Unfortunately, the core of Pentaho 5 it's totally different from Pentaho 4.8. So, the way to authenticate the user used by Pentaho Servlet Integrator cannot be used any more in the Pentaho 5.
The Integrator Plugin for Pentaho 5 is a new implementation with the same idea, but that works in the Pentaho 5 and was developed as a pentaho plugin instead of a servlet.
Note: The plugin was not tested in the Pentaho versions prior than 5.4.
How does it work ?
- First, the user authenticates on their application. From some menu, he/she asks to access some resource on the Pentaho, such as, a report or a dashboard.
- Second, the application must maintain a common database table and insert a new record with the username / tokenid / url.
username: a pentaho username to be used.
tokenid: in our case we use jsessionid as token.
url: the url from the resource on the Pentaho Server coded in base64.
Note: for the url doesn't use the http://server:port. Example:
Resource: http://localhost:8080/pentaho/Home?lang=pt-BR
Url: /pentaho/Home?lang=pt-BR - Third, after the application insert the record it must send a browser redirect to
http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=<tokenid>&urlEncoded==<url_enconded_base64> - Then, Pentaho server will decode the url and try do a select on the tokensbi table to filter the username to be used in the Pentaho session.
- So, If tokenid/url is valid, the Pentaho server will create an authenticated session and redirect the user to the Pentaho resource.
How to install ?
Use the Marketplace to install it.
How to use it ?
- Create a new JNDI connection in the Pentaho.
- Configure the new JNDI name into integrator.properties file.
- Do the proper configurations in the application.
Using a node.js app sample
To test the plugin, you can use an node.js app sample available in the folder resources/app-sample.
- Install node.js
- Install packages. In the folder app-sample execute npm install
- Configure the postgresConnectionString property in the config.js file to access the same database configured in the JNDI connection.
- Run the app: node server.js
- Test it: http://localhost:1010
Video (Portuguese)
Contribution
If somebody sees any improvement opportunity, please feel free to suggest and contribute with the project.
Enjoy it !!!
37 comentários:
This plugin is very usefull =]
Congratulations Kleyson!
Hi Kleyson,
I'm very interested in 'integrator plugin' but I can't make it work.
My enviroment is Pentaho 5.4 + Ubuntu Server + Mysql 5 as database for tokens_bi
Once installed integrator I made connection to my token database modifiyng context.xml and pentaho.xml and I rebooted Pentaho.
No errors in catalina.out after startup.
I don't know node.js, so i tried Integrator inserting a user, tokenid and url manually on tokens_bi table
username: admin
token: 1234
URL: L3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQVN0ZWVsIFdoZWVscyUzQURhc2hib2FyZHMl
M0FDVG9vbHNfZGFzaGJvYXJkLndjZGYvZ2VuZXJhdGVkQ29udGVudA==
(which is /pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent in base64 encoding)
Then, I put the following URL in a browser:
http://myserver:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=L3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQVN0ZWVsIFdoZWVscyUzQURhc2hib2FyZHMlM0FDVG9vbHNfZGFzaGJvYXJkLndjZGYvZ2VuZXJhdGVkQ29udGVudA==
And i get the following message
Integrator Error: Invalid token.
What I do wrong?
Thanks
Carles Massallé
Hi Carles,
That error happens because integrator couldn't find no record in the tokens_bi table that match TOKEN and URL.
Inside the plugin folder (pentaho-solutions/system/integrator) there is the integrator.properties file with some queries.
Try TokenQuery and TokenQueryCount and verify if you get some result. If not, try to fix and check if the integrator is working. If yes, let me know, we will have to dive deeper.
Regards.
In addition, you wrote "URL=..." in uppercase. Check if the column names are in lowercase.
Hi Kleyson,
I've revised integrator.properties and now it works great. Thanks.
Another issue.
I want to integrate Pentaho solutions which include GET parameters in URL (such as jpivot or reports).
For instance:
/pentaho/plugin/jpivot/Pivot?solution=&path=/home/me/test.xjpivot&action=test.xjpivot
Once encoded to base64 and decoded by Integrator URL looks like
/pentaho/plugin/jpivot/Pivot%3Fsolution%3D%26path%3D/home/me/test.xjpivot%26action%3Dtest.xjpivot
Where characters ?, & and = have been changed to UTF8 equivalents. Pentaho doesn't recognize them as GET parameters and show a 'not found' kind of error.
Any idea?
thank, carles
Hi,
I did some changes to fix it.
Try this new version: https://github.com/kleysonr/pentaho-integrator-plugin/releases/download/v0.2.0/integrator-0.2.0.zip
And let me know about the results.
Best Regards.
Hi Kleyson,
in a first view, base64 decoding works fine (no more problems with ?, = or &) but user get logged without any privilege, so he can't open any Pentaho solution.
I've just replaced integrator files and rebooted, perhaps I missed something.
carles.
