Pentaho Servlet Integrator allows you to call from a Third Party App any analyse, dashboard, report etc from the Pentaho without pass user/password on the URL.
How does it work ?
- First, the user authenticate on their application. From some menu, he/she asks to access some resource on the Pentaho, such as, a report or a dashboard.
- Second, their application must maintain the tokensbi table inserting a new record, storing username / tokenid / url.
username: the same username must be created on the Pentaho.
tokenid: in our case we use jsessionid as token.
url: the url from the resource on the Pentaho Server. - Third, the application do a sendRedirect to
http://pentaho-server:8080/pentaho/Integrator?token=<tokenid>&url=<url_enconded_base64> - Then, Pentaho server will decode the url and try do a select on tokensbi table, filtering by tokenid and url.
- So, If tokenid/url is valid, Pentaho server will create an authenticated session for the user.
How to use it
- Download Pentaho Servlet Integrator
svn checkout http://pentaho-servlet-integrator.googlecode.com/svn/trunk/ pentaho-servlet-integrator-read-only
- Save Integrator.jsp on the folder biserver-ce\tomcat\webapps\pentaho\jsp
- Add the following configurations on the file web.xml
<servlet> <servlet-name>Integrator</servlet-name> <jsp-file>/jsp/Integrator.jsp</jsp-file> </servlet>
<servlet-mapping> <servlet-name>Integrator</servlet-name> <url-pattern>/Integrator</url-pattern> </servlet-mapping>
- Add the following configuration on the file system\applicationContext-spring-security.xml
\A/integrator.*\Z=Anonymous,Authenticated
after the lines
<![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
- Create a table called tokensbi
CREATE TABLE public.tokensbi ( id bigint NOT NULL DEFAULT nextval(('public.toke_seq'::text)::regclass), username character varying(32) NOT NULL, token character varying(100) NOT NULL, url character varying(255) NOT NULL, created timestamp without time zone NOT NULL DEFAULT clock_timestamp(), CONSTRAINT toke_id_pk PRIMARY KEY (id), CONSTRAINT toke_uk UNIQUE (username, url) )
- Create on the Pentaho Server a new database connection that has access on the tokensbi table.
- Edit Integrator.jsp and update the variable DatabaseJndiName, setting the name defined for the new connection.
- Change the application to insert a new record on tokensbi table each time that the user click to access some Pentaho resource.
5 comentários:
Primeiramente quero agradecer ao seu Post, que está com ótima qualidade .
Bom dia,
Kleyson, essa sua implementação funciona corretamente no Pentaho 5.0 ? Eu fiz uma conexão com a Base do Hipersonic do 5.0 e vi que ele parece não estar utilizando ela, aguardo resposta, obrigado .
very useful information.
wow.. thanks for the trick...
Nice information, thanks for your articles
thanks for info
Postar um comentário