`
jnwzping
  • 浏览: 18398 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

pentaho5 CAS 单点登录

阅读更多

pentaho5 CAS 单点登录 

项目中添加两个jar包:cas-client-core-3.1.5.jar 和 spring-security-cas-client-2.0.5.RELEASE.jar

 

并修改项目下的applicationContext-spring-security.xml 文件,可以实现CAS单点登录:

 

以下出现“http://cas.grandsoft.com.cn” 请替换成自己的CAS地址。

 

 

<?xml version="1.0" encoding="UTF-8"?>

<!--+
  | Application context containing FilterChainProxy.
  +-->
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:pen="http://www.pentaho.com/schema/pentaho-system"
       xsi:schemaLocation="
	   http://www.springframework.org/schema/beans 
	   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.pentaho.com/schema/pentaho-system 
	   http://www.pentaho.com/schema/pentaho-system.xsd">

  <!-- ======================== FILTER CHAIN ======================= -->
  <!--
      if you wish to use channel security, add "channelProcessingFilter," in
      front of "httpSessionContextIntegrationFilter" in the list below
  -->
  <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /webservices/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /api/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /plugin/**=securityContextHolderAwareRequestFilterForWS,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilterForWS,filterInvocationInterceptorForWS
        /**=securityContextHolderAwareRequestFilter,httpSessionPentahoSessionContextIntegrationFilter,httpSessionContextIntegrationFilter,httpSessionReuseDetectionFilter,casProcessingFilter,logoutFilter,basicProcessingFilter,requestParameterProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
		,casSingleSignOutFilter]]>
      </value>
    </property>
  </bean>
  
  <!-- ======================== AUTHENTICATION ======================= -->
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationManager">
<ref bean="authenticationManager"/>
</property>
<property name="authenticationFailureUrl" value="/Home"/>
<property name="defaultTargetUrl" value="/Home"/>
<property name="filterProcessesUrl" value="/j_spring_cas_security_check"/>
</bean>

<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<property name="userDetailsService">
<ref bean="userDetailsService"/>
</property>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
<property name="ticketValidator">
<ref local="ticketValidator"/>
</property>
<property name="key" value="my_password_for_this_auth_provider_only"/>
</bean>
<bean id="anonymousAuthenticationProvider"
	class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="foobar" />
</bean>
<bean id="ticketValidator" class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator" autowire="default" dependency-check="default" lazy-init="default">
<constructor-arg value="http://cas.grandsoft.com.cn" />
</bean>

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager" autowire="default" dependency-check="default" lazy-init="default">
<property name="providers">
<list>
<!--ref bean="daoAuthenticationProvider" /-->
<ref bean="anonymousAuthenticationProvider"/>
<ref bean="casAuthenticationProvider"/>
</list>
</property>
</bean>

  <!-- Automatically receives AuthenticationEvent messages -->
  <bean id="loggerListener"
        class="org.springframework.security.event.authentication.LoggerListener" />
  <bean id="basicProcessingFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
  </bean>
<!--   <bean id="basicAuthPostFilter"
        class="org.pentaho.platform.web.http.security.PentahoBasicPostProcessingFilter">
  </bean> -->
  <bean id="basicProcessingFilterEntryPoint"
        class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName" value="Pentaho Realm" />
  </bean>

  <!-- custom Pentaho begin -->

  <!-- replaces Spring's default ApplicationEventMulticaster; do not change bean id -->
  <bean id="applicationEventMulticaster" class="org.pentaho.platform.engine.security.event.OrderedApplicationEventMulticaster" />

  <!-- next two beans replace SecurityStartupFilter -->
  <bean class="org.pentaho.platform.engine.security.event.PentahoAuthenticationSuccessListener" />
  <bean class="org.pentaho.platform.engine.security.event.PentahoSessionStartupAuthenticationSuccessListener" />

  <bean id="httpSessionReuseDetectionFilter"
        class="org.pentaho.platform.web.http.security.HttpSessionReuseDetectionFilter">
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="sessionReuseDetectedUrl" value="/Login?login_error=2" />
  </bean>


  <bean id="requestParameterProcessingFilter"
        class="org.pentaho.platform.web.http.security.RequestParameterAuthenticationFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationEntryPoint">
      <ref local="requestParameterProcessingFilterEntryPoint" />
    </property>
  </bean>
  <bean id="requestParameterProcessingFilterEntryPoint"
        class="org.pentaho.platform.web.http.security.RequestParameterFilterEntryPoint" />

  <bean id="httpSessionPentahoSessionContextIntegrationFilter"
        class="org.pentaho.platform.web.http.filters.HttpSessionPentahoSessionIntegrationFilter" />

		
  <!-- custom Pentaho end -->
  <bean id="anonymousProcessingFilter"
        class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
    <property name="key" value="foobar" />
    <property name="userAttribute" value="anonymousUser,Anonymous" />
  </bean>

