Pentaho BI server report without Log in

Asked 9/2, 2015 at 6:49 Answered 27/9, 2023 at 6:12

Solved authentication pentaho pentaho-cde

I need to integrate my Pentaho Community dashboard report in a DotNet application. Now I am facing a problem. I want the report to open on single click without the Pentaho server asking for authentication or log in. I tried to find out a solution and found that if I use userid and password in the url, it will work. So I did this

http://192.168.2.122:8085/pentaho/api/repos/:home:Time%20Sheet%20Reports:Project%20Effort%20Analysis%20Dashboard.wcdf/generatedContent&userid=admin&password=password

But this is not working for me and the browser is still asking for login credentials. I don't understand what went wrong. Any help with the same will be most appreciated.

Thanks in advance. Regards, Ritesh.

Oxidate answered 9/2, 2015 at 6:49 Comment(1)

#38473431 #13759078 – Titanothere 29/10, 2019 at 3:25

You need the following user to be created under the Manage Users & Roles Perspective:

anonymousUser (notice the uppercase U)

You can give this user any password; this is only to make sure this user maps the user used in the configuration files inside pentaho-solutions/system

Make sure the Anonymous role has at least the Read Permission.

The Anonymous role should exist already in the BA Server (this is by default a system role in the Manage Users and Roles Perspective)

Under Public create a folder: in my case "OpenReports"

Select the "OpenReports" folder click properties > click Share > Uncheck > Inherits folder permissions

Make sure to add anonymousUser and role anonymous to it and they at least the Read permission

Click OK

Copy an Analyzer report to the new OpenReports folder

Verify the permissions for anonymousUser and Anonymous role were inherited; if not add them accordingly.

Stop BA Server

Locate the following file:

\pentaho\server\biserver-ee\pentaho-solutions\system\applicationContext-spring-security.xml

Add the following lines:

\A/i18n.*\Z=Anonymous,Authenticated

\A/js/utils.js\Z=Anonymous,Authenticated

\A/api/.*require-js-cfg.js\Z=Anonymous,Authenticated

\A/api/.*\Z=Anonymous,Authenticated

\A/api/repos.*\Z=Anonymous,Authenticated

\A/api/common-ui/resources/.*\Z=Anonymous,Authenticated

\A/api/common-ui/util/.*\Z=Anonymous,Authenticated

The following lines open the anonymous access to the OpenReports folder and its contents

\A/api/repos.*public.*openreports.*\Z=Anonymous,Authenticated

\A/api/repos.*public.*openreports.*/viewer/.*\Z=Anonymous,Authenticated

\A/api/repos.*public.*openreports.*/common-ui/.*\Z=Anonymous,Authenticated

\A/api/repos.*public.*openreports.*/common-ui/util/.*\Z=Anonymous,Authenticated



after:

\A/js/require-cfg.js\Z=Anonymous,Authenticated

and before:

\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated

Add the following lines: (these open the URL access to the Analyzer plugin)

\A/content/pentaho-cdf/.*\Z=Anonymous,Authenticated

\A/content/common-ui/.*\Z=Anonymous,Authenticated

\A/content/analyzer/.*\Z=Anonymous,Authenticated

\A/content/analyzer/scripts/.*\Z=Anonymous,Authenticated

Make sure to add these lines:

After:

\A/content/data-access/resources/gwt/.*css\Z=Anonymous,Authenticated

and before:

\A/webcontext.js.*\Z=Anonymous,Authenticated

Locate the following

Change the following lines from:

\A/api/.*\Z=Authenticated

\A/plugin/.*\Z=Authenticated

to:

\A/api/.*\Z=Anonymous,Authenticated

\A/plugin/.*\Z=Anonymous,Authenticated

Save the file

Restart your BA Server

You should be able to successfully call the report by URL without having to authenticate through the login page; here is a sample URL:

http://192.168.2.122:8085/pentaho/api/repos/:public:OpenReports:Leading%20Product%20Lines%20(pivot%20table).xanalyzer/editor

Michaelmas answered 9/2, 2015 at 16:35 Comment(5)

Thank You Marlon.. It works.. Its just what I wanted. Not giving away the whole server. It just makes one folder anonymous. Thank you again. – Oxidate 10/2, 2015 at 6:33

Marlon, I cant understand your "after", "before", "to". Please could you tell us the exactly tag or line to modify in applicationContext-spring-security.xml file. Something like : help.pentaho.com/Documentation/5.3/0P0/150/040. Thanks in advance!! – Incontinent 7/6, 2016 at 20:29

@Incontinent "before" is the line you need to search for and "after" is the line you have to copy paste on the searched line (replace). Hope you got it. – Michaelmas 8/6, 2016 at 4:50

Anyone know if this is possible in 8.0 or so? It seems there's no way to get access to files in the jackrabbit repository if you're not an authenticated user, so the only solution is to create some sort of dummy guest user? – Dyanne 7/11, 2018 at 15:35

@Dyanne Haven't used Pentaho for 3 years now. You better ask a new question referring this answer, Hope someone will answer. – Michaelmas 8/11, 2018 at 5:57

Here the simplest way to bypass the log in :

http://pedroalves-bi.blogspot.pt/2015/02/useful-tips-easy-authentication-in.html

it's work for me, i'm using pentaho 5.4

don't forget to create anonymousUser and in "system Roles" check only "Read Content".

if you use admin user and then you try to access http://localhost:8080/pentaho/Home it will automaticly login because the browser still have session login.

sorry for my bad english,

Monreal answered 4/7, 2015 at 6:19 Comment(0)

For later versions of the Pentaho BI server (I did this in CE 9.4.0.0-343 to be exact), the answer given by @Marlon is still valid, just some minor differences are there.

The following points are exactly as given in his answer:

You need the following user to be created under the Manage Users & Roles Perspective:
anonymousUser (notice the uppercase U)
You can give this user any password; this is only to make sure this user maps the user used in the configuration files inside pentaho-solutions/system

Make sure the Anonymous role has at least the Read Permission.

The Anonymous role should exist already in the BA Server (this is by default a system role in the Manage Users and Roles Perspective)

Under Public create a folder: in my case "OpenReports"

Select the "OpenReports" folder click properties > click Share > Uncheck > Inherits folder permissions

Make sure to add anonymousUser and role anonymous to it and they at least the Read permission

Click OK

Copy an Analyzer report to the new OpenReports folder

Verify the permissions for anonymousUser and Anonymous role were inherited; if not add them accordingly.

Stop BA Server

Locate the following file:
\pentaho\server\biserver-ee\pentaho-solutions\system\applicationContext-spring-security.xml

In the bean definition

  <bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
....
    <property name="securityMetadataSource">

Search for the lines

        <sec:intercept-url pattern="\A/[^\?]*(require)(-js)?(-cfg)?.js(\?.*)?\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/content/data-access/resources/gwt/.*css\Z" access="Anonymous,Authenticated" />

In my version (9.4.0.0-343), these are lines 313 & 314.

Add the following lines between these two lines:

        <sec:intercept-url pattern="\A/i18n.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/js/utils.js\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/.*require-js-cfg.js\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/repos.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/common-ui/resources/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/common-ui/util/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/repos.*public.*openreports.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/repos.*public.*openreports.*/viewer/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/repos.*public.*openreports.*/common-ui/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/api/repos.*public.*openreports.*/common-ui/util/.*\Z" access="Anonymous,Authenticated" />

And just between the following 2 lines (line numbers 314 & 315 in the original, which would have been moved due to above addition),

        <sec:intercept-url pattern="\A/content/data-access/resources/gwt/.*css\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/webcontext.js.*\Z" access="Anonymous,Authenticated" />

Add the following lines:

        <sec:intercept-url pattern="\A/content/pentaho-cdf/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/content/common-ui/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/content/analyzer/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/content/analyzer/scripts/.*\Z" access="Anonymous,Authenticated" />

And then in the bean definition:

  <bean id="filterInvocationInterceptorForWS" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
....
    <property name="securityMetadataSource">

Replace the following two lines:

        <sec:intercept-url pattern="\A/api/.*\Z" access="Authenticated" />
        <sec:intercept-url pattern="\A/plugin/.*\Z" access="Authenticated" />

With

        <sec:intercept-url pattern="\A/api/.*\Z" access="Anonymous,Authenticated" />
        <sec:intercept-url pattern="\A/plugin/.*\Z" access="Anonymous,Authenticated" />

I.e. just add Anonymous, in the access attribute.

That's it. Start the Pentaho server again, and you should be able to access all the reports under Public/OpenReports/ folder without any login.

Amplexicaul answered 27/9, 2023 at 6:12 Comment(0)

Recommended topics

Hot tags