JBoss & Mondrian

[clavigne]

I added a security constraint to the PCI R3 with the url pattern of /*. Authentication works well, however there appears to be a problem when I access cubes (reports and dashboards are ok). The relevant portion of the log is:

09:38:58,603 ERROR [OlapModelTag]
mondrian.olap.MondrianException: Mondrian Error:Internal error: while parsing catalog.

When I attempt to access the catalog schema file directly, I am forced to re-authenticate - I'm guessing this is the source of the problem. When I remove the security constraint, everything is fine.

Is there a fix to Pivot.jsp or somewhere else I could use to work around this issue? Some other work-around?

Thanks.

[qinhui99]

I use Acegi as the security controll. If I give GetMondrianModel a ROLE_ANONYMOUS,then /* will be ok for jpivot view. Otherwise, /* will fail. Check the log in detail, I found when the core program redirect to GetMondrianModel. Though I had logined in, it still asked for authorized information for GetMondrianModel. It seems that it lost the user info after redirect to GetMondrianModel. So there will be a error for the request failing to pass the Secure. It is a bug of Pentaho Components.

[clavigne]

i think your workaround is for acegi, is there something similar for jaas?

[jhogan]

Try securing all servlets except GetMondrianModel. It seems to be working well for me, though I haven't tested everything. I'm also using JOSSO but it should also work using a straight JAAS setup.

Something like this....

Code:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Secure Content</web-resource-name>
    <url-pattern>/ViewAction</url-pattern>
    <url-pattern>/ServiceAction</url-pattern>
    <url-pattern>/Navigate</url-pattern>
    <url-pattern>/Publish</url-pattern>
    <url-pattern>/SchedulerAdmin</url-pattern>
    <url-pattern>/Task</url-pattern>
    <url-pattern>/SolutionManager</url-pattern>
    <url-pattern>/BackgroundExecutionStatus</url-pattern>
    <url-pattern>/RepositoryFilePublisher</url-pattern>
    <url-pattern>/Pivot</url-pattern>
    <url-pattern>/Admin</url-pattern>
    <url-pattern>/UserContent</url-pattern>
    <url-pattern>/PivotError</url-pattern>
    <url-pattern>/PivotBusy</url-pattern>
    <url-pattern>/Home</url-pattern>
    <url-pattern>/InitFailure</url-pattern>
    <url-pattern>/DisplayChart</url-pattern>
    <url-pattern>/Print</url-pattern>
    <url-pattern>/GetChart</url-pattern>
    <url-pattern>/Xmla</url-pattern>
    <url-pattern>/content</url-pattern>
    <url-pattern>/getImage</url-pattern>
    <url-pattern>/GetContent</url-pattern>    
    <http-method>HEAD</http-method>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
    <http-method>PUT</http-method>
    <http-method>DELETE</http-method>
  </web-resource-collection>
  <auth-constraint>
    <role-name>PentahoUser</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>