  <bean id="httpSessionContextIntegrationFilter"
        class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
		
  <bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter" autowire="default" dependency-check="default" lazy-init="default">
	<constructor-arg value="http://cas.grandsoft.com.cn/logout"/>
	<constructor-arg>
	<list>
	<bean class="org.pentaho.platform.web.http.security.PentahoLogoutHandler"/>
	<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler"/>
	</list>
	</constructor-arg>
	<property name="filterProcessesUrl" value="/Logout"/>
  </bean>

  <bean id="securityContextHolderAwareRequestFilter"
        class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />

  <bean id="securityContextHolderAwareRequestFilterForWS" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
    <!-- override so that SavedRequestAwareWrapper is not used -->
    <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper" />
  </bean>



  <!--
      ===================== HTTP REQUEST SECURITY ====================
  -->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties" autowire="default" dependency-check="default" lazy-init="default">
<property name="service" value="http://bi.glodon.com/pentaho/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>

<bean id="exceptionTranslationFilter"  class="org.springframework.security.ui.ExceptionTranslationFilter" autowire="default" dependency-check="default" lazy-init="default">
<property name="authenticationEntryPoint">
<ref local="casProcessingFilterEntryPoint"/>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
</property>
</bean>

<bean id="casSingleSignOutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter">
</bean>
<bean id="casSingleSignOutHttpSessionListener" class="org.jasig.cas.client.session.SingleSignOutHttpSessionListener">
</bean>

<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint" autowire="default" dependency-check="default" lazy-init="default">
<property name="loginUrl" value="http://cas.grandsoft.com.cn/login"/>
<property name="serviceProperties">
<ref local="serviceProperties"/>
</property>
</bean>



  <bean id="exceptionTranslationFilterForWS" class="org.springframework.security.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint">
      <ref local="basicProcessingFilterEntryPoint" />
    </property>
    <property name="accessDeniedHandler">
      <bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
    </property>
  </bean>


<!--   <bean id="authenticationProcessingFilter"
  class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="authenticationFailureUrl" value="/Login?login_error=1" />
    <property name="defaultTargetUrl" value="/Home" />
    <property name="filterProcessesUrl" value="/j_spring_security_check" />
    <property name="targetUrlResolver">
      <bean id="targetUrlResolver" class="org.springframework.security.ui.TargetUrlResolverImpl">
        <property name="justUseSavedRequestOnGet" value="true" />
      </bean>
    </property>
  </bean> -->
<!--   <bean id="authenticationProcessingFilterEntryPoint"
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/Login" />
    <property name="forceHttps" value="false" />
  </bean> -->
  
  <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions" value="false" />
    <property name="decisionVoters">
      <list>
        <ref bean="roleVoter" />
      </list>
    </property>
  </bean>
  <!--
      Note the order that entries are placed against the
      objectDefinitionSource is critical. The FilterSecurityInterceptor will
      work from the top of the list down to the FIRST pattern that matches
      the request URL. Accordingly, you should place MOST SPECIFIC (ie
      a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*)
      expressions last
  -->
  <bean id="filterInvocationInterceptor"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <property name="objectDefinitionSource">
      <value>
        <!--
            Note - the "=Nobody" below is saying that resource URLs with those
            patterns not be available through a web call.
        -->
        <![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/js/require.js\Z=Anonymous,Authenticated
\A/js/require-cfg.js\Z=Anonymous,Authenticated
\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated
\A/webcontext.js.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/cache/cache-service.js.*\Z=Anonymous,Authenticated
\A/cacheexpirationservice.*\Z=Anonymous,Authenticated
\A/js/theme.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/themes/.*\Z=Anonymous,Authenticated
\A/content/common-ui/resources/web/dojo/djconfig.js.*\Z=Anonymous,Authenticated
\A/content/pentaho-mobile/resources/.*\Z=Anonymous,Authenticated
\A/docs/.*\Z=Anonymous,Authenticated
\A/mantlelogin/.*\Z=Anonymous,Authenticated
\A/mantle/mantleloginservice/*\Z=Anonymous,Authenticated
\A/mantle/.*\Z=Authenticated
\A/welcome/.*\Z=Anonymous,Authenticated
\A/public/.*\Z=Anonymous,Authenticated
\A/login.*\Z=Anonymous,Authenticated
\A/ping/alive.gif.*\Z=Anonymous,Authenticated
\A/j_spring_security_check.*\Z=Anonymous,Authenticated
\A/getimage.*\Z=Anonymous,Authenticated
\A/getresource.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
\A/auditreport.*\Z=Admin
\A/auditreportlist.*\Z=Admin
\A/versioncontrol.*\Z=Admin
\A/propertieseditor.*\Z=Admin
\A/propertiespanel.*\Z=Admin
\A/subscriptionadmin.*\Z=Admin
\A/resetrepository.*\Z=Admin
\A/viewaction.*solution.admin.*\Z=Admin
\A/scheduleradmin.*\Z=Admin
\A/publish.*\Z=Admin
\A/logout.*\Z=Anonymous
\A/solutionrepositoryservice.*component=delete.*solution=system.*\Z=Nobody
\A/solutionrepositoryservice.*solution=system.*component=delete.*\Z=Nobody
.*system.*pentaho.xml.*=Nobody
.*system.*applicationcontext.*.xml.*=Nobody
.*system.*pentahoobjects.spring.xml.*=Nobody
.*system.*pentahosystemconfig.xml.*=Nobody
.*system.*adminplugins.xml.*=Nobody
.*system.*plugin.properties.*=Nobody
.*system.*sessionstartupactions.xml.*=Nobody
.*system.*systemlisteners.xml.*=Nobody
.*system.*hibernate.*=Nobody
.*system.*birt/.*=Nobody
.*system.*dialects/.*=Nobody
.*system.*google/.*=Nobody
.*system.*jasperreports/.*=Nobody
.*system.*kettle/.*=Nobody
.*system.*logs/.*=Nobody
.*system.*mondrian/.*=Nobody
.*system.*quartz/.*=Nobody
.*system.*simple-jndi/.*=Nobody
.*system.*smtp-email/.*=Nobody
.*system.*ui/.*=Nobody
.*system.*\.\./.*=Nobody
\A/.*\Z=Authenticated
        ]]>
      </value>
    </property>
  </bean>

