Hitachi Vantara Pentaho Community Forums
Results 1 to 7 of 7

Thread: Difficulties with RDBMS repository & JDBC security in RC2

  1. #1

    Default Difficulties with RDBMS repository & JDBC security in RC2

    I used the instructions below to enable JDBC security.
    http://forums.pentaho.org/showthread.php?t=56376

    When I enable the RDBMS repository the reports don't work. I get the following errors:

    09:15:32,067 INFO [CWM] CWM - Loaded CWM model into the default repository.
    09:15:32,069 INFO [STDOUT] Pentaho BI Platform server is ready. (Pentaho BI Platform 1.6.0-RC2.820) Base Url = http://localhost:8080/pentaho/, Solution Path = /Users/zacharyzeus/workspace/downloads/pentaho16rc2/pentaho-demo/pentaho-solutions
    09:18:12,171 INFO [SolutionRepositoryBase] Using solution name: null
    09:18:31,918 WARN [LoggerListener] Authentication event AuthenticationFailureBadCredentialsEvent: joe; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; exception: Bad credentials
    09:18:41,177 WARN [LoggerListener] Authentication event AuthenticationSuccessEvent: zach; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18
    09:18:41,213 WARN [LoggerListener] Authentication event InteractiveAuthenticationSuccessEvent: zach; details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18
    09:18:41,351 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
    09:18:41,352 ERROR [SolutionEngine] a8c0e29c-6706-11dc-a53f-d160a286a9d0:SOLUTION-ENGINE:session-region-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
    09:18:41,374 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
    09:18:41,374 ERROR [SolutionEngine] a8cb1bcd-6706-11dc-a53f-d160a286a9d0:SOLUTION-ENGINE:global-department-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid


    If I go back to memory based security, the RDBMS repository works and file based works.
    If I use JDBC security, the file based repository works, but the RDBMS does not.

    Zach
    BizCubed Pty Ltd
    Australian Pentaho Partner

  2. #2
    Join Date
    Oct 2006
    Posts
    817

    Default

    FYI: The file-based solution repository doesn't enforce security on action sequences--even though you're forced to login--it enforces security only at the URL level.

    Here are some things to check. What are the roles that user zach has been granted? (And when I ask this question, I mean what roles does Acegi Security output when its debugging output is turned on.) Once you know the user's roles, you can go assign permissions in one of two ways:

    1. Batch assignment via default-acls (careful--it will reset any permissions set in the Permissions UI)
    2. Admin Permissions UI


    For the first, consult Re-Applying Default ACL. For the second, log in as the Pentaho administrator, click Admin, click Permissions, find your action sequence, and then assign permissions to one or more of the roles that zach has been granted.

    I recommend option #1 as it will reset the default ACL--the one that references canned Pentaho roles--to an ACL that references your custom roles.

  3. #3

    Default

    Hi Matt,

    I did option 1 and it didn't change the behavior, and option 2 is not available because I don't have access to any xactions. The behaviour is that I authenticate without a problem, but once I get in, I'm not allowed to use xactions.

    The roles that the user has are: ceo, Admin, Authenticated.

    However, in the PRO_ACLS_LIST table, all of the roles are prefixed by ROLE_ which we took out when we went through enabling JDBC security. I have also tried putting the original code in place (the one that had the role prefix) and that doesn't resolve the issue either. We get the same behavior as we did before

    Here is the stack trace (I had to cut bits out to get it to fit, I took them out in the middle, I have attached the full stack trace as a file).

