`
jnwzping
  • 浏览: 18402 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

Pentaho5 SSO Setup using CAS

阅读更多

pentaho5

 

用了几天的时间在pentaho5上实现了CAS单点登录

主要参考:http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/

主要修改项目当中的pentaho-solutions\system\applicationContext-spring-security.xml 文件,需要的朋友复制下来替换下就行。

附件当中的“http://cas.grandsoft.com.cn” 为我自己的CAS服务器,需要替换为你们自己搭建的CAS服务器

还有一个bug没有解决,就是在CAS中使用什么用户登录,必须提前在pentaho5 系统当中提前添加同样的用户名,密码可以不用相同。这个bug后继有时间再解决。

 

以下为配置好的:applicationContext-spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<!--+
  | Application context containing FilterChainProxy.
  +-->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:pen="http://www.pentaho.com/schema/pentaho-system"
       xsi:schemaLocation="
	   http://www.springframework.org/schema/beans 
	   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.pentaho.com/schema/pentaho-system 
	   http://www.pentaho.com/schema/pentaho-system.xsd">

  <!-- ======================== FILTER CHAIN ======================= -->
  <!--
      if you wish to use channel security, add "channelProcessingFilter," in
      front of "httpSessionContextIntegrationFilter" in the list below
  -->
  <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,casProcessingFilter,logoutFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
		,casSingleSignOutFilter]]>
      </value>
    </property>
  </bean>
  
  <!-- ======================== AUTHENTICATION ======================= -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="authenticationFailureUrl" value="/Home"/>
<property name="defaultTargetUrl" value="/Home"/>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService"/>
</property>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
<property name="ticketValidator">
<ref local="ticketValidator"/>
</property>
<property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>
<bean id="anonymousAuthenticationProvider"
	class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="foobar" />
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" autowire="default" dependency-check="default" lazy-init="default">
<constructor-arg value="http://cas.grandsoft.com.cn" />
</bean>

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager" autowire="default" dependency-check="default" lazy-init="default">
<property name="providers">
<list>
<!--ref bean="daoAuthenticationProvider" /-->
<ref bean="anonymousAuthenticationProvider"/>
<ref bean="casAuthenticationProvider"/>
</list>
</property>
</bean>

  <!-- Automatically receives AuthenticationEvent messages -->
  <bean id="loggerListener"
        class="org.springframework.security.event.authentication.LoggerListener" />
  <bean id="basicProcessingFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
  </bean>
<!--   <bean id="basicAuthPostFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicPostProcessingFilter">
  </bean> -->
  <bean id="basicProcessingFilterEntryPoint"
        class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName" value="Pentaho Realm" />
  </bean>

  <!-- custom Pentaho begin -->

  <!-- replaces Spring's default ApplicationEventMulticaster; do not change bean id -->
  <bean id="applicationEventMulticaster" class="org.pentaho.platform.engine.security.event.OrderedApplicationEventMulticaster" />

  <!-- next two beans replace SecurityStartupFilter -->
  <bean class="org.pentaho.platform.engine.security.event.PentahoAuthenticationSuccessListener" />
  <bean class="org.pentaho.platform.engine.security.event.PentahoSessionStartupAuthenticationSuccessListener" />

  <bean id="httpSessionReuseDetectionFilter"
        class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter">
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="sessionReuseDetectedUrl" value="/Login?login_error=2" />
  </bean>


  <bean id="requestParameterProcessingFilter"
        class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="requestParameterProcessingFilterEntryPoint" />
    </property>
  </bean>
  <bean id="requestParameterProcessingFilterEntryPoint"
        class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" />

  <bean id="httpSessionPentahoSessionContextIntegrationFilter"
        class="org.pentaho.platform.web.http.filters.HttpSessionPentahoSessionIntegrationFilter" />

		
  <!-- custom Pentaho end -->
  <bean id="anonymousProcessingFilter"
        class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
    <property name="key" value="foobar" />
    <property name="userAttribute" value="anonymousUser,Anonymous" />
  </bean>

  <bean id="httpSessionContextIntegrationFilter"
        class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
		