Try this.
- Open browser and do login with the same user/password
- After try to open the same report link.
If it is some problem with permissions, you will get the same error.
Hi Kleyson,
I've already tried.
Report works fine when I do login to Pentaho manually.
When I use integrator with the same user and report, the report is not available but user session has been created. Opening servername:8080 in another browser shows that I'am still inside Pentaho, but Create new and Manage Datasources buttons are missing and Browse Files button lead to an empty repository.
I must say that my Pentaho intallation has LDAP authentication, but this setup worked fine with previous version of integrator (0.1.0)
Thanks for your help.
Hi Carles,
Sorry for the late reply. I had some big changes in my life.
Well, I really don't know if it works using LDAP.
Try to use your dashbords and reports in a default version of pentaho. If it works the problem is because LDAP.
Best regards.
Oi Kleyson,
Tudo bem? Excelente plugin.
Porém tenho uma dúvida, como posso fazer para adicionar usuários no pentaho por meio de uma outra aplicação?
Mateus,
De uma olhada nas API do pentaho
https://help.pentaho.com/Documentation/6.0/0R0/070/010/0D0/0O0
https://help.pentaho.com/Documentation/6.0/0R0/070/010/0D0
Parabéns Kleyson, muito bom este plugin, estava procurando uma solução para integração, funcionou perfeitamente! Estou usando Pentaho 6.1, só para deixar registrada a compatibilidade.
Eduardo
Olá Kleyson,
Estou tentando usar o plugin em um ambiente com MultiTenants que requer a substituição da classe em "IDBDatasourceService", estou recebendo o erro "Integrator Error: ERROR."
A substituição é esta (.../system/pentahoObjects.spring.xml):
por
-->
alguma sugestão para contornar o problema?
Ops, complementando... não apareceu na mensagem anterior
bean id="IDBDatasourceService" class="org.pentaho.platform.engine.services.connection.datasource.dbcp.DynamicallyPooledOrJndiDatasourceService" scope="singleton"
por
id="IDBDatasourceService" class="org.pentaho.platform.engine.services.connection.datasource.dbcp.tenantaware.TenantAwareLoginParsingDatasourceService" scope="singleton"
Resolvido, a propriedade deve ser false: property name="requireTenantId" value="false"
Olá Kleyson,
Consegui contornar quase todos os problemas para colocar em produção, faltou apenas um, ao ativar o Controle de Sessão o integrador não consegue passar o token e a url, cai sempre na tela de login do Pentaho e não dá nenhum erro, tirando o Controle de Sessão funciona perfeitamente.
http://wiki.pentaho.com/display/ServerDoc2x/Concurrent+Sessions+(Preventing+Users+from+Logging+in+More+Than+Once)
alguma ideia?
Ola Eduardo.
Desculpe pela demora, estava de ferias :)
Fico feliz em saber que o componente tem funcionado em ambiente diversos.
Mas com relacao a sua ultima duvida, e de acordo com a documentacao, faz sentindo nao funcionar, pois cada vez que vc chama o integrador o que acontece por baixo dos panos eh uma nova sessao autenticada e como ja deve existir alguma outra sessao ativa a plataforma nao permite que novas sessoes aconteca sem que a primeira seja finalizada.
Isso parece ser uma restricao devido a essa configuracao e nao uma limitacao do plugin.
Atenciosamente.
Kleyson Rios.
Obrigado Kleyson pelo esclarecimento, ajudou bastante!
Realmente faz sentido, não tinha pensado nisto, testei uma url passando login e senha e funcionou com sessão implantada, só preciso achar agora uma forma de dar logout no "user_integrator" após o integrador excluir o token na tabela.
Para testar fiz isto...
http://www.pentaho.com/pentaho/plugin/integrator/api/go?type=token&token=8923829378273&urlEncoded=URLURLURL&userid=user_integrator&password=Senha
Eduardo
Eduardo,
Se voce esta usando &userid=user_integrator&password=Senha nao faz sentido utilizar o Integrator, pois voce pode utilizar isso diretamente nos recursos que vc quer acessar.
O integrator foi criado para evitar ter que passar usuario e senha na URL.
Abracos.
Kleyson,
Realmente não faria sentido usar, usei apenas para ver se autenticava conforme está configurado no JNDI.
O que acontece é que passando o user na url o token é consumido, o que indica que o JNDI esta funcionando com a sessão implantada, isso me ajudou a comprovar o problema e descartar outros.
Abs,
Eduardo
Hi Kleyson. This integrator plugin works for pentaho 6.1?
i im trying of to test this manually but i get this error: Integrator Error: ERROR.
