sexta-feira, 24 de julho de 2015

Integrator Plugin for Pentaho 5

Some people asked me about how to use the old version of Pentaho Servlet Integrator in the new Pentaho 5.

Unfortunately, the core of Pentaho 5 it's totally different from Pentaho 4.8. So, the way to authenticate the user used by Pentaho Servlet Integrator cannot be used any more in the Pentaho 5.

The Integrator Plugin for Pentaho 5 is a new implementation with the same idea, but that works in the Pentaho 5 and was developed as a pentaho plugin instead of a servlet.

Note: The plugin was not tested in the Pentaho versions prior than 5.4.



How does it work ?


  1. First, the user authenticates on their application. From some menu, he/she asks to access some resource on the Pentaho, such as, a report or a dashboard.
  2. Second, the application must maintain a common database table and insert a new record with the username / tokenid / url.

    username: a pentaho username to be used.
    tokenid: in our case we use jsessionid as token.
    url: the url from the resource on the Pentaho Server coded in base64.

    Note: for the url doesn't use the http://server:port. Example:
    Resource: http://localhost:8080/pentaho/Home?lang=pt-BR
    Url: /pentaho/Home?lang=pt-BR
  3. Third, after the application insert the record it must send a browser redirect to
    http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=<tokenid>&urlEncoded==<url_enconded_base64>
  4. Then, Pentaho server will decode the url and try do a select on the tokensbi table to filter the username to be used in the Pentaho session.
  5. So, If tokenid/url is valid, the Pentaho server will create an authenticated session and redirect the user to the Pentaho resource.

How to install ?

Use the Marketplace to install it.


How to use it ?

  1. Create a new JNDI connection in the Pentaho.
  2. Configure the new JNDI name into integrator.properties file.
  3. Do the proper configurations in the application.


Using a node.js app sample

To test the plugin, you can use an node.js app sample available in the folder resources/app-sample.

  1. Install node.js
  2. Install packages. In the folder app-sample execute npm install 
  3. Configure the postgresConnectionString property in the config.js file to access the same database configured in the JNDI connection.
  4. Run the app: node server.js
  5. Test it: http://localhost:1010 

Video (Portuguese)



Contribution 

If somebody sees any improvement opportunity, please feel free to suggest and contribute with the project


Enjoy it !!! 

28 comentários:

  1. This plugin is very usefull =]

    Congratulations Kleyson!

    ResponderExcluir
  2. Hi Kleyson,

    I'm very interested in 'integrator plugin' but I can't make it work.
    My enviroment is Pentaho 5.4 + Ubuntu Server + Mysql 5 as database for tokens_bi

    Once installed integrator I made connection to my token database modifiyng context.xml and pentaho.xml and I rebooted Pentaho.
    No errors in catalina.out after startup.

    I don't know node.js, so i tried Integrator inserting a user, tokenid and url manually on tokens_bi table

    username: admin
    token: 1234
    URL: L3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQVN0ZWVsIFdoZWVscyUzQURhc2hib2FyZHMl
    M0FDVG9vbHNfZGFzaGJvYXJkLndjZGYvZ2VuZXJhdGVkQ29udGVudA==

    (which is /pentaho/api/repos/%3Apublic%3ASteel Wheels%3ADashboards%3ACTools_dashboard.wcdf/generatedContent in base64 encoding)

    Then, I put the following URL in a browser:

    http://myserver:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=L3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQVN0ZWVsIFdoZWVscyUzQURhc2hib2FyZHMlM0FDVG9vbHNfZGFzaGJvYXJkLndjZGYvZ2VuZXJhdGVkQ29udGVudA==

    And i get the following message
    Integrator Error: Invalid token.

    What I do wrong?

    Thanks

    Carles Massallé

    ResponderExcluir
  3. Hi Carles,

    That error happens because integrator couldn't find no record in the tokens_bi table that match TOKEN and URL.

    Inside the plugin folder (pentaho-solutions/system/integrator) there is the integrator.properties file with some queries.

    Try TokenQuery and TokenQueryCount and verify if you get some result. If not, try to fix and check if the integrator is working. If yes, let me know, we will have to dive deeper.

    Regards.

    ResponderExcluir
  4. In addition, you wrote "URL=..." in uppercase. Check if the column names are in lowercase.

    ResponderExcluir
  5. Hi Kleyson,

    I've revised integrator.properties and now it works great. Thanks.

    Another issue.

    I want to integrate Pentaho solutions which include GET parameters in URL (such as jpivot or reports).