  <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" autowire="default" dependency-check="default" lazy-init="default">
	<constructor-arg value="http://cas.grandsoft.com.cn/logout"/>
	<constructor-arg>
	<list>
	<bean class="org.pentaho.platform.web.http.security.PentahoLogoutHandler"/>
	<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
	</list>
	</constructor-arg>
	<property name="filterProcessesUrl" value="/Logout"/>
  </bean>

  <bean id="securityContextHolderAwareRequestFilter"
        class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />

  <bean id="securityContextHolderAwareRequestFilterForWS" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
    <!-- override so that SavedRequestAwareWrapper is not used -->
    <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper" />
  </bean>



  <!--
      ===================== HTTP REQUEST SECURITY ====================
  -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" autowire="default" dependency-check="default" lazy-init="default">
<property name="service" value="http://localhost:8080/pentaho/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>

<bean id="exceptionTranslationFilter"  class="org.springframework.security.ui.ExceptionTranslationFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
</property>
</bean>

<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
</bean>
<bean id="casSingleSignOutHttpSessionListener" class="org.jasig.cas.client.session.SingleSignOutHttpSessionListener">
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" autowire="default" dependency-check="default" lazy-init="default">
<property name="loginUrl" value="http://cas.grandsoft.com.cn/login"/>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
</bean>



  <bean id="exceptionTranslationFilterForWS" class="org.springframework.security.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
    <property name="accessDeniedHandler">
      <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
    </property>
  </bean>


<!--   <bean id="authenticationProcessingFilter"
  class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationFailureUrl" value="/Login?login_error=1" />
    <property name="defaultTargetUrl" value="/Home" />
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="targetUrlResolver">
      <bean id="targetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl">
        <property name="justUseSavedRequestOnGet" value="true" />
      </bean>
    </property>
  </bean> -->
<!--   <bean id="authenticationProcessingFilterEntryPoint"
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/Login" />
    <property name="forceHttps" value="false" />
  </bean> -->
  
  <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions" value="false" />
    <property name="decisionVoters">
      <list>
        <ref bean="roleVoter" />
      </list>
    </property>
  </bean>
  <!--
      Note the order that entries are placed against the
      objectDefinitionSource is critical. The FilterSecurityInterceptor will
      work from the top of the list down to the FIRST pattern that matches
      the request URL. Accordingly, you should place MOST SPECIFIC (ie
      a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*)
      expressions last
  -->
  <bean id="filterInvocationInterceptor"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <property name="objectDefinitionSource">
      <value>
        <!--
            Note - the "=Nobody" below is saying that resource URLs with those
            patterns not be available through a web call.
        -->
        <![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/js/require.js\Z=Anonymous,Authenticated
\A/js/require-cfg.js\Z=Anonymous,Authenticated
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
\A/webcontext.js.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/cache/cache-service.js.*\Z=Anonymous,Authenticated
\A/cacheexpirationservice.*\Z=Anonymous,Authenticated
\A/js/theme.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/themes/.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/dojo/djconfig.js.*\Z=Anonymous,Authenticated
\A/content/pentaho-mobile/resources/.*\Z=Anonymous,Authenticated
\A/docs/.*\Z=Anonymous,Authenticated
\A/mantlelogin/.*\Z=Anonymous,Authenticated
\A/mantle/mantleloginservice/*\Z=Anonymous,Authenticated
\A/mantle/.*\Z=Authenticated
\A/welcome/.*\Z=Anonymous,Authenticated
\A/public/.*\Z=Anonymous,Authenticated
\A/login.*\Z=Anonymous,Authenticated
\A/ping/alive.gif.*\Z=Anonymous,Authenticated
\A/j_spring_security_check.*\Z=Anonymous,Authenticated
\A/getimage.*\Z=Anonymous,Authenticated
\A/getresource.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
\A/auditreport.*\Z=Admin
\A/auditreportlist.*\Z=Admin
\A/versioncontrol.*\Z=Admin
\A/propertieseditor.*\Z=Admin
\A/propertiespanel.*\Z=Admin
\A/subscriptionadmin.*\Z=Admin
\A/resetrepository.*\Z=Admin
\A/viewaction.*solution.admin.*\Z=Admin
\A/scheduleradmin.*\Z=Admin
\A/publish.*\Z=Admin
\A/logout.*\Z=Anonymous
\A/solutionrepositoryservice.*component=delete.*solution=system.*\Z=Nobody
\A/solutionrepositoryservice.*solution=system.*component=delete.*\Z=Nobody
.*system.*pentaho.xml.*=Nobody
.*system.*applicationcontext.*.xml.*=Nobody
.*system.*pentahoobjects.spring.xml.*=Nobody
.*system.*pentahosystemconfig.xml.*=Nobody
.*system.*adminplugins.xml.*=Nobody
.*system.*plugin.properties.*=Nobody
.*system.*sessionstartupactions.xml.*=Nobody
.*system.*systemlisteners.xml.*=Nobody
.*system.*hibernate.*=Nobody
.*system.*birt/.*=Nobody
.*system.*dialects/.*=Nobody
.*system.*google/.*=Nobody
.*system.*jasperreports/.*=Nobody
.*system.*kettle/.*=Nobody
.*system.*logs/.*=Nobody
.*system.*mondrian/.*=Nobody
.*system.*quartz/.*=Nobody
.*system.*simple-jndi/.*=Nobody
.*system.*smtp-email/.*=Nobody
.*system.*ui/.*=Nobody
.*system.*\.\./.*=Nobody
\A/.*\Z=Authenticated
        ]]>
      </value>
    </property>
  </bean>

  <bean id="filterInvocationInterceptorForWS" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <!-- allow anyone to see the wsdl of various services -->
    <property name="objectDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/webservices/unifiedrepository\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userrolelistservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userroleservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/authorizationpolicy\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/rolebindingdao\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/scheduler\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/repositorysync\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/datasourcemgmtservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/.*\Z=Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Authenticated
\A/plugin/.*\Z=Authenticated
      ]]>
      </value>
    </property>
  </bean>

  <bean id="defaultRole" class="java.lang.String">
    <constructor-arg value="Authenticated" />
  </bean>

  <bean id="anonymousRole" class="java.lang.String">
    <constructor-arg value="Anonymous" />
  </bean>

  <!-- used by ExtraRolesUserRoleListServiceDecorator beans -->
  <bean id="extraRoles" class="org.springframework.beans.factory.config.ListFactoryBean">
    <property name="sourceList">
      <list>
        <ref bean="defaultRole" />
        <ref bean="anonymousRole" />
      </list>
    </property>
  </bean>
</beans>

 

 

 

 

分享到:
评论

相关推荐

    pentaho5 CAS 单点登录

    参考地址:http://blog.datamensional.com/2011/07/pentaho-sso-setup-using-cas-and-ldap/ 主要修改项目当中的pentaho-solutions\system\applicationContext-spring-security.xml 文件 附件当中的...

    Pentaho 5.4.0.1 + CAS单点登录配置文档

    **Pentaho 5.4.0.1与CAS单点登录配置详解** Pentaho是一款开源的企业级商业智能(BI)平台,...对于"cas"这个文件,可能是包含CAS服务器配置或Pentaho SSO插件的详细指南,具体内容需要查看文件以获取更详尽的信息。

    [Pentaho] Pentaho 数据集成 初学者指南 第2版 (英文版)

    Get up and running with the Pentaho Data Integration tool using this hands-on, easy-to-read guide Overview Manipulate your data by exploring, transforming, validating, and integrating it Learn to ...

    mysql5_pentaho_初始化文件

    标题“mysql5_pentaho_初始化文件”表明这是一个与MySQL数据库和Pentaho软件相关的资源包,主要用于初始化Pentaho的数据环境。Pentaho是一款开源的企业级商业智能平台,包括数据集成、报表、分析和仪表板等功能。在...

    pentaho经典中文资料

    5. **Pentaho_Building_Components-zh-CN-1.5.4.htm**和**Pentaho_Building_Components-1.5.4.htm**:这两份文档主要面向开发者,介绍了如何开发和扩展Pentaho组件。内容包括插件架构、API使用以及调试技巧,帮助...