  <bean id="filterInvocationInterceptorForWS" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager">
      <ref local="authenticationManager" />
    </property>
    <property name="accessDecisionManager">
      <ref local="httpRequestAccessDecisionManager" />
    </property>
    <!-- allow anyone to see the wsdl of various services -->
    <property name="objectDefinitionSource">
      <value>
        <![CDATA[CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
\A/webservices/unifiedrepository\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userrolelistservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/userroleservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/authorizationpolicy\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/rolebindingdao\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/scheduler\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/repositorysync\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/datasourcemgmtservice\?wsdl.*\Z=Anonymous,Authenticated
\A/webservices/.*\Z=Authenticated
\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated
\A/api/.*\Z=Authenticated
\A/plugin/.*\Z=Authenticated
      ]]>
      </value>
    </property>
  </bean>

  <bean id="defaultRole" class="java.lang.String">
    <constructor-arg value="Authenticated" />
  </bean>

  <bean id="anonymousRole" class="java.lang.String">
    <constructor-arg value="Anonymous" />
  </bean>

  <!-- used by ExtraRolesUserRoleListServiceDecorator beans -->
  <bean id="extraRoles" class="org.springframework.beans.factory.config.ListFactoryBean">
    <property name="sourceList">
      <list>
        <ref bean="defaultRole" />
        <ref bean="anonymousRole" />
      </list>
    </property>
  </bean>
</beans>

 

 

0
0
分享到:
评论
3 楼 hunter123456 2016-08-01  
您好!
  我用的是pentaho5.4 按你的步骤试了一下,首页打不开。
cas登陆框在 服务器上,pentaho5.4装在本机,
请问该如何设置。
 
2 楼 fengjidly 2016-05-23  
你好,请问saiku的单点登录也可以这样做吗?

我现在需要把saiku部署到公司的服务器,公司系统是CAS实现的单点登录,用的是http,

谢谢
1 楼 u013189769 2015-08-26  
多谢分享!
这几天也在弄pentaho的单点登录,官网的是修改applicationContext-spring-security-cas.xml ,可是根本找不到这个文件,
现在用这个配置已经成功登录,不过修改了个地方
  1:去掉了id=httpSessionReuseDetectionFilter这个bean
  2:在id=filterChainProxy中删除了httpSessionReuseDetectionFilter
(我现在用的是pentaho5.3,单点登录用的是http)
再次感谢

相关推荐

    Pentaho 5.4.0.1 + CAS单点登录配置文档

    **Pentaho 5.4.0.1与CAS单点登录配置详解** Pentaho是一款开源的企业级商业智能(BI)平台,提供数据集成、分析、报告和仪表板等功能。在5.4.0.1版本中,Pentaho支持与其他系统集成,包括使用中央认证服务(Central...

    pentaho 二次开发修改PUC登录后的页面

    5. **插件机制**:Pentaho支持插件系统,可以通过编写自己的Maven模块并将其部署到Pentaho系统中,实现对登录后页面的扩展。例如,可以创建一个新的JSF组件或使用Pentaho提供的API来添加自定义功能。 6. **部署与...

