PDA

View Full Version : JBoss & Mondrian



clavigne
12-09-2006, 11:13 AM
I added a security constraint to the PCI R3 with the url pattern of /*. Authentication works well, however there appears to be a problem when I access cubes (reports and dashboards are ok). The relevant portion of the log is:

09:38:58,603 ERROR [OlapModelTag]
mondrian.olap.MondrianException: Mondrian Error:Internal error: while parsing catalog.

When I attempt to access the catalog schema file directly, I am forced to re-authenticate - I'm guessing this is the source of the problem. When I remove the security constraint, everything is fine.

Is there a fix to Pivot.jsp or somewhere else I could use to work around this issue? Some other work-around?

Thanks.

qinhui99
12-11-2006, 06:06 AM
I use Acegi as the security controll. If I give GetMondrianModel a ROLE_ANONYMOUS,then /* will be ok for jpivot view. Otherwise, /* will fail. Check the log in detail, I found when the core program redirect to GetMondrianModel. Though I had logined in, it still asked for authorized information for GetMondrianModel. It seems that it lost the user info after redirect to GetMondrianModel. So there will be a error for the request failing to pass the Secure. It is a bug of Pentaho Components.

clavigne
12-11-2006, 01:08 PM
i think your workaround is for acegi, is there something similar for jaas?

jhogan
12-12-2006, 10:40 AM
Try securing all servlets except GetMondrianModel. It seems to be working well for me, though I haven't tested everything. I'm also using JOSSO but it should also work using a straight JAAS setup.

Something like this....



<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
<url-pattern>/ViewAction</url-pattern>
<url-pattern>/ServiceAction</url-pattern>
<url-pattern>/Navigate</url-pattern>
<url-pattern>/Publish</url-pattern>
<url-pattern>/SchedulerAdmin</url-pattern>
<url-pattern>/Task</url-pattern>
<url-pattern>/SolutionManager</url-pattern>
<url-pattern>/BackgroundExecutionStatus</url-pattern>
<url-pattern>/RepositoryFilePublisher</url-pattern>
<url-pattern>/Pivot</url-pattern>
<url-pattern>/Admin</url-pattern>
<url-pattern>/UserContent</url-pattern>
<url-pattern>/PivotError</url-pattern>
<url-pattern>/PivotBusy</url-pattern>
<url-pattern>/Home</url-pattern>
<url-pattern>/InitFailure</url-pattern>
<url-pattern>/DisplayChart</url-pattern>
<url-pattern>/Print</url-pattern>
<url-pattern>/GetChart</url-pattern>
<url-pattern>/Xmla</url-pattern>
<url-pattern>/content</url-pattern>
<url-pattern>/getImage</url-pattern>
<url-pattern>/GetContent</url-pattern>
<http-method>HEAD</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>PentahoUser</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>