1. I have this resource in my PUC: http://localhost:8080/pentaho/api/repos/%3Apublic%3Acrmrealtime.wcdf/generatedContent
2. if i encode this in base64 i get this string: aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==
3. Then i insert this in my postgres database: INSERT INTO tokens_bi(username, token, url) VALUES ('admin', '1234', 'aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==')
4. I try of call this url: http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==
But as i told you i get this error: Integrator Error: ERROR.. How i can to fix this for pentaho 6.1? Maybe i need to enable allow url authentication in biserver? or i need to do other configuration in biserver?
Kleyson, by the last post by me, i change my url encoded in base64 from http://localhost:8080/pentaho/api/repos/%3Apublic%3Acrmrealtime.wcdf/generatedContent to /pentaho/Home?locale=en_US and in this page i conver this string to base 64 and i get this: L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM= and i insert this sql in my table: INSERT INTO tokens_bi(username, token, url) VALUES ('admin', '1234', 'L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM=') but i get the same error: "Integrator Error: ERROR". When y call this url in my google chrome: http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM=
What i need to fix?
Did you check the catalina.out log file to see if there are more details about the error ?
Did you test the app sample on Pentaho 6.1 ?
Might be some problem in the encoded url.
Best Regards.
Kleyson thank you. I could manually, i only restart my windows and this is OK. But if i execute node server.js i get this error: Magic happens on port 1010
{ error: password authentication failed for user "postgres"
In file config.js vs context.xml file. For example in context.xml i have this configuration:
and in config.js i have this
'port': process.env.PORT || 1010,
'secret': 'qwerty',
'postgresConnectionString': 'postgres://postgres:postgres@localhost:5432/postgres',
'createTableSql': 'CREATE TABLE public.tokens_bi(username character varying(32) NOT NULL, token character varying(100) NOT NULL, url character varying(255) NOT NULL)',
'insertTokenSql': 'INSERT INTO tokens_bi(username, token, url) VALUES ($1, $2, $3)',
'integratorPlugin': 'http://localhost:8080/pentaho/plugin/integrator/api/go',
Why i get this error when i run node server.js?
Check the 'postgresConnectionString'. There you need configure the credentials to connect on the postgres. In the sample is configured as user=postgres and pass=postgres.
If you have a different username and/or password, try to adjust this configuration.
Olá Kleyson.
Muito bom esse plugin, é exatamente o que eu estou precisando.
Estou tendo um probleminha aqui, e preciso da sua ajuda se é possível.
Como podes ver, estou lidando com esse erro e não consigo resolver.
Magic happens on port 1010
C:\Users\AngelaM\Downloads\biserver-ce\pentaho-solutions\system\integrator\resources\app-sample\node_modules\pg\lib\connection.js:109
self.emit(msg.name, msg);
^
TypeError: Cannot read property 'name' of undefined
at Socket. (C:\Users\AngelaM\Downloads\biserver-ce\pentaho-solutions\system\integrator\resources\app-sample\node_modules\pg\lib\connection.js:109:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20)
Hi, Does this plugin work on Pentaho 7.x.x?
Hi Kleyson,
Thank you very much for the Plugin!
I installed the Plugin in Pentaho Server 7.1.0.0.12, but when restarted the Server afert install the Plugin i had the following error in Catalina.out:
13:38:59,776 ERROR [Logger] Error: Pentaho
13:38:59,778 ERROR [Logger] misc-class org.pentaho.platform.plugin.services.pluginmgr.PentahoSystemPluginManager: PluginManager.ERROR_0011 - Failed to register plugin integrator
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oncas.biserver.security.helper.URLExposer#0' defined in file [/opt/pentaho/pentaho-server/pentaho-solutions/system/integrator/plugin.spring.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [oncas.biserver.security.helper.URLExposer]: No default constructor found; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/AuthenticationManager
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1105)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1050)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
...
Any idea?
Thank you very much!
Regards!
Funciona no Pentaho 8? Estou tentando configurar, sem sucesso.
Olá Kleyson, funciona no Pentaho 8? No 6.1 funciona muito bem, estou migrando um projeto para a versão 8.2, porém não estou conseguindo ativar.
Erro no "Catalina.out", pentaho 8.2:
14:41:03,396 ERROR [Logger] Error: Pentaho
14:41:03,397 ERROR [Logger] misc-class org.pentaho.platform.plugin.services.pluginmgr.PentahoSystemPluginManager: PluginManager.ERROR_0011 - Failed to register plugin integrator
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'oncas.biserver.security.helper.URLExposer#0' defined in file [/opt/pentaho/pentaho-server/pentaho-solutions/system/integrator/plugin.spring.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [oncas.biserver.security.helper.URLExposer]: No default constructor found; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/AuthenticationManager
Ola Eduardo.
Esse plugin nao eh mais compativel com essas versões mais novas.
Atenciosamente.
Kleyson Rios.
Puxa que pena, é realmente um ótimo plugin, vou tentar uma outra abordagem.
Obrigado Kleyson!
Abraço,
Eduardo
Postar um comentário