pentaho5
用了几天的时间在pentaho5上实现了CAS单点登录
主要参考:http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/
主要修改项目当中的pentaho-solutions\system\applicationContext-spring-security.xml 文件,需要的朋友复制下来替换下就行。
附件当中的“http://cas.grandsoft.com.cn” 为我自己的CAS服务器,需要替换为你们自己搭建的CAS服务器
还有一个bug没有解决,就是在CAS中使用什么用户登录,必须提前在pentaho5 系统当中提前添加同样的用户名,密码可以不用相同。这个bug后继有时间再解决。
以下为配置好的:applicationContext-spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <!--+ | Application context containing FilterChainProxy. +--> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pen="http://www.pentaho.com/schema/pentaho-system" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.pentaho.com/schema/pentaho-system http://www.pentaho.com/schema/pentaho-system.xsd"> <!-- ======================== FILTER CHAIN ======================= --> <!-- if you wish to use channel security, add "channelProcessingFilter," in front of "httpSessionContextIntegrationFilter" in the list below --> <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS /**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,casProcessingFilter,logoutFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor ,casSingleSignOutFilter]]> </value> </property> </bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" autowire="default" dependency-check="default" lazy-init="default"> <property name="authenticationManager"> <ref bean="authenticationManager"/> </property> <property name="authenticationFailureUrl" value="/Home"/> <property name="defaultTargetUrl" value="/Home"/> <property name="filterProcessesUrl" value="/j_spring_cas_security_check"/> </bean> <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <property name="userDetailsService"> <ref bean="userDetailsService"/> </property> <property name="serviceProperties"> <ref local="serviceProperties"/> </property> <property name="ticketValidator"> <ref local="ticketValidator"/> </property> <property name="key" value="my_password_for_this_auth_provider_only"/> </bean> <bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key" value="foobar" /> </bean> <bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" autowire="default" dependency-check="default" lazy-init="default"> <constructor-arg value="http://cas.grandsoft.com.cn" /> </bean> <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager" autowire="default" dependency-check="default" lazy-init="default"> <property name="providers"> <list> <!--ref bean="daoAuthenticationProvider" /--> <ref bean="anonymousAuthenticationProvider"/> <ref bean="casAuthenticationProvider"/> </list> </property> </bean> <!-- Automatically receives AuthenticationEvent messages --> <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" /> <bean id="basicProcessingFilter" class="org.pentaho.platform.web.http.security.PentahoBasicProcessingFilter"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="authenticationEntryPoint"> <ref local="basicProcessingFilterEntryPoint" /> </property> </bean> <!-- <bean id="basicAuthPostFilter" class="org.pentaho.platform.web.http.security.PentahoBasicPostProcessingFilter"> </bean> --> <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName" value="Pentaho Realm" /> </bean> <!-- custom Pentaho begin --> <!-- replaces Spring's default ApplicationEventMulticaster; do not change bean id --> <bean id="applicationEventMulticaster" class="org.pentaho.platform.engine.security.event.OrderedApplicationEventMulticaster" /> <!-- next two beans replace SecurityStartupFilter --> <bean class="org.pentaho.platform.engine.security.event.PentahoAuthenticationSuccessListener" /> <bean class="org.pentaho.platform.engine.security.event.PentahoSessionStartupAuthenticationSuccessListener" /> <bean id="httpSessionReuseDetectionFilter" class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter"> <property name="filterProcessesUrl" value="/j_spring_security_check" /> <property name="sessionReuseDetectedUrl" value="/Login?login_error=2" /> </bean> <bean id="requestParameterProcessingFilter" class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="authenticationEntryPoint"> <ref local="requestParameterProcessingFilterEntryPoint" /> </property> </bean> <bean id="requestParameterProcessingFilterEntryPoint" class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" /> <bean id="httpSessionPentahoSessionContextIntegrationFilter" class="org.pentaho.platform.web.http.filters.HttpSessionPentahoSessionIntegrationFilter" /> <!