!-- For multiple authentications, uncomment / modify the following line -->
        + <!-ref bean="daoAuthenticationProvider2" /->
        <ref local="anonymousAuthenticationProvider" />
        </list>
        </property>
        @@ -222,4 +224,4 @@
        </value>
        </property>
        </bean>
        -</beans>
        \ No newline at end of file
        +</beans>

        Show
        Pedro Alves added a comment - In order to implement this in 4.x codebase, this file has to be added to project bi-platform-engine-security: https://raw.github.com/webdetails/bi-platform-engine-security-multipleuserrole/master/src/org/pentaho/platform/engine/security/userrole/MultiUserRoleListService.java And this is the diff for bi-platform-sample-solution: Index: system/applicationContext-spring-security.xml =================================================================== — system/applicationContext-spring-security.xml (revision 51183) +++ system/applicationContext-spring-security.xml (working copy) @@ -26,6 +26,8 @@ <property name="providers"> <list> <ref bean="daoAuthenticationProvider" /> + <!-- For multiple authentications, uncomment / modify the following line --> + <!- ref bean="daoAuthenticationProvider2" / -> <ref local="anonymousAuthenticationProvider" /> </list> </property> @@ -222,4 +224,4 @@ </value> </property> </bean> -</beans> \ No newline at end of file +</beans>
        Hide
        Pedro Alves added a comment -

        BTW - this should be ported to sugar too

        Show
        Pedro Alves added a comment - BTW - this should be ported to sugar too
        Hide
        Pedro Alves added a comment -

        This seems to be a dup of SERVDEV-18, which is marked as resolved

        Show
        Pedro Alves added a comment - This seems to be a dup of SERVDEV-18, which is marked as resolved
        Hide
        Pedro Alves added a comment - - edited

        We fixed SERVDEV-18, which is basically... this

        All details here: https://github.com/webdetails/bi-platform-engine-security-multipleuserrole

        Show
        Pedro Alves added a comment - - edited We fixed SERVDEV-18, which is basically... this All details here: https://github.com/webdetails/bi-platform-engine-security-multipleuserrole

          People

          • Assignee:
            Unassigned User
            Reporter:
            Pedro Alves
          • Votes:
            10 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated: