Pentaho

Alessandro De Stefani posted 05-27-2022 11:19

I tried everything, trying to interpret and implement the most disparate solutions on the web even if they refer to previous versions:
- execute in advance the call to j_spring_security_check with or without parameters;
- modify the applicationContext-spring-security.xml, pentaho.xml, system.properies, server.properties, security.properties, etc files;
- try to pass the username and password in all known ways;
- exploit the anonymous user with the pentaho public directory.
Unfortunately at the moment I have not been able to solve the problem and as always in the face of the attempt to call the CDE the panel for the pentaho authentication for "manual" authentication is presented at the first access.
I hope someone has already done this incorporation and can give me some suggestions!
I just have to try to alter the spring security beans, but I hope I don't have to go that far!

Andrew Cave posted 05-30-2022 19:59

Hi Allesandro

Can you look in the network sources tab of the dev tools on your browser and see which resource is the one that is generating the authentication request?

Alessandro De Stefani posted 05-31-2022 04:39

It would appear that the same call to cde_embed.js generates the authentication request.
I tried to run the script by providing the credentials (userid and password) from the command line, but it doesn't seem to work.
I also tried invoking j_spring_security_check on a previous page, before calling cde_embed.js but in that case I can't use ajax calls passing the credentials (j_username,j_password) in the POST content.
In that case I have to POST a form with the right credential to be redirect to the home/