ByPass Pentaho Login
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Bypass Pentaho Login is a tool to can access to some pentaho resources, such as reports or dashboards, from a third party tool.

The idea behind is to create a token codified in the same way in the Pentaho server and in the third party tool that allow the login


###place in WEB-INF/classes the properties file

This properties file looks like this:

  destination_1=/pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent
  destination_2=/pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent

This properties file have: -The user credentials we will use to bypass the login. It is recommended NOT to use the admin user for this. -The route of all the destinations available... you can add as much as you want.

###Put the jar byPassPentahoLogin.jar in the pentaho/WEB-INF/lib directory

###Declare the filter and the servlet in the Pentaho web.xml

You should add the filter before Spring Security Filter Chain Proxy


And the filter mapping also before Spring Security Filter Chain Proxy ...


Add the servelt just at the end of the servlet declarations.

  <!-- insert additional servlets -->

###Finally... if you are using pentaho 5.3 or above you should enable the option to accept user and password form the url. in /pentaho-solutions/system/ you should set to true the parameter requestParameterAuthenticationEnabled


Take a look at:

###Now you are able to bypass the login by calling:


Where: The destination_1 is the destination you declared in the file.

The token is the md5 hash of the string: date + "SomeExtraText" + destination where:

  • The date is the date with the format dd-MM-yyyy
  • "SomeExtraText" is just some extra text to make the hash ugliest. You can modify the class JortillesCultomFilter and place here you desired text
  • Destination is the destination you want to go... in this example destination_1

The filter will decode the call and attach the user and password defined in the properties file to the redirection call. As well all the rest of the parameters.

So... now you only have to codify your hash in the same way in the third party tool. And make your call to: