Modify application security

Pentaho Metadata Editor

Version
9.5.x
Audience
anonymous
Part Number
MK-95PDIA007-09
Perform the following steps to modify application security:
  1. Open the applicationContext-spring-security.xml file with any text editor.
  2. Make sure that a default anonymous role is defined. Match your bean definition and property value to the code shown in the following example:
    <bean id="anonymousProcessingFilter" class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
      <constructor-arg value="foobar" />
      <constructor-arg value="anonymousUser" />
      <constructor-arg>
        <list>
          <bean class="org.springframework.security.core.authority.SimpleGrantedAuthority">
            <constructor-arg value="Anonymous" />
          </bean>
        </list>
      </constructor-arg>
    </bean>
    
    Note: These next steps permit PDI client tools to publish to the Pentaho Server without having to supply a user name and password.
  3. Find these two beans in the same file from the previous step.
    • filterInvocationInterceptor
    • filterInvocationInterceptorForWS
  4. Locate the securityMetadataSource property inside the beans and match the contents to the code shown in the following example:
    <bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
      <property name="authenticationManager" ref="authenticationManager" />
      <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
      <property name="securityMetadataSource">
        <sec:filter-security-metadata-source request-matcher="ciRegex" use-expressions="false">
          <!-- all patterns have Anonymous role access -->
          <sec:intercept-url pattern="\A/.*\Z" access="Anonymous,Authenticated" />
        </sec:filter-security-metadata-source>
      </property>
    </bean>
    
  5. Save and close the applicationContext-spring-security.xml file.