...
Here is an example login module configuration file entry for it using an HSQLDB driver:
Code Block |
---|
|
JDBCLoginModule {
org.mortbay.jetty.plus.jaas.spi.JDBCLoginModule required
debug="true"
dbUrl="jdbc:hsqldb:."
dbUserName="sa"
dbPassword="password"
dbDriver="org.hsqldb.jdbcDriver"
userTable="myusers"
userField="myuser"
credentialField="mypassword"
userRoleTable="myuserroles"
userRoleUserField="myuser"
userRoleRoleField="myrole";
};
|
There is no particular schema required for the database tables storing the authentication and role information. The properties userTable, userField, credentialField, userRoleTable, userRoleUserField, userRoleRoleField configure the names of the tables and the columns within them that are used to format the following queries:
Code Block |
---|
| xml |
---|
| xml |
---|
title | database queryxml |
---|
|
select <credentialField> from <userTable> where <userField> =?
select <userRoleRoleField> from <userRoleTable> where <userRoleUserField> =?
|
...
Note |
---|
|
Pay and extra attention to the semi-colon at the end of last entry in the login.conf. Without that you will get error in authentication. JDBCLoginModule key in the login.conf needs to be exactly same as the value in console.properties. Here is the snippet of a correct console.properties in this case |
Code Block |
---|
| xml |
---|
| xml |
---|
title | console.properties | xml |
---|
|
# Security Authentication Section for Enterprise Console
console.security.enabled=true
console.security.roles.allowed=Admin,server-administrator,content-administrator
console.security.roles.delimiter=,
console.security.realm.name=Pentaho
console.security.login.module.name=JDBCLoginModule
console.security.auth.config.path=resource/config/login.conf
console.security.callback.handler=org.mortbay.jetty.plus.jaas.callback.DefaultCallbackHandler
|
...
Here is a sample login module configuration for it:
Code Block |
---|
|
ds {
org.mortbay.jetty.plus.jaas.spi.DataSourceLoginModule required
debug="true"
dbJNDIName="ds"
userTable="myusers"
userField="myuser"
credentialField="mypassword"
userRoleTable="myuserroles"
userRoleUserField="myuser"
userRoleRoleField="myrole";
};
|
...
With this login module implementation, the authentication and role information is read from a property file.
Code Block |
---|
|
props {
org.mortbay.jetty.plus.jaas.spi.PropertyFileLoginModule required
debug="true"
file="/somewhere/somefile.props";
};
|
...
Here's an example:
Code Block |
---|
| xml |
---|
| xml |
---|
title | login.properties | xml |
---|
|
admin: OBF:1xmk1w261u9r1w1c1xmq,user,admin
superadmin: changeme,user,developer
master: MD5:164c88b302622e17050af52c89945d44,user
: CRYPT:adpexzg3FUZAk,admin
|
...
The configuration for the security setting is stored in the security section of console.properties
Code Block |
---|
| xml |
---|
| xml |
---|
title | console.propertiesxml |
---|
|
\# Pentaho Administration Console's Jetty Server Settings
console.start.port.number=8088
console.stop.port.number=8033
\# SSL Section for Pentaho Administration Console
console.ssl.enabled=false
console.ssl.port.number=8143
keyAlias=jetty
keyPassword=changeit
keyStore=resource/config/keystore
keyStorePassword=changeit
trustStore=resource/config/keystore
trustStorePassword=changeit
wantClientAuth=false
needClientAuth=false
\# Security Authentication Section for Pentaho Administration Console
console.security.enabled=true
console.security.roles.allowed=admin
console.security.roles.delimiter=,
console.security.realm.name=Pentaho
console.security.login.module.name=PropertiesFileLoginModule
console.security.auth.config.path=resource/config/login.conf
|
...
If you want to implement your own custom LoginModule, there are two classes to be familiar with:
Code Block |
---|
| java |
---|
| java |
---|
title | AbstractLoginModule.java | java |
---|
|
package org.mortbay.jetty.plus.jaas.spi;
public abstract class AbstractLoginModule implements LoginModule
{
...
public abstract UserInfo getUserInfo (String username) throws Exception;
}
|
Code Block |
---|
| java |
---|
| java |
---|
title | UserInfo.javajava |
---|
|
package org.mortbay.jetty.plus.jaas.spi;
public class UserInfo
{
public UserInfo (String userName, Credential credential, List roleNames)
{
...
}
public String getUserName()
{
...
}
public List getRoleNames ()
{
...
}
public boolean checkCredential (Object suppliedCredential)
{
...
}
}
|
...