This blog will be talking about anonymous authentication in Pentaho. You can bypass the built-in security on the BA Server by giving all permissions to anonymous users. An “anonymousUser” is any user, either existing or newly created, that you specify as an all-permissions, no-login user, and to whom you grant the Anonymous role. The procedure below will grant full BA Server access to the Anonymous role and never require a login.

1. Stop the BA Server.
2. Open the /pentaho/server/biserver-ee/pentaho-solutions/system/applicationContext-spring-security.xml file and ensure that a default anonymous role is defined. Match your bean definition and property value to the example below.

<bean id=”anonymousProcessingFilter” class=”org.springframework.security.providers.anonymous.AnonymousProcessingFilter”>

<!– omitted –>

   <property name=”userAttribute” value=”anonymousUser,Anonymous” />

</bean>


 

3. Find these two beans in the same file .
o filterSecurityInterceptor
o filterInvocationInterceptorForWS
Locate the objectDefinitionSource properties inside the beans and match the contents to this code example.

<bean id=”filterInvocationInterceptor” class=”org.springframework.security.intercept.web.FilterSecurityInterceptor”>
    <property name=”authenticationManager”>
        <ref local=”authenticationManager” />
    </property>
    <property name=”accessDecisionManager”>
        <ref local=”httpRequestAccessDecisionManager” />
    </property>
    <property name=”objectDefinitionSource”>
        <value>
            <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*\Z=Anonymous,Authenticated ]]> </value>
    </property>
</bean>

 

4. Save the file, then open pentaho.xml in the same directory.
5. Find the anonymous-authentication lines of the pentaho-system section, and define the anonymous user and role.

<pentaho-system>
<!– omitted –>
    <anonymous-authentication>
        <anonymous-user>anonymousUser</anonymous-user>
        <anonymous-role>Anonymous</anonymous-role>
    </anonymous-authentication> <!– omitted –>
</pentaho-system>

6. Open the repository.spring.properties file in the same directory.

a) Find the singleTenantAdminUserName and replace the value with the anonymousUser name.
b) Find the singleTenantAdminAuthorityName and replace the value with Anonymous.
c) Save the file.

Open the pentahoObjects.spring.xml file.
Find all references to the bean id=”Mondrian-UserRoleMapper” and make sure that the only one that is uncommented (active) is this one:

<bean id=”Mondrian-UserRoleMapper”
        name=”Mondrian-SampleUserSession-UserRoleMapper”
        class=”org.pentaho.platform.plugin.action.mondrian.mapper.
                            MondrianUserSessionUserRoleListMapper”
        scope=”singleton”>
    <property name=”sessionProperty” value=”MondrianUserRoles” /> </bean>

Save pentahoObjects.spring.xml and close the file.
Restart BA Server.
Enter http://localhost:8080/pentaho in browser address field. You will find that the pentaho home page opens without requiring login.

Archana Verma
Helical IT Solutions

Leave a Reply