Bypass Pentaho Login is a tool to can access to some pentaho resources, such as reports or dashboards, from a third party tool.
The idea behind is to create a token codified in the same way in the Pentaho server and in the third party tool that allow the login
###place in WEB-INF/classes the properties file destinos.properties
This properties file looks like this:
userid=admin password=password destination_1=/pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent destination_2=/pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent
This properties file have: -The user credentials we will use to bypass the login. It is recommended NOT to use the admin user for this. -The route of all the destinations available... you can add as much as you want.
###Put the jar byPassPentahoLogin.jar in the pentaho/WEB-INF/lib directory
###Declare the filter and the servlet in the Pentaho web.xml
You should add the filter before Spring Security Filter Chain Proxy
<filter> <filter-name>JortillesCultomFilter</filter-name> <filter-class>com.jortilles.pentaho.util.JortillesCultomFilter</filter-class> </filter>
And the filter mapping also before Spring Security Filter Chain Proxy ...
<filter-mapping> <filter-name>JortillesCultomFilter</filter-name> <url-pattern>/Urbano</url-pattern> </filter-mapping>
Add the servelt just at the end of the servlet declarations.
<!-- insert additional servlets --> <servlet> <servlet-name>Urbano</servlet-name> <servlet-class>com.jortilles.pentaho.util.Urbano</servlet-class> </servlet> <servlet-mapping> <servlet-name>Urbano</servlet-name> <url-pattern>/Urbano</url-pattern> </servlet-mapping>
###Finally... if you are using pentaho 5.3 or above you should enable the option to accept user and password form the url. in /pentaho-solutions/system/security.properties you should set to true the parameter requestParameterAuthenticationEnabled
Take a look at:
###Now you are able to bypass the login by calling:
Where: The destination_1 is the destination you declared in the destinos.properties file.
The token is the md5 hash of the string: date + "SomeExtraText" + destination where:
- The date is the date with the format dd-MM-yyyy
- "SomeExtraText" is just some extra text to make the hash ugliest. You can modify the class JortillesCultomFilter and place here you desired text
- Destination is the destination you want to go... in this example destination_1
The filter will decode the call and attach the user and password defined in the properties file to the redirection call. As well all the rest of the parameters.
So... now you only have to codify your hash in the same way in the third party tool. And make your call to: