Example 1 with IConnectionUserRoleMapper
use of org.pentaho.platform.api.engine.IConnectionUserRoleMapper in project pentaho-platform by pentaho.
the class MDXConnection method mapPlatformRolesToMondrianRolesHelper.
public static void mapPlatformRolesToMondrianRolesHelper(Util.PropertyList properties) throws PentahoAccessControlException {
if (properties.get(RolapConnectionProperties.Role.name(), null) == null) {
if (PentahoSystem.getObjectFactory().objectDefined(MDXConnection.MDX_CONNECTION_MAPPER_KEY)) {
IConnectionUserRoleMapper mondrianUserRoleMapper = PentahoSystem.get(IConnectionUserRoleMapper.class, MDXConnection.MDX_CONNECTION_MAPPER_KEY, null);
if (mondrianUserRoleMapper != null) {
// Do role mapping
String[] validMondrianRolesForUser = mondrianUserRoleMapper.mapConnectionRoles(PentahoSessionHolder.getSession(), properties.get(RolapConnectionProperties.Catalog.name()));
if ((validMondrianRolesForUser != null) && (validMondrianRolesForUser.length > 0)) {
StringBuffer buff = new StringBuffer();
String aRole = null;
for (int i = 0; i < validMondrianRolesForUser.length; i++) {
aRole = validMondrianRolesForUser[i];
// double-comma escapes a comma
if (i > 0) {
// $NON-NLS-1$
buff.append(",");
}
// $NON-NLS-1$//$NON-NLS-2$
buff.append(aRole.replaceAll(",", ",,"));
}
properties.put(RolapConnectionProperties.Role.name(), buff.toString());
}
}
}
}
}
Also used :
IConnectionUserRoleMapper(org.pentaho.platform.api.engine.IConnectionUserRoleMapper)
Example 2 with IConnectionUserRoleMapper
use of org.pentaho.platform.api.engine.IConnectionUserRoleMapper in project pentaho-platform by pentaho.
the class OlapServiceImpl method getConnection.
public OlapConnection getConnection(String catalogName, IPentahoSession session) throws IOlapServiceException {
if (catalogName == null) {
// This is normal. It happens on XMLA's DISCOVER_DATASOURCES
try {
return getServer().getConnection(DATASOURCE_NAME, null, null, new Properties());
} catch (Exception e) {
throw new IOlapServiceException(e);
}
}
// Check Access
if (!hasAccess(catalogName, EnumSet.of(RepositoryFilePermission.READ), session)) {
// $NON-NLS-1$
LOG.debug("user does not have access; throwing exception");
throw new IOlapServiceException(Messages.getInstance().getErrorString(// $NON-NLS-1$
"OlapServiceImpl.ERROR_0003_INSUFFICIENT_PERMISSION"), IOlapServiceException.Reason.ACCESS_DENIED);
}
// Check its existence.
if (!getCatalogNames(session).contains(catalogName)) {
throw new IOlapServiceException(Messages.getInstance().getErrorString("MondrianCatalogHelper.ERROR_0015_CATALOG_NOT_FOUND", catalogName));
}
// Check if it is a remote server
if (getHelper().getOlap4jServers().contains(catalogName)) {
return makeOlap4jConnection(catalogName);
}
final StringBuilder roleName = new StringBuilder();
Entry roleMonikor = null;
if (this.role != null) {
// We must use a custom role implementation.
// Register the instance with the mondrian server.
roleMonikor = getServer().getLockBox().register(this.role);
roleName.append(roleMonikor.getMoniker());
} else {
final IConnectionUserRoleMapper mapper = PentahoSystem.get(IConnectionUserRoleMapper.class, MDXConnection.MDX_CONNECTION_MAPPER_KEY, // Don't use the user session here yet.
null);
String[] effectiveRoles = new String[0];
/*
* If Catalog/Schema are null (this happens with high level metadata requests,
* like DISCOVER_DATASOURCES) we can't use the role mapper, even if it
* is present and configured.
*/
if (session != null && mapper != null) {
// Use the role mapper.
try {
effectiveRoles = mapper.mapConnectionRoles(session, catalogName);
if (effectiveRoles == null) {
effectiveRoles = new String[0];
}
} catch (PentahoAccessControlException e) {
throw new IOlapServiceException(e);
}
}
// Now we tokenize that list.
boolean addComma = false;
for (String role : effectiveRoles) {
if (addComma) {
// $NON-NLS-1$
roleName.append(",");
}
roleName.append(role);
addComma = true;
}
}
// Populate some properties, like locale.
final Properties properties = new Properties();
properties.put(RolapConnectionProperties.Locale.name(), getLocale().toString());
// Return a connection
try {
return getServer().getConnection(DATASOURCE_NAME, catalogName, Util.isEmpty(roleName.toString()) ? null : roleName.toString(), properties);
} catch (Exception e) {
throw new IOlapServiceException(e);
} finally {
// Cleanup our lockbox entry.
if (roleMonikor != null) {
getServer().getLockBox().deregister(roleMonikor);
}
}
}
Also used :
Entry(mondrian.util.LockBox.Entry)
IConnectionUserRoleMapper(org.pentaho.platform.api.engine.IConnectionUserRoleMapper)
IOlapServiceException(org.pentaho.platform.plugin.action.olap.IOlapServiceException)
RolapConnectionProperties(mondrian.rolap.RolapConnectionProperties)
Properties(java.util.Properties)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
FileSystemException(org.apache.commons.vfs2.FileSystemException)
OlapException(org.olap4j.OlapException)
SQLException(java.sql.SQLException)
IOlapServiceException(org.pentaho.platform.plugin.action.olap.IOlapServiceException)
Example 3 with IConnectionUserRoleMapper
use of org.pentaho.platform.api.engine.IConnectionUserRoleMapper in project pentaho-platform by pentaho.
the class PentahoXmlaServlet method createConnectionFactory.
@Override
protected ConnectionFactory createConnectionFactory(final ServletConfig servletConfig) throws ServletException {
final ConnectionFactory delegate = super.createConnectionFactory(servletConfig);
/*
* This wrapper for the connection factory allows us to
* override the list of roles with the ones defined in
* the IPentahoSession and filter it through the
* IConnectionUserRoleMapper.
*/
return new ConnectionFactory() {
public Map<String, Object> getPreConfiguredDiscoverDatasourcesResponse() {
return delegate.getPreConfiguredDiscoverDatasourcesResponse();
}
public OlapConnection getConnection(String databaseName, String catalogName, String roleName, Properties props) throws SQLException {
// What we do here is to filter the role names with the mapper.
// First, get a user role mapper, if one is configured.
final IPentahoSession session = PentahoSessionHolder.getSession();
final IConnectionUserRoleMapper mondrianUserRoleMapper = PentahoSystem.get(IConnectionUserRoleMapper.class, MDXConnection.MDX_CONNECTION_MAPPER_KEY, // Don't use the user session here yet.
null);
String[] effectiveRoles = new String[0];
/*
* If Catalog/Schema are null (this happens with high level metadata requests,
* like DISCOVER_DATASOURCES) we can't use the role mapper, even if it
* is present and configured.
*/
if (mondrianUserRoleMapper != null && catalogName != null) {
// Use the role mapper.
try {
effectiveRoles = mondrianUserRoleMapper.mapConnectionRoles(session, catalogName);
if (effectiveRoles == null) {
effectiveRoles = new String[0];
}
} catch (PentahoAccessControlException e) {
throw new SQLException(e);
}
}
// Now we tokenize that list.
boolean addComma = false;
// $NON-NLS-1$
roleName = "";
for (String role : effectiveRoles) {
if (addComma) {
// $NON-NLS-1$
roleName = roleName.concat(",");
}
roleName = roleName.concat(role);
addComma = true;
}
// Now let the delegate connection factory do its magic.
