Hitachi Vantara Pentaho Community Forums
Results 1 to 2 of 2

Thread: Pentaho 6.0.0 enable sso with shibboleth

  1. #1
    Join Date
    Nov 2013
    Posts
    4

    Default Pentaho 6.0.0 enable sso with shibboleth

    I im tryng to integrate shibboleth sso in Pentaho 6.0.0.
    I have changed the file "applicationContext-spring-secuity.xml" with th following setting.


    Code:
    <!-- ======================== FILTER CHAIN ======================= -->
      <!--
          if you wish to use channel security, add "channelProcessingFilter," in
          front of "httpSessionContextIntegrationFilter" in the list below
      -->
      <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
          <value>
            <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            /webservices/**=shibbolethFilter,securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
            /api/**=shibbolethFilter,securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
            /plugin/**=shibbolethFilter,securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
            /**=shibbolethFilter,securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor]]>
          </value>
        </property>
      </bean>
      
      
      <bean id="shibbolethFilter"
     class="org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter">
     <property name="principalRequestHeader" value="REMOTE_USER"/>
     <property name="authenticationManager" ref="authenticationManager" />
     </bean>
    
    <bean id="shibPreAuthProvider"
     class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
        <property name="order" value="100"/>
      <property name="preAuthenticatedUserDetailsService">
       <bean id="userDetailsServiceWrapper" 
        class="org.springframework.security.userdetails.UserDetailsByNameServiceWrapper">
              <property name="userDetailsService" ref="userDetailsService"/>
             </bean> 
           </property>
    </bean>
    
    
    
      <!-- ======================== AUTHENTICATION ======================= -->
      <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
          <list>
            <pen:bean class="org.springframework.security.providers.AuthenticationProvider"/>
      <ref bean="shibPreAuthProvider" />
      
          </list>
        </property>
      </bean>
    From log and debu i see that spring objects "org.springframework.security.ui.preauth.header.RequestHeaderPreAuthenticatedProcessingFilter" and "org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider" works correctly because i see property of the user filled correctly., but the ui show an error "Sorry. We really did try. Something went wrong. Please try again or contact your administrator".

    In the log i see this error:
    10-Dec-2015 17:02:34.486 SEVERE [ajp-apr-8009-exec-7] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [GenericServlet] in context with path [/pentaho] threw exception
    java.lang.IllegalStateException
    at org.pentaho.platform.engine.core.system.TenantUtils.getCurrentTenant(TenantUtils.java:45)
    at org.pentaho.platform.engine.core.system.TenantUtils.isAccessibleTenant(TenantUtils.java:68)
    at org.pentaho.platform.security.userroledao.jackrabbit.AbstractJcrBackedUserRoleDao.getUser(AbstractJcrBackedUserRoleDao.java:639)
    at org.pentaho.platform.security.userroledao.jackrabbit.JcrUserRoleDao$13.doInJcr(JcrUserRoleDao.java:323)
    at org.springframework.extensions.jcr.JcrTemplate.execute(JcrTemplate.java:89)
    at org.springframework.extensions.jcr.JcrTemplate.execute(JcrTemplate.java:115)
    at org.pentaho.platform.security.userroledao.jackrabbit.JcrUserRoleDao.getUser(JcrUserRoleDao.java:320)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at com.sun.proxy.$Proxy80.getUser(Unknown Source)
    at org.pentaho.platform.security.userroledao.service.UserRoleDaoUserDetailsService.loadUserByUsername(UserRoleDaoUserDetailsService.java:84)
    at org.springframework.security.userdetails.UserDetailsByNameServiceWrapper.loadUserDetails(UserDetailsByNameServiceWrapper.java:34)
    at org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider.authenticate(PreAuthenticatedAuthenticationProvider.java:82)
    at org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:188)
    at org.springframework.security.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:46)
    at org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter.doAuthenticate(AbstractPreAuthenticatedProcessingFilter.java:96)
    at org.springframework.security.ui.preauth.AbstractPreAuthenticatedProcessingFilter.doFilterHttp(AbstractPreAuthenticatedProcessingFilter.java:67)
    at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53)
    at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:411)
    at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:188)
    at org.springframework.security.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:99)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.pentaho.platform.web.http.filters.SystemStatusFilter.doFilter(SystemStatusFilter.java:55)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.pentaho.platform.web.http.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:114)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.pentaho.platform.web.http.filters.WebappRootForwardingFilter.doFilter(WebappRootForwardingFilter.java:70)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.pentaho.platform.web.http.filters.PentahoPathDecodingFilter.doFilter(PentahoPathDecodingFilter.java:34)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
    at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:844)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2503)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2492)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Unknown Source)

    it seems that there is a problem with the correct instantiation of the session in Pentaho
    other people have the same problem
    http://stackoverflow.com/questions/3...n-returns-null
    anyone could help?

  2. #2
    Join Date
    Nov 2013
    Posts
    4

    Default

    I have made some further investigation, and i have verifyed that the problem is the penthao session not instantiated.
    package org.pentaho.platform.engine.core.system;
    package org.pentaho.platform.engine.core.system;
    In the class InheritableThreadLocalPentahoSessionHolderStrategy
    the method getSession() return null
    Code:
     public IPentahoSession getSession() {
     IPentahoSession sess = perThreadSession.get(); ****** THIS RETURN NULL*********
     if ( sess == null ) {
     // In a perfect world, the platform should never be in a state where session is null, but we are not there
     // yet.
     // Not all places
     // that instance sessions use the PentahoSessionHolder yet, so we will not make a fuss here if session is
     // null.
     // When PentahoSessionHolder
     // is fully integrated with all sessions, then we should probably throw an exception here since in that case
     // a
     // null session means
     // the system is in an illegal state.
     logger.debug( Messages.getInstance().getString(
     "PentahoSessionHolder.WARN_THREAD_SESSION_NULL", Thread.currentThread().getName() ) ); //$NON-NLS-1$
     }
     return sess;
     }
    Why using RequestHeaderPreAuthenticatedProcessingFilter, penthao session is not correct instantiated? spring or penthao bug?
    Last edited by lorenzom; 12-14-2015 at 05:43 AM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.