This project it's a sample of how embed the Pentaho server with a 3rd Web APP using a TOKEN hash.
- Video tutorial [pt_BR]
![Video tutorial [pt_BR]](https://img.youtube.com/vi/2dpNhCOVt7A/0.jpg)
Original code by Francisco Gregorio:
-
Authentication filter by token (EmbedLoginFilter)
-
Authentication Provider validating the token parameter by API rest (EmbedAuthenticationProvider)
-
APP-API (EmbedRestTemplate)
3.1. Search the user logged (UserDetails) by login (EmbedUserDetailService)
mvn clean
mvn compile
mvn install
After the build, copy the /target/embed-pentaho-1.0.jar file to pentaho-server/tomcat/webapps/pentaho/WEB-INF/lib/
Inside folder pentaho-server/pentaho-solutions/system
Create a new file as applicationContext-spring-security-embed.xml and copy the following code to inject the <bean> calls.
- EmbedRestTemplate
- EmbedAuthenticationProvider
- EmbedUserDetailService
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:pen="http://www.pentaho.com/schema/pentaho-system"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.pentaho.com/schema/pentaho-system http://www.pentaho.com/schema/pentaho-system.xsd" default-lazy-init="true">
<bean id="embedRestTemplate"
class="br.com.bovbi.embed.rest.EmbedRestTemplate">
<constructor-arg index="0" value="http://localhost:3000"/>
<constructor-arg index="1" value=""/>
</bean>
<bean id="embedAuthenticationProvider"
class="br.com.bovbi.embed.authentication.EmbedAuthenticationProvider">
<constructor-arg>
<ref bean="embedRestTemplate"/>
</constructor-arg>
<pen:publish as-type="org.springframework.security.authentication.AuthenticationProvider">
<pen:attributes>
<pen:attr key="providerName" value="embed"/>
</pen:attributes>
</pen:publish>
</bean>
<bean id="embedUserDetailsService" class="br.com.bovbi.embed.service.EmbedUserDetailService">
<pen:publish as-type="INTERFACES">
<pen:attributes>
<pen:attr key="providerName" value="embed"/>
</pen:attributes>
</pen:publish>
</bean>
</beans>Inject the new file in the ending of pentaho-spring-beans.xml to be imported.
<import resource="applicationContext-spring-security-embed.xml" />To inject the Login Filter, edit the file applicationContext-spring-security.xml
First add a <bean> tag containing:
<bean id="embedLoginFilter" class="br.com.bovbi.embed.filter.EmbedLoginFilter">
<constructor-arg ref="authenticationManager" />
<property name="authenticationSuccessHandler">
<bean class="br.com.bovbi.embed.authenticated.EmbedAuthenticationSuccessHandler">
<property name="targetUrlParameter" value="/Home" />
</bean>
</property>
</bean>- It's worth noting the presence of the property
targetUrlParameterpointing the URL to be redirected after successful login.
Add the embedLoginFilter bean inside the filter chain locate in the filterChainProxy bean definition
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<constructor-arg>
<util:list>
<sec:filter-chain
...In the filter chain with pattern="/**" add embedLoginFilter
- Attention to the position, because it is possible to have filters that alter the flow of the request!
- Add the
embedLoginFilterbefore thefilterInvocationInterceptor
<sec:filter-chain
pattern="/**"
filters="..., embedLoginFilter, filterInvocationInterceptor" />After injecting embedLoginFilter into the filter filterChainProxy, change the injection of ProviderManager to add EmbedAuthenticationProvider to the list of providers.
- Locate the
authenticationManagerbean definition
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<constructor-arg>
<util:list>
<pen:bean class="org.springframework.security.authentication.AuthenticationProvider"/>
<ref bean="anonymousAuthenticationProvider" />
...In the list being injected into the constructor, <constructor-arg>, add the bean AuthenticationProvider from embed in the first position
- It should look like this
<bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<constructor-arg>
<util:list>
<pen:bean class="org.springframework.security.authentication.AuthenticationProvider">
<pen:attributes>
<pen:attr key="providerName" value="embed"/>
</pen:attributes>
</pen:bean>
<pen:bean class="org.springframework.security.authentication.AuthenticationProvider"/>
<ref bean="anonymousAuthenticationProvider" />
</util:list>
...Inside the file pentahoObjects.spring.xml locate the UserDetailsService bean definition
<bean id="UserDetailsService" class="org.pentaho.platform.plugin.services.security.userrole.ChainedUserDetailsService">
<constructor-arg>
<list>
<ref bean="activeUserDetailsService"/>
<ref bean="systemUserDetailsService"/>
</list>
</constructor-arg>
</bean>Add embedUserDetailsService to the list of pentaho services
- It should look like this
<bean id="UserDetailsService" class="org.pentaho.platform.plugin.services.security.userrole.ChainedUserDetailsService">
<constructor-arg>
<list>
<ref bean="activeUserDetailsService"/>
<ref bean="embedUserDetailsService"/>
<ref bean="systemUserDetailsService"/>
</list>
</constructor-arg>
</bean>Restart the server and monitor the pentaho log file
tail -n 300 -f tomcat/logs/catalina.out Wait for the follow messages to be sure that is all right!
br.com.bovbi.embed.rest.EmbedRestTemplate - on
br.com.bovbi.embed.authentication.EmbedAuthenticationProvider - on
br.com.bovbi.embed.service.EmbedUserDetailService - on
br.com.bovbi.embed.filter.EmbedLoginFilter - onAccess the URL:
- http://localhost:8080/pentaho/embed-login?token=12345&url=/api/repos/:public:Steel Wheels:Dashboards:CTools_dashboard.wcdf/generatedContent