    Code:
    Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo'
    15:29:30,430 DEBUG [FilterChainProxy] /Home at position 9 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.providers.anonymous.AnonymousProcessingFilter@52e3b7'
    15:29:30,430 DEBUG [AnonymousProcessingFilter] SecurityContextHolder not populated with anonymous token, as it already contained: 'org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo'
    15:29:30,430 DEBUG [FilterChainProxy] /Home at position 10 of 13 in additional filter chain; firing Filter: 'com.pentaho.security.SecurityStartupFilter@e409b3'
    15:29:30,431 DEBUG [SecurityStartupFilter] org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,453 DEBUG [SolutionEngine] ::: Starting execute of samples/rules/session-region-list.xaction
    15:29:30,453 DEBUG [SolutionEngine] :SOLUTION-ENGINE:session-region-list.xaction: Getting runtime context and data
    15:29:30,459 DEBUG [HibernateUtil] Starting new database transaction in this thread.
    15:29:30,482 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:session-region-list.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
    15:29:30,498 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:session-region-list.xaction: Created instanceId: 764fd688-673a-11dc-8392-59bd8bdee7a4
    15:29:30,528 DEBUG [SolutionEngine] 764fd688-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:session-region-list.xaction: Loading action sequence definition file
    15:29:30,570 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,570 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,570 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,570 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,570 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,571 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,579 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
    15:29:30,579 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
    15:29:30,579 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/rules/session-region-list.xaction for operation 1 was denied.
    15:29:30,579 ERROR [SolutionEngine] 764fd688-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:session-region-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
    15:29:30,587 DEBUG [SolutionEngine] ::: Starting execute of samples/secure/global-department-list.xaction
    15:29:30,587 DEBUG [SolutionEngine] :SOLUTION-ENGINE:global-department-list.xaction: Getting runtime context and data
    15:29:30,588 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:global-department-list.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
    15:29:30,588 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:Session startup actions:global-department-list.xaction: Created instanceId: 765d9229-673a-11dc-8392-59bd8bdee7a4
    15:29:30,588 DEBUG [SolutionEngine] 765d9229-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:global-department-list.xaction: Loading action sequence definition file
    15:29:30,597 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,597 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,597 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,598 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,598 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,598 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,602 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,602 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
    15:29:30,602 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
    15:29:30,602 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/secure/global-department-list.xaction for operation 1 was denied.
    15:29:30,603 ERROR [SolutionEngine] 765d9229-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:global-department-list.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
    15:29:30,603 DEBUG [FilterChainProxy] /Home at position 11 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter@38d1ff'
    15:29:30,603 DEBUG [FilterChainProxy] /Home at position 12 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.ui.ExceptionTranslationFilter@62d40e'
    15:29:30,603 DEBUG [FilterChainProxy] /Home at position 13 of 13 in additional filter chain; firing Filter: 'org.acegisecurity.intercept.web.FilterSecurityInterceptor@4fed96'
    15:29:30,603 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Converted URL to lowercase, from: '/home'; to: '/home'
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/login.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/j_acegi_security_check.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getmondrianmodel.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getimage.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/getresource.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/admin.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreport.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/auditreportlist.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/versioncontrol.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertieseditor.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/propertiespanel.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/subscriptionadmin.*\Z; matched=false
    15:29:30,604 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/resetrepository.*\Z; matched=false
    15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/viewaction.*solution.admin.*\Z; matched=false
    15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/scheduleradmin.*\Z; matched=false
    15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/publish.*\Z; matched=false
    15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/logout.*\Z; matched=false
    15:29:30,605 DEBUG [RegExpBasedFilterInvocationDefinitionMap] Candidate is: '/home'; pattern is \A/.*\Z; matched=true
    15:29:30,605 DEBUG [AbstractSecurityInterceptor] Secure object: FilterInvocation: URL: /Home; ConfigAttributes: [Authenticated]
    15:29:30,605 DEBUG [AbstractSecurityInterceptor] Previously Authenticated: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,605 DEBUG [AbstractSecurityInterceptor] Authorization successful
    15:29:30,605 DEBUG [XmlWebApplicationContext] Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authorization.AuthorizedEvent[source=FilterInvocation: URL: /Home]
    15:29:30,605 DEBUG [AbstractSecurityInterceptor] RunAsManager did not change Authentication object
    15:29:30,605 DEBUG [FilterChainProxy] /Home reached end of additional filter chain; proceeding with original chain
    15:29:30,616 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,616 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,616 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,680 DEBUG [SolutionEngine] ::: Starting execute of samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction
    15:29:30,681 DEBUG [SolutionEngine] :SOLUTION-ENGINE:Sales_by_Territory.xaction: Getting runtime context and data
    15:29:30,681 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Territory.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
    15:29:30,681 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Territory.xaction: Created instanceId: 766bc2fa-673a-11dc-8392-59bd8bdee7a4
    15:29:30,681 DEBUG [SolutionEngine] 766bc2fa-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:Sales_by_Territory.xaction: Loading action sequence definition file
    15:29:30,686 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,686 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,686 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,686 DEBUG [SecurityUtils] principal from IPentahoSession: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,686 DEBUG [SecurityUtils] principal class: org.acegisecurity.providers.UsernamePasswordAuthenticationToken
    15:29:30,686 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:30,689 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:30,690 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
    15:29:30,690 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction for operation 1 was denied.
    15:29:30,690 ERROR [SolutionRepositoryBase] SOLUTION-REPOSITORY: Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Territory.xaction for operation 1 was denied.
    15:29:30,690 ERROR [SolutionEngine] 766bc2fa-673a-11dc-8392-59bd8bdee7a4:SOLUTION-ENGINE:Sales_by_Territory.xaction: SolutionEngine.ERROR_0005 - Action sequence not valid
    15:29:32,148 DEBUG [SolutionEngine] ::: Starting execute of samples/steel-wheels/homeDashboard/Sales_by_Productline.xaction
    15:29:32,148 DEBUG [SolutionEngine] :SOLUTION-ENGINE:Sales_by_Productline.xaction: Getting runtime context and data
    15:29:32,148 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Productline.xaction: newRuntimeElement(786941661315D2364BF8D72A8A408E18,session)
    15:29:32,148 DEBUG [RuntimeRepository] 786941661315D2364BF8D72A8A408E18:org.pentaho.ui.component.charting.PieDatasetChartComponent:Sales_by_Productline.xaction: Created instanceId: 774b9bab-673a-11dc-8392-59bd8bdee7a4
    15:29:32,155 DEBUG [SecurityUtils] principal is an instance of Authentication
    15:29:32,156 DEBUG [GrantedAuthorityEffectiveAclsResolver] Locating AclEntry[]s (from set of 4) that apply to Authentication: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@af25b193: Username: org.acegisecurity.userdetails.User@91b0be00: Username: zach; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: Admin, Authenticated, ceo; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: 786941661315D2364BF8D72A8A408E18; Granted Authorities: Admin, Authenticated, ceo
    15:29:32,156 DEBUG [GrantedAuthorityEffectiveAclsResolver] Returning null AclEntry array as zero effective AclEntrys found
    15:29:32,156 DEBUG [SolutionRepositoryBase] Access to /pentaho-solutions/samples/steel-wheels/homeDashboard/Sales_by_Productline.xaction for operation 1 was denied.
    Attached Files Attached Files
    BizCubed Pty Ltd
    Australian Pentaho Partner