    For instance:
    /pentaho/plugin/jpivot/Pivot?solution=&path=/home/me/test.xjpivot&action=test.xjpivot

    Once encoded to base64 and decoded by Integrator URL looks like
    /pentaho/plugin/jpivot/Pivot%3Fsolution%3D%26path%3D/home/me/test.xjpivot%26action%3Dtest.xjpivot

    Where characters ?, & and = have been changed to UTF8 equivalents. Pentaho doesn't recognize them as GET parameters and show a 'not found' kind of error.

    Any idea?

    thank, carles


    ResponderExcluir
  6. Hi,

    I did some changes to fix it.

    Try this new version: https://github.com/kleysonr/pentaho-integrator-plugin/releases/download/v0.2.0/integrator-0.2.0.zip

    And let me know about the results.

    Best Regards.

    ResponderExcluir
  7. Hi Kleyson,

    in a first view, base64 decoding works fine (no more problems with ?, = or &) but user get logged without any privilege, so he can't open any Pentaho solution.

    I've just replaced integrator files and rebooted, perhaps I missed something.

    carles.

    ResponderExcluir
  8. Try this.

    - Open browser and do login with the same user/password
    - After try to open the same report link.

    If it is some problem with permissions, you will get the same error.

    ResponderExcluir
  9. Hi Kleyson,

    I've already tried.
    Report works fine when I do login to Pentaho manually.
    When I use integrator with the same user and report, the report is not available but user session has been created. Opening servername:8080 in another browser shows that I'am still inside Pentaho, but Create new and Manage Datasources buttons are missing and Browse Files button lead to an empty repository.

    I must say that my Pentaho intallation has LDAP authentication, but this setup worked fine with previous version of integrator (0.1.0)

    Thanks for your help.

    ResponderExcluir
  10. Hi Carles,

    Sorry for the late reply. I had some big changes in my life.

    Well, I really don't know if it works using LDAP.

    Try to use your dashbords and reports in a default version of pentaho. If it works the problem is because LDAP.

    Best regards.

    ResponderExcluir
  11. Oi Kleyson,

    Tudo bem? Excelente plugin.
    Porém tenho uma dúvida, como posso fazer para adicionar usuários no pentaho por meio de uma outra aplicação?

    ResponderExcluir
  12. Mateus,

    De uma olhada nas API do pentaho

    https://help.pentaho.com/Documentation/6.0/0R0/070/010/0D0/0O0
    https://help.pentaho.com/Documentation/6.0/0R0/070/010/0D0

    ResponderExcluir
  13. Parabéns Kleyson, muito bom este plugin, estava procurando uma solução para integração, funcionou perfeitamente! Estou usando Pentaho 6.1, só para deixar registrada a compatibilidade.

    Eduardo

    ResponderExcluir
  14. Este comentário foi removido pelo autor.

    ResponderExcluir
  15. Olá Kleyson,

    Estou tentando usar o plugin em um ambiente com MultiTenants que requer a substituição da classe em "IDBDatasourceService", estou recebendo o erro "Integrator Error: ERROR."

    A substituição é esta (.../system/pentahoObjects.spring.xml):






    por






    -->

    alguma sugestão para contornar o problema?

    ResponderExcluir
  16. Ops, complementando... não apareceu na mensagem anterior

    ResponderExcluir
  17. bean id="IDBDatasourceService" class="org.pentaho.platform.engine.services.connection.datasource.dbcp.DynamicallyPooledOrJndiDatasourceService" scope="singleton"

    por

    id="IDBDatasourceService" class="org.pentaho.platform.engine.services.connection.datasource.dbcp.tenantaware.TenantAwareLoginParsingDatasourceService" scope="singleton"

    ResponderExcluir
  18. Resolvido, a propriedade deve ser false: property name="requireTenantId" value="false"

    ResponderExcluir
  19. Olá Kleyson,

    Consegui contornar quase todos os problemas para colocar em produção, faltou apenas um, ao ativar o Controle de Sessão o integrador não consegue passar o token e a url, cai sempre na tela de login do Pentaho e não dá nenhum erro, tirando o Controle de Sessão funciona perfeitamente.

    http://wiki.pentaho.com/display/ServerDoc2x/Concurrent+Sessions+(Preventing+Users+from+Logging+in+More+Than+Once)

    alguma ideia?

    ResponderExcluir
  20. Ola Eduardo.

    Desculpe pela demora, estava de ferias :)

    Fico feliz em saber que o componente tem funcionado em ambiente diversos.

    Mas com relacao a sua ultima duvida, e de acordo com a documentacao, faz sentindo nao funcionar, pois cada vez que vc chama o integrador o que acontece por baixo dos panos eh uma nova sessao autenticada e como ja deve existir alguma outra sessao ativa a plataforma nao permite que novas sessoes aconteca sem que a primeira seja finalizada.

