Hitachi Vantara Pentaho Community Forums
Results 1 to 5 of 5

Thread: Limiting access to Xactions based on J2EE roles?

  1. #1
    Join Date
    Feb 2006
    Posts
    27

    Default Limiting access to Xactions based on J2EE roles?

    Anyone know of a method to limit access to XActions based on a users J2EE role? I can do a filter of the URL in the web.xml, but thats kinda limited and not very secure.

    thanks,

  2. #2
    Join Date
    Nov 1999
    Posts
    579

    Default Re:Limiting access to Xactions based on J2EE roles

    If you're using JBoss Portal, you can do it with portlet properties. If not, then the default "example" UI that Pentaho provides would need to be augmented and/or replaced.

    Bear in mind that the PCI (pre-configured install) just shows a couple of possibilities of what a UI could be. It's by no means a "product" UI. What we're providing in the platform for a UI is a mere sample of what a UI could be (portlet and JSP) because it's hard to demonstrate a platform without some kind of user interface. It's really not intended to be a production UI.

    If you need to limit access to items in the solution tree based on role, and your using the sample UI, I suggest you look at the navigate.jsp and modify so that it fits your requirements.

    I hope this helps,

    Marc

  3. #3
    Join Date
    Feb 2006
    Posts
    27

    Default Re:Limiting access to Xactions based on J2EE roles

    Marc Batchelor wrote:
    If you're using JBoss Portal, you can do it with portlet properties. If not, then the default "example" UI that Pentaho provides would need to be augmented and/or replaced.

    Bear in mind that the PCI (pre-configured install) just shows a couple of possibilities of what a UI could be. It's by no means a "product" UI. What we're providing in the platform for a UI is a mere sample of what a UI could be (portlet and JSP) because it's hard to demonstrate a platform without some kind of user interface. It's really not intended to be a production UI.

    If you need to limit access to items in the solution tree based on role, and your using the sample UI, I suggest you look at the navigate.jsp and modify so that it fits your requirements.

    I hope this helps,

    Marc
    I understand that the Pentaho_Demo is not intended to be a 'real' application interface. However I need to come up with a proof of concept before I move forward with devloping one. So far I have most of the major problems solved. I've got a single sign on solution running and I've been able to pass XML from the Lotus Domino server to the Pentaho classes in an xaction file. However, I need to have a layer of security in place that I'm just not seeing yet.

    I've looked over the navigate.jsp and I'm not seeing anything that will help address the security issues I face.

    The problem as I see it is that I need to hardcode the database connection in the xaction file. Thereafter, I have no way of stopping any user from accessing any of the xactions. If they can get at one they can get at them all.

    I can use the SSO token and the J2EE roll to filter access based on the url. But that wont realy block access to the xaction files.

    My hope was that the xactions could pass the J2EE roll on to the database server or block access to the xaction itself by the J2EE roll or the LPTA token.

  4. #4

    Default Re:Limiting access to Xactions based on J2EE roles

    I am also interested in this - has a solution been found for this problem yet?

    I was originally looking at per-solution security, but per-xaction makes more sense for finer-grain control.

  5. #5

    Default Re:Limiting access to Xactions based on J2EE roles

    I am also interested in this - has a solution been found for this problem yet?

    I was originally looking at per-solution security, but per-xaction makes more sense for finer-grain control.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.