最近在研究pentaho BI系统,已经把源码编译成功,发现很多同行都在询问如何设置才能实现免登录展示CDE(wcdf文件)和report(prpt文件),所以写下这篇文章,希望能帮助大家能配置成功。
以下内容应用的版本是:biserver-ce-6.1.0.1-196
主要原理就是通过向匿名用户提供所有权限,绕过BA服务器上的内置安全性。
1. 设置“anonymousUser”并指定相应权限。
2.修改的文件都位于所有文件都位于 biserver-ce/pentaho-solutions/system目录中。开始之前,请停止BA服务器。
3.修改applicationContext-spring-security.xml
找到anonymousProcessingFilter配置处,修改为如下内容:
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="userAttribute" value="anonymousUser,Anonymous" />
</bean>4.修改applicationContext-spring-security.xml
找到filterChainProxy配置处,添加如下内容:
requestParameterProcessingFilter,anonymousProcessingFilter,其中requestParameterProcessingFilter是为了实现传递userid和pasword时可以不弹出登录框直接展现CDE文件。anonymousProcessingFilter是允许anonymous角色访问相应的文件。
其中在 :/api/= 和 /plugin/ 行里添加requestParameterProcessingFilter,然后除 /webservices/**不添加以外,其余都需要添加anonymousProcessingFilter。
最终修改结果如下:
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
<![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
/api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
/plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
/**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,logoutFilter,authenticationProcessingFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor]]>
</value>
</property>
</bean>5.修改applicationContext-spring-security.xml
找到bean id=”filterInvocationInterceptor”的objectDefinitionSource配置处,添加如下内容:
\A/i18n.*\Z=Anonymous,Authenticated
\A/js/utils.js\Z=Anonymous,Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Anonymous,Authenticated
\A/api/repos.*\Z=Anonymous,Authenticated
\A/api/common-ui/resources/.*\Z=Anonymous,Authenticated
\A/api/common-ui/util/.*\Z=Anonymous,Authenticated
\A/plugin/saiku/.*\Z=Anonymous,Authenticated
\A/saiku/rest/saiku/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*test.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*test.*/viewer/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*test.*/common-ui/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*test.*/common-ui/util/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*plugin-samples.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*plugin-samples.*/viewer/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*plugin-samples.*/common-ui/.*\Z=Anonymous,Authenticated
\A/api/repos.*public.*plugin-samples.*/common-ui/util/.*\Z=Anonymous,Authenticated
\A/content/pentaho-cdf/.*\Z=Anonymous,Authenticated
\A/content/common-ui/.*\Z=Anonymous,Authenticated
\A/content/analyzer/.*\Z=Anonymous,Authenticated
\A/content/saiku-ui/.*public.*test.*/.*\Z=Anonymous,Authenticated
\A/content/saiku-ui/.*\Z=Anonymous,Authenticated
\A/content/analyzer/scripts/.*\Z=Anonymous,Authenticated注意一点:上述内容中\A/api/repos.public.*test.\Z的相关行,public.*test是我放置cde文件的目录,需要进行定义后才能正常访问。
找到bean id=”filterInvocationInterceptorForWS”的objectDefinitionSource配置处,添加如下内容:
\A/api/repos/.*\Z=Anonymous,Authenticated
\A/api/.*require-cfg.js.*\Z=Anonymous,Authenticated
\A/api/.*require-js-cfg.js.*\Z=Anonymous,Authenticated
\A/api/.*\Z=Anonymous,Authenticated
\A/plugin/.*\Z=Anonymous,Authenticated
\A/plugin/saiku/.*\Z=Anonymous,Authenticated
\A/saiku/rest/saiku/.*\Z=Anonymous,Authenticated
\A/content/saiku-ui/.*\Z=Anonymous,Authenticated6.最后一步,设置文件夹或文件的共享属性启动BA服务器,打开如下画面进行设置。
然后请打开浏览器访问一下CDE文件,试试看还有没有弹出登录框了。
http://localhost:8080/pentaho/api/repos/%3Apublic%3Aplugin-samples%3Apentaho-cdf-dd%3Acde_sample1.wcdf/generatedContent