    [Pentaho] Pentaho 5.0 报表实例开发 初学者指南 (英文版)

    [Packt Publishing] Pentaho 5.0 报表实例开发 初学者指南 (英文版) [Packt Publishing] Pentaho 5.0 Reporting by Example Beginner's Guide (E-Book) ☆ 图书概要:☆ Create high-quality, professional, ...

    pentaho-kettle-8.2.zip

    5. **插件支持**:Pentaho Kettle有丰富的插件生态系统,支持添加自定义数据源、转换步骤和输出格式。这极大地扩展了其功能范围,适应不同的业务场景。 6. **部署与执行**:Pentaho Kettle不仅可以本地运行,还可以...

    pentaho kettle中文开发手册

    Pentaho Kettle是一款强大的数据集成工具,也被称为Kettle或Pentaho Data Integration(PDI)。它是开源软件,由Pentaho公司开发,主要用于ETL(Extract, Transform, Load)过程,即数据抽取、转换和加载。这个中文...

    pentaho business analytics cookbook

    这本书通过超过100个食谱的方式,帮助读者全面掌握Pentaho BA 5的关键功能,进而提高工作效率。 本书由Sergio Ramazzina撰写,他是拥有超过25年经验的软件架构师/培训师。书中不仅详细介绍了Pentaho的安装和使用,...

    Pentaho源码分析

    **Pentaho源码分析** Pentaho是一个开源的商业智能(BI)平台,它提供了数据集成、报表、分析和数据挖掘等功能。本文件将深入探讨Pentaho的内部架构和设计思想,帮助读者理解其核心组件和工作原理。 ### Pentaho...

    Pentaho cde整合Birt

    5. **应用场景**:这种整合方式适用于需要高级报告功能且希望在自定义BI环境中展示的组织,例如企业级数据分析、销售报告、运营监控等场景。 6. **注意事项**:整合过程中可能遇到的问题包括版本兼容性、权限配置、...

    Pentaho-开放源码的商业智能平台-技术白皮书.pdf

    5. 开放源码技术 Pentaho 的开放源码技术是该平台的核心优势之一。开放源码技术使得 Pentaho 能够快速地响应企业的需求,提供了一个灵活、可扩展的商业智能平台。 6. 体系结构 Pentaho 的体系结构包括 PENTaho ...

    pentaho4.8汉化总结

    5. **数据源管理汉化**:涉及CSV文件导入和数据库数据的设置,需要在`biserver-ce\pentaho-solutions\system\data-access\resources\gwt`目录下,对`main_wizard_panel_supported_languages.properties`和`...

    在Linux上安装pentaho bi-server

    ### 在Linux上安装Pentaho BI Server的知识点详解 #### 一、配置JAVA环境 **1.1 查看已安装的JDK版本** 在Linux环境下安装Pentaho BI Server前,首先需要确保系统中安装了合适的Java运行环境。可以通过以下命令来...

    Pentaho-8-Reporting-for-Java-Developers-master_Pentaho-8-Reporti

    5. **样式和模板**:Pentaho Reporting支持自定义样式和模板,你可以通过CSS或XSLT来调整报表的外观。文件列表中可能包含一些预设的样式文件和模板示例。 6. **测试和调试工具**:为了确保报表正确运行,可能还提供...

    Pentaho Reporting(2014)

    Pentaho Reporting是开源商业智能(BI)套件Pentaho的一部分,主要负责数据报表和分析的生成。2014年版本的Pentaho Reporting在当时是一个重要的里程碑,提供了丰富的功能和改进,使得用户能够更好地从大数据源中...

    pentaho-aggdesigner-algorithm-5.1.5-jhyde-API文档-中文版.zip

    赠送jar包:pentaho-aggdesigner-algorithm-5.1.5-jhyde.jar; 赠送原API文档:pentaho-aggdesigner-algorithm-5.1.5-jhyde-javadoc.jar; 赠送源代码:pentaho-aggdesigner-algorithm-5.1.5-jhyde-sources.jar; ...

Global site tag (gtag.js) - Google Analytics