Hitachi Vantara Pentaho Community Forums
Results 1 to 6 of 6

Thread: Security

  1. #1

    Default Security

    Hi, we just tried to use LDAP-based security on BI Suite 1.5.3.
    It seems like we have to add a role authenticated to every user, so that he gets this authorization. Without that role, it is not possible to access the Home.jsp, even if no security besides "authenticated" is set.
    As we could see in our logs, the role ROLE_AUTHENTICATED is not assigned to a user who logged in successfully, but other roles of the ldap directory were assigned.
    Looking at your apacheds example, a role authenticated is also defined. Is this really necessary?
    We are using OpenLDAP as LDAP-Directory.

    Thanks a lot for your help,
    kind regards,
    Alex

  2. #2
    Join Date
    Oct 2006
    Posts
    817

    Default

    ROLE_AUTHENTICATED is only an example. Out of the box, the web interface only enforces two roles: ROLE_AUTHENTICATED and ROLE_ADMIN. It's possible that your setup will have no common role.

  3. #3

    Default

    Thank you.
    I want to make sure that a user is logged in before he is granted access too the (some) pentaho pages. The only way I found was to use the roles.
    But is there a way to check if a user is successfully authenticated / logged in in the platform without having to assign him a special Role?

  4. #4
    Join Date
    Oct 2006
    Posts
    817

    Default

    Code:
    boolean authenticated = request.getRemoteUser() != null;
    See SecurityContextHolderAwareRequestFilter for more information on how this works.

  5. #5

    Default

    Thanks. We are using the PCI with a database based repository.
    To set the rights on folders / solutions / xaction, I only can assign Roles and Users.
    Is there any way restrict access to users which are logged on using the Permissions dialog?
    As far as I understood your answer, I will have to code the checks manually.
    Kind regards,
    Alex

  6. #6
    Join Date
    Oct 2006
    Posts
    817

    Default

    I think I misunderstood your question.

    Try this:

    1. Set the defaultRole property on the populator bean in applicationContext-acegi-security-ldap.xml. When setting this value, you should already have the role prefix (if any) appended to the value.
    2. The next step depends on how your roles are stored in your LDAP directory. But regardless, the goal is to get the allAuthoritiesSearch property of the ldapUserRoleListService bean in applicationContext-pentaho-security-ldap.xml to include the default role. (This will allow you to make use of it in the Permissions editor.) If roles are stored as nodes, then just add that node (but have no one assigned to that role). If roles are attributes of user nodes, I suggest assigning the default role to at least one user, preferably some special user, such an administrator.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.