Hitachi Vantara Pentaho Community Wiki
Child pages
  • 06. Removing Security
Skip to end of metadata
Go to start of metadata

Useful Information

This document is relevant only to the Pentaho BI Platform version 1.2.0 or earlier. See the Pentaho BI Platform version 1.2.1 or later security documentation if you're using version 1.2.1 or later. (You can find the version you are running in several ways: (1) look at the log when the Pentaho BI Platform starts or (2) look at the bottom right of any page within the Pentaho BI Platform.)

The security features of the Pentaho Professional BI Platform cannot be removed. However, they can be effectively removed by using the following steps. Essentially, the idea is to create a single user and role and give system-wide access to that user.

1. Disable ForceLoginFilter

Delete the following line in acegi.xml:

<bean id="forceLoginFilter" class="com.pentaho.security.ForceLoginFilter" />

Then remove that bean's name (forceLoginFilter) from the filterChainProxy. It will look something like this when you're done:

Warning

Note that the backslashes that occur in the below XML excerpt are present for formatting purposes only and should not be present in the actual XML file.

<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
  <property name="filterInvocationDefinitionSource">
    <value>
      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      PATTERN_TYPE_APACHE_ANT
      /**=securityContextHolderAwareRequestFilter,httpSessionContextIntegrationFilter, \
      httpSessionReuseDetectionFilter,authenticationProcessingFilter, \
      basicProcessingFilter,requestParameterProcessingFilter, \
      rememberMeProcessingFilter,anonymousProcessingFilter, \
      pentahoSecurityStartupFilter,switchUserProcessingFilter
    </value>
  </property>
</bean>

2. Use PentahoAllowAnonymousAclVoter as your IAclVoter implementation

See 03. pentaho.xml for a description of how to configure this voter. When configuring this voter, you will define the anonymous user and role. That user and/or role should be used when assigning ACLs.

3. Assign ACLs

Using the user and role defined earlier, assign ACLs.

  • No labels