    pentaho经典中文资料

    5. **Pentaho_Building_Components-zh-CN-1.5.4.htm**和**Pentaho_Building_Components-1.5.4.htm**:这两份文档主要面向开发者,介绍了如何开发和扩展Pentaho组件。内容包括插件架构、API使用以及调试技巧,帮助...

    mysql5_pentaho_初始化文件

    标题“mysql5_pentaho_初始化文件”表明这是一个与MySQL数据库和Pentaho软件相关的资源包,主要用于初始化Pentaho的数据环境。Pentaho是一款开源的企业级商业智能平台,包括数据集成、报表、分析和仪表板等功能。在...

    pentaho-kettle-8.2.zip

    5. **插件支持**:Pentaho Kettle有丰富的插件生态系统,支持添加自定义数据源、转换步骤和输出格式。这极大地扩展了其功能范围,适应不同的业务场景。 6. **部署与执行**:Pentaho Kettle不仅可以本地运行,还可以...

    pentaho business analytics cookbook

    这本书通过超过100个食谱的方式,帮助读者全面掌握Pentaho BA 5的关键功能,进而提高工作效率。 本书由Sergio Ramazzina撰写,他是拥有超过25年经验的软件架构师/培训师。书中不仅详细介绍了Pentaho的安装和使用,...

    pentaho4.8汉化总结

    5. **数据源管理汉化**:涉及CSV文件导入和数据库数据的设置,需要在`biserver-ce\pentaho-solutions\system\data-access\resources\gwt`目录下,对`main_wizard_panel_supported_languages.properties`和`...

    Pentaho cde整合Birt

    5. **应用场景**:这种整合方式适用于需要高级报告功能且希望在自定义BI环境中展示的组织,例如企业级数据分析、销售报告、运营监控等场景。 6. **注意事项**:整合过程中可能遇到的问题包括版本兼容性、权限配置、...

    pentaho kettle中文开发手册

    Pentaho Kettle是一款强大的数据集成工具,也被称为Kettle或Pentaho Data Integration(PDI)。它是开源软件,由Pentaho公司开发,主要用于ETL(Extract, Transform, Load)过程,即数据抽取、转换和加载。这个中文...

    Pentaho源码分析

    **Pentaho源码分析** Pentaho是一个开源的商业智能(BI)平台,它提供了数据集成、报表、分析和数据挖掘等功能。本文件将深入探讨Pentaho的内部架构和设计思想,帮助读者理解其核心组件和工作原理。 ### Pentaho...

    Pentaho-开放源码的商业智能平台-技术白皮书.pdf

    下面是 Pentaho 的技术白皮书的详细知识点: 1. 摘要 Pentaho 是一个基于开放源码的商业智能平台,提供了一个完整的商业智能解决方案,包括数据integration、报表生成、数据分析和数据 mining 等功能。Pentaho 的...

    在Linux上安装pentaho bi-server

    ### 在Linux上安装Pentaho BI Server的知识点详解 #### 一、配置JAVA环境 **1.1 查看已安装的JDK版本** 在Linux环境下安装Pentaho BI Server前,首先需要确保系统中安装了合适的Java运行环境。可以通过以下命令来...

    pentaho安装

    ### Pentaho 安装流程详解 #### 一、前言 Pentaho是一款开源的数据集成与商业智能软件,它能够帮助用户实现数据整合、清洗、转换以及数据分析等操作。Pentaho提供了强大的图形化界面,使得即使是非技术背景的用户...

    Pentaho 视频 New Features

    在压缩包子文件的文件名称“Pentaho_Reporting_3_6_New_Features_-_Part_4_of_5.flv”中,我们可以推断出几个关键点: 1. **Pentaho Reporting**:这是Pentaho BI平台的一个核心组件,专注于创建、管理和分发各种...

    Pentaho Reporting(2014)

    Pentaho Reporting是开源商业智能(BI)套件Pentaho的一部分,主要负责数据报表和分析的生成。2014年版本的Pentaho Reporting在当时是一个重要的里程碑,提供了丰富的功能和改进,使得用户能够更好地从大数据源中...

    Pentaho-8-Reporting-for-Java-Developers-master_Pentaho-8-Reporti

    5. **样式和模板**:Pentaho Reporting支持自定义样式和模板,你可以通过CSS或XSLT来调整报表的外观。文件列表中可能包含一些预设的样式文件和模板示例。 6. **测试和调试工具**:为了确保报表正确运行,可能还提供...

    Pentaho Solutions (PDF)

    5. **仪表板展示(Dashboards)**:Pentaho BI Server提供了一个灵活的平台来创建和发布仪表板。这些仪表板可以集成来自MySQL数据库的实时数据,以图形化的方式展示关键指标和KPIs。 #### 四、应用场景案例 1. **...

Global site tag (gtag.js) - Google Analytics