-- custom Pentaho end --> <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter"> <property name="key" value="foobar" /> <property name="userAttribute" value="anonymousUser,Anonymous" /> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter" /> <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" autowire="default" dependency-check="default" lazy-init="default"> <constructor-arg value="http://cas.grandsoft.com.cn/logout"/> <constructor-arg> <list> <bean class="org.pentaho.platform.web.http.security.PentahoLogoutHandler"/> <bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/> </list> </constructor-arg> <property name="filterProcessesUrl" value="/Logout"/> </bean> <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" /> <bean id="securityContextHolderAwareRequestFilterForWS" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter"> <!-- override so that SavedRequestAwareWrapper is not used --> <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper" /> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== --> <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" autowire="default" dependency-check="default" lazy-init="default"> <property name="service" value="http://localhost:8080/pentaho/j_spring_cas_security_check"/> <property name="sendRenew" value="false"/> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter" autowire="default" dependency-check="default" lazy-init="default"> <property name="authenticationEntryPoint"> <ref local="casProcessingFilterEntryPoint"/> </property> <property name="accessDeniedHandler"> <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" /> </property> </bean> <bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"> </bean> <bean id="casSingleSignOutHttpSessionListener" class="org.jasig.cas.client.session.SingleSignOutHttpSessionListener"> </bean> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" autowire="default" dependency-check="default" lazy-init="default"> <property name="loginUrl" value="http://cas.grandsoft.com.cn/login"/> <property name="serviceProperties"> <ref local="serviceProperties"/> </property> </bean> <bean id="exceptionTranslationFilterForWS" class="org.springframework.security.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref local="basicProcessingFilterEntryPoint" /> </property> <property name="accessDeniedHandler"> <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" /> </property> </bean> <!-- <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="authenticationFailureUrl" value="/Login?login_error=1" /> <property name="defaultTargetUrl" value="/Home" /> <property name="filterProcessesUrl" value="/j_spring_security_check" /> <property name="targetUrlResolver"> <bean id="targetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl"> <property name="justUseSavedRequestOnGet" value="true" /> </bean> </property> </bean> --> <!-- <bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl" value="/Login" /> <property name="forceHttps" value="false" /> </bean> --> <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false" /> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last --> <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref local="httpRequestAccessDecisionManager" /> </property> <property name="objectDefinitionSource"> <value> <!-- Note - the "=Nobody" below is saying that resource URLs with those patterns not be available through a web call. --> <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/.*require-js-cfg.js\Z=Anonymous,Authenticated \A/js/require.js\Z=Anonymous,Authenticated \A/js/require-cfg.js\Z=Anonymous,Authenticated \A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated \A/webcontext.js.*\Z=Anonymous,Authenticated \A/content/common-ui/resources/web/cache/cache-service.js.*\Z=Anonymous,Authenticated \A/cacheexpirationservice.*\Z=Anonymous,Authenticated \A/js/theme.*\Z=Anonymous,Authenticated \A/content/common-ui/resources/themes/.*\Z=Anonymous,Authenticated \A/content/common-ui/resources/web/dojo/djconfig.js.*\Z=Anonymous,Authenticated \A/content/pentaho-mobile/resources/.*\Z=Anonymous,Authenticated \A/docs/.*\Z=Anonymous,Authenticated \A/mantlelogin/.*\Z=Anonymous,Authenticated \A/mantle/mantleloginservice/*\Z=Anonymous,Authenticated \A/mantle/.*\Z=Authenticated \A/welcome/.*\Z=Anonymous,Authenticated \A/public/.*\Z=Anonymous,Authenticated \A/login.*\Z=Anonymous,Authenticated \A/ping/alive.gif.*\Z=Anonymous,Authenticated \A/j_spring_security_check.*\Z=Anonymous,Authenticated \A/getimage.*\Z=Anonymous,Authenticated \A/getresource.*\Z=Anonymous,Authenticated \A/admin.*\Z=Admin \A/auditreport.*\Z=Admin \A/auditreportlist.*\Z=Admin \A/versioncontrol.*\Z=Admin \A/propertieseditor.*\Z=Admin \A/propertiespanel.*\Z=Admin \A/subscriptionadmin.*\Z=Admin \A/resetrepository.*\Z=Admin \A/viewaction.*solution.admin.*\Z=Admin \A/scheduleradmin.