  4. #4
    Join Date
    Oct 2006
    Posts
    817

    Default

    If the ROLE_ prefix is still present in the PRO_ACLS_LIST table, then you will certainly be denied access. Please confirm that the following has been done:

    1. Edit pentaho.xml, modifying the default-acls section.
    2. Drop PRO_FILES and PRO_ACLS_LIST and delete row from VERSIONMAP.
    3. Restart the Pentaho BI Server.

  5. #5

    Default

    We are getting there!!! Thanks Matt for your help.

    I have posted my pentaho.xml file so that people can see the changes I have made.

    Next issue is that now that I have the rdbms repository working, when I go into the "permissions" screen my "Solution Repository" is show as "null".

    Zach
    Attached Files Attached Files
    BizCubed Pty Ltd
    Australian Pentaho Partner

  6. #6
    Join Date
    Oct 2006
    Posts
    817

    Default

    I took a look at your pentaho.xml. My first thought was that there is a case inconsistency in role names.

    For example, this uses Admin...

    Code:
    <default-acls>
      <acl-entry role="Admin" acl="ADMIN_ALL" />
      ...
    ...and this uses ADMIN...

    Code:
    <acl-voter>
      <admin-role>ADMIN</admin-role>
    </acl-voter>
    I looked at the code for the Permissions interface and this would most definitely cause a problem.

  7. #7

    Default

    Ok, so that did it.

    I changed the

    Code:
    <acl-voter>
      <admin-role>ADMIN</admin-role>
    </acl-voter>
    to


    Code:
    <acl-voter>
      <admin-role>Admin</admin-role>
    </acl-voter>
    And that worked.

    Thanks!!!
    BizCubed Pty Ltd
    Australian Pentaho Partner

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Privacy Policy | Legal Notices | Safe Harbor Privacy Policy

Copyright © 2005 - 2019 Hitachi Vantara Corporation. All Rights Reserved.