if (catalogName == null) {
return delegate.getConnection(databaseName, catalogName, roleName.equals("") ? null : roleName, props);
} else {
// We create a connection differently so we can ensure that
// the XMLA servlet shares the same MondrianServer instance as the rest
// of the platform
IMondrianCatalogService mcs = PentahoSystem.get(IMondrianCatalogService.class);
MondrianCatalog mc = mcs.getCatalog(catalogName, PentahoSessionHolder.getSession());
if (mc == null) {
throw new XmlaException(CLIENT_FAULT_FC, HSB_BAD_RESTRICTION_LIST_CODE, HSB_BAD_RESTRICTION_LIST_FAULT_FS, new MondrianException("No such catalog: " + catalogName));
}
Connection con = DriverManager.getConnection(mc.getDataSourceInfo() + ";Catalog=" + mc.getDefinition(), catalogLocator);
try {
final MondrianServer server = MondrianServer.forConnection(con);
FileRepository fr = new FileRepository(makeContentFinder(makeDataSourcesUrl(servletConfig)), catalogLocator);
OlapConnection connection = fr.getConnection(server, databaseName, catalogName, roleName, props);
fr.shutdown();
return connection;
} finally {
con.close();
}
}
}
};
}
Also used :
FileRepository(mondrian.server.FileRepository)
MondrianServer(mondrian.olap.MondrianServer)
MondrianCatalog(org.pentaho.platform.plugin.action.mondrian.catalog.MondrianCatalog)
SQLException(java.sql.SQLException)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
IConnectionUserRoleMapper(org.pentaho.platform.api.engine.IConnectionUserRoleMapper)
OlapConnection(org.olap4j.OlapConnection)
OlapConnection(org.olap4j.OlapConnection)
MDXConnection(org.pentaho.platform.plugin.services.connections.mondrian.MDXConnection)
Connection(mondrian.olap.Connection)
Properties(java.util.Properties)
IMondrianCatalogService(org.pentaho.platform.plugin.action.mondrian.catalog.IMondrianCatalogService)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
ConnectionFactory(mondrian.xmla.XmlaHandler.ConnectionFactory)
SolutionRepositoryVfsFileObject(org.pentaho.platform.repository.solution.filebased.SolutionRepositoryVfsFileObject)
XmlaException(mondrian.xmla.XmlaException)
MondrianException(mondrian.olap.MondrianException)
Example 4 with IConnectionUserRoleMapper
use of org.pentaho.platform.api.engine.IConnectionUserRoleMapper in project pentaho-platform by pentaho.
the class UserRoleMapperIT method testMondrianOneToOneUserRoleListMapper.
@Test
public void testMondrianOneToOneUserRoleListMapper() throws Exception {
final IConnectionUserRoleMapper mapper = new MondrianOneToOneUserRoleListMapper();
try {
String[] roles = SecurityHelper.getInstance().runAsUser("simplebob", new Callable<String[]>() {
@Override
public String[] call() throws Exception {
return mapper.mapConnectionRoles(PentahoSessionHolder.getSession(), "SteelWheelsRoles");
}
});
Assert.assertNotNull(roles);
Assert.assertEquals(2, roles.length);
Assert.assertEquals("Role1", roles[0]);
Assert.assertEquals("Role2", roles[1]);
} catch (PentahoAccessControlException e) {
Assert.fail(e.getMessage());
}
}
Also used :
IConnectionUserRoleMapper(org.pentaho.platform.api.engine.IConnectionUserRoleMapper)
MondrianOneToOneUserRoleListMapper(org.pentaho.platform.plugin.action.mondrian.mapper.MondrianOneToOneUserRoleListMapper)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
PentahoAccessControlException(org.pentaho.platform.api.engine.PentahoAccessControlException)
PlatformInitializationException(org.pentaho.platform.engine.core.system.boot.PlatformInitializationException)
DataAccessException(org.springframework.dao.DataAccessException)
Test(org.junit.Test)
Aggregations
IConnectionUserRoleMapper (org.pentaho.platform.api.engine.IConnectionUserRoleMapper)4
PentahoAccessControlException (org.pentaho.platform.api.engine.PentahoAccessControlException)3
SQLException (java.sql.SQLException)2
Properties (java.util.Properties)2
Connection (mondrian.olap.Connection)1
MondrianException (mondrian.olap.MondrianException)1
MondrianServer (mondrian.olap.MondrianServer)1
RolapConnectionProperties (mondrian.rolap.RolapConnectionProperties)1
FileRepository (mondrian.server.FileRepository)1
Entry (mondrian.util.LockBox.Entry)1
XmlaException (mondrian.xmla.XmlaException)1
ConnectionFactory (mondrian.xmla.XmlaHandler.ConnectionFactory)1
FileSystemException (org.apache.commons.vfs2.FileSystemException)1
Test (org.junit.Test)1
OlapConnection (org.olap4j.OlapConnection)1
OlapException (org.olap4j.OlapException)1
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)1
PlatformInitializationException (org.pentaho.platform.engine.core.system.boot.PlatformInitializationException)1
IMondrianCatalogService (org.pentaho.platform.plugin.action.mondrian.catalog.IMondrianCatalogService)1
MondrianCatalog (org.pentaho.platform.plugin.action.mondrian.catalog.MondrianCatalog)1