    Isso parece ser uma restricao devido a essa configuracao e nao uma limitacao do plugin.

    Atenciosamente.
    Kleyson Rios.

    ResponderExcluir
  21. Obrigado Kleyson pelo esclarecimento, ajudou bastante!

    Realmente faz sentido, não tinha pensado nisto, testei uma url passando login e senha e funcionou com sessão implantada, só preciso achar agora uma forma de dar logout no "user_integrator" após o integrador excluir o token na tabela.

    Para testar fiz isto...
    http://www.pentaho.com/pentaho/plugin/integrator/api/go?type=token&token=8923829378273&urlEncoded=URLURLURL&userid=user_integrator&password=Senha

    Eduardo

    ResponderExcluir
  22. Eduardo,

    Se voce esta usando &userid=user_integrator&password=Senha nao faz sentido utilizar o Integrator, pois voce pode utilizar isso diretamente nos recursos que vc quer acessar.

    O integrator foi criado para evitar ter que passar usuario e senha na URL.

    Abracos.

    ResponderExcluir
  23. Kleyson,

    Realmente não faria sentido usar, usei apenas para ver se autenticava conforme está configurado no JNDI.

    O que acontece é que passando o user na url o token é consumido, o que indica que o JNDI esta funcionando com a sessão implantada, isso me ajudou a comprovar o problema e descartar outros.

    Abs,
    Eduardo

    ResponderExcluir
  24. Hi Kleyson. This integrator plugin works for pentaho 6.1?

    i im trying of to test this manually but i get this error: Integrator Error: ERROR.

    1. I have this resource in my PUC: http://localhost:8080/pentaho/api/repos/%3Apublic%3Acrmrealtime.wcdf/generatedContent
    2. if i encode this in base64 i get this string: aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==
    3. Then i insert this in my postgres database: INSERT INTO tokens_bi(username, token, url) VALUES ('admin', '1234', 'aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==')
    4. I try of call this url: http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=aHR0cDovL2xvY2FsaG9zdDo4MDgwL3BlbnRhaG8vYXBpL3JlcG9zLyUzQXB1YmxpYyUzQWNybXJlYWx0aW1lLndjZGYvZ2VuZXJhdGVkQ29udGVudA==

    But as i told you i get this error: Integrator Error: ERROR.. How i can to fix this for pentaho 6.1? Maybe i need to enable allow url authentication in biserver? or i need to do other configuration in biserver?



    ResponderExcluir
  25. Kleyson, by the last post by me, i change my url encoded in base64 from http://localhost:8080/pentaho/api/repos/%3Apublic%3Acrmrealtime.wcdf/generatedContent to /pentaho/Home?locale=en_US and in this page i conver this string to base 64 and i get this: L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM= and i insert this sql in my table: INSERT INTO tokens_bi(username, token, url) VALUES ('admin', '1234', 'L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM=') but i get the same error: "Integrator Error: ERROR". When y call this url in my google chrome: http://localhost:8080/pentaho/plugin/integrator/api/go?type=token&token=1234&urlEncoded=L3BlbnRhaG8vSG9tZT9sb2NhbGU9ZW5fVVM=

    What i need to fix?

    ResponderExcluir
  26. Did you check the catalina.out log file to see if there are more details about the error ?

    Did you test the app sample on Pentaho 6.1 ?

    Might be some problem in the encoded url.

    Best Regards.

    ResponderExcluir
  27. Kleyson thank you. I could manually, i only restart my windows and this is OK. But if i execute node server.js i get this error: Magic happens on port 1010
    { error: password authentication failed for user "postgres"

    In file config.js vs context.xml file. For example in context.xml i have this configuration:



    and in config.js i have this

    'port': process.env.PORT || 1010,
    'secret': 'qwerty',
    'postgresConnectionString': 'postgres://postgres:postgres@localhost:5432/postgres',
    'createTableSql': 'CREATE TABLE public.tokens_bi(username character varying(32) NOT NULL, token character varying(100) NOT NULL, url character varying(255) NOT NULL)',
    'insertTokenSql': 'INSERT INTO tokens_bi(username, token, url) VALUES ($1, $2, $3)',
    'integratorPlugin': 'http://localhost:8080/pentaho/plugin/integrator/api/go',

    Why i get this error when i run node server.js?



    ResponderExcluir
  28. Check the 'postgresConnectionString'. There you need configure the credentials to connect on the postgres. In the sample is configured as user=postgres and pass=postgres.

    If you have a different username and/or password, try to adjust this configuration.

    ResponderExcluir