Examples: how to get a ticket

Rospaccio edited this page Nov 1, 2015 · 2 revisions

In order to get a ticket from the PentahoTransparentAuthentication plugin, your request must be authenticated (i.e.: it must carry, in some form, the username and the password of an existing Pentaho account).

Request parameter authentication

The quickest and easiest way to do that is by employing request parameter authentication.

[Be careful with this approach, since it introduces some security risks: you can use it for development, testing and/or quick prototyping, but we strongly discourage you to use it in a production environment].

With this method, you can authenticate the request with two HTTP parameters: useridand password. This authentication method is disabled by default in Pentaho. It can be enabled by editing the security.properties file contained in pentaho-solutions/system, and changing the value of requestParameterAuthenticationEnabledfrom false to true:

provider=jackrabbit
requestParameterAuthenticationEnabled=true

Once this is done, you can include the aforementioned parameters, either in the query string or in the body. In the second case, the content type should be set to application/x-www-form-urlencoded. This is how a GET request, with the parameters put in query string, could look like:

https://<pentaho-base>/pentaho/Login?generate-ticket=1&app=showcase&username=user0.2&userid=admin&password=password"

Basic Authentication

A more secure method, and one that is also enabled by default, is Basic Authentication. To trigger this kind of authentication, the request must have a header that encodes username and password. Something that looks like this:

Authorization: Basic YWRtaW46cGFzc3dvcmQ=

You can "manually" add the header to an HTTP request or use your HTTP client of choice and refer to its documentation. The following is an example made with the Apache HttpClient and largely based on the official example. This piece of code is inside a Spring MVC web application and uses Jackson to parse JSON.

     /**
 * Redirects a user to Pentaho using PentahoTransparentAuthentication.
 * @param targetUrl A URL that is assumed to be under the target Pentaho context 
 * @return A RedirectView to redirect the user to Pentaho
 * @throws ClientProtocolException
 * @throws IOException
 */
private View pentahoAutologin(String targetUrl) throws ClientProtocolException, IOException
{
	// Gets a ticket from Pentaho

	// Creates a CredentialProvider for Basic authentication
	CredentialsProvider provider = new BasicCredentialsProvider();
	UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("admin", "password");
	// sets AuthScope.ANY, since we don't really care about the realm in this example
	provider.setCredentials(AuthScope.ANY, credentials);
	
	// Creates a target host and an AuthCache instance
	HttpHost targetHost = new HttpHost("localhost", 8080, "http");
	AuthCache authCache = new BasicAuthCache();
	// Generates BASIC scheme object and adds it to the local auth cache
	BasicScheme basicAuth = new BasicScheme();
	authCache.put(targetHost, basicAuth);
	
	// Creates an HttpClientContext to hold authentication data and sets the credential provider
	HttpClientContext context = HttpClientContext.create();
	context.setCredentialsProvider(provider);
	context.setAuthCache(authCache);
	HttpClient client = HttpClients.custom().setDefaultCredentialsProvider(provider).build();
	
	HttpGet get = new HttpGet("/pentaho/Login?generate-ticket=1&app=showcase&username=user0.2");
	HttpResponse response = client.execute(targetHost, get, context);
	InputStream responseStream = response.getEntity().getContent();
	
	BufferedReader reader = new BufferedReader(new InputStreamReader(responseStream));
	String firstLine = reader.readLine();
	
	ObjectMapper mapper = new ObjectMapper();
	JsonNode node = mapper.readTree(firstLine);
	String ticketId = node.get("ticketId").asText();
	
            // Redirects the user of this application to the Pentaho target URL with
            // the ticket  
	RedirectView redirectView = new RedirectView(targetUrl + "&autologin=true&ticket=" + ticketId);
	return redirectView;
}
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.