*\Z=Admin \A/publish.*\Z=Admin \A/logout.*\Z=Anonymous \A/solutionrepositoryservice.*component=delete.*solution=system.*\Z=Nobody \A/solutionrepositoryservice.*solution=system.*component=delete.*\Z=Nobody .*system.*pentaho.xml.*=Nobody .*system.*applicationcontext.*.xml.*=Nobody .*system.*pentahoobjects.spring.xml.*=Nobody .*system.*pentahosystemconfig.xml.*=Nobody .*system.*adminplugins.xml.*=Nobody .*system.*plugin.properties.*=Nobody .*system.*sessionstartupactions.xml.*=Nobody .*system.*systemlisteners.xml.*=Nobody .*system.*hibernate.*=Nobody .*system.*birt/.*=Nobody .*system.*dialects/.*=Nobody .*system.*google/.*=Nobody .*system.*jasperreports/.*=Nobody .*system.*kettle/.*=Nobody .*system.*logs/.*=Nobody .*system.*mondrian/.*=Nobody .*system.*quartz/.*=Nobody .*system.*simple-jndi/.*=Nobody .*system.*smtp-email/.*=Nobody .*system.*ui/.*=Nobody .*system.*\.\./.*=Nobody \A/.*\Z=Authenticated ]]> </value> </property> </bean> <bean id="filterInvocationInterceptorForWS" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager" /> </property> <property name="accessDecisionManager"> <ref local="httpRequestAccessDecisionManager" /> </property> <!-- allow anyone to see the wsdl of various services --> <property name="objectDefinitionSource"> <value> <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON \A/webservices/unifiedrepository\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/userrolelistservice\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/userroleservice\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/authorizationpolicy\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/rolebindingdao\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/scheduler\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/repositorysync\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/datasourcemgmtservice\?wsdl.*\Z=Anonymous,Authenticated \A/webservices/.*\Z=Authenticated \A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated \A/api/.*\Z=Authenticated \A/plugin/.*\Z=Authenticated ]]> </value> </property> </bean> <bean id="defaultRole" class="java.lang.String"> <constructor-arg value="Authenticated" /> </bean> <bean id="anonymousRole" class="java.lang.String"> <constructor-arg value="Anonymous" /> </bean> <!-- used by ExtraRolesUserRoleListServiceDecorator beans --> <bean id="extraRoles" class="org.springframework.beans.factory.config.ListFactoryBean"> <property name="sourceList"> <list> <ref bean="defaultRole" /> <ref bean="anonymousRole" /> </list> </property> </bean> </beans>
相关推荐
参考地址:http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/ 主要修改项目当中的pentaho-solutions\system\applicationContext-spring-security.xml 文件 附件当中的...
Pentaho 5.4.0.1 + CAS单点登录配置文档,英文说明文档,亲测可以使用。
Get up and running with the Pentaho Data Integration tool using this hands-on, easy-to-read guide Overview Manipulate your data by exploring, transforming, validating, and integrating it Learn to ...
[Packt Publishing] Pentaho 5.0 报表实例开发 初学者指南 (英文版) [Packt Publishing] Pentaho 5.0 Reporting by Example Beginner's Guide (E-Book) ☆ 图书概要:☆ Create high-quality, professional, ...
赠送jar包:pentaho-aggdesigner-algorithm-5.1.5-jhyde.jar; 赠送原API文档:pentaho-aggdesigner-algorithm-5.1.5-jhyde-javadoc.jar; 赠送源代码:pentaho-aggdesigner-algorithm-5.1.5-jhyde-sources.jar; ...
learning-pentaho-ctoolslearning-pentaho-ctoolslearning-pentaho-ctoolslearning-pentaho-ctoolslearning-pentaho-ctoolslearning-pentaho-ctoolslearning-pentaho-ctools
Pentaho Solutions Pentaho Solutions
So, if you already know how to create jobs andtransformations using Pentaho Data Integration, you should also be able to createplugins. We will need to understand the Community Plugin Kick-starter ...
pentaho kettle中文开发手册
Get up and running with the Pentaho Data Integration tool using this hands-on, easy-to-read guide Overview Manipulate your data by exploring, transforming, validating, and integrating it Learn to ...
5 pentaho analysis的汉化及国际化 12 5.1 配置mondrian 12 5.2 编写resource bundle文件 13 5.3 在schema文件中引用resource 13 5.4 All成员的国际化 13 6 mondrian schema文件的编写 15 6.1 逻辑模型 15 6.3 ...
pentaho自带的MYSQL初始化脚本并不健全,初始化后,会报诸多问题。 还是这个压缩包好,5个脚本。 本人已验证
pentaho4.8版本的汉化总结 其中包含绝大部分的汉化
创建 Pentaho Solutions 中文
Pentaho Reporting(2014) 资源挺多的
Pentaho Solutions Business Intelligence and Data Warehousing with Pentaho and MySQL
pentaho初学者,整理了一些使用的过程和配置
解决 Cannot resolve org.pentaho:pentaho-aggdesigner-algorithm:5.1.5-jhyde jar放入D根目录执行: 以下命令加入本地maven库 mvn install:install-file -DgroupId=org.pentaho -DartifactId=pentaho-aggdesigner-...
Pentaho Data Integration(原Kettle)和 Data Reporting工具最新版9.0.0.2.530百度云下载地址 ETL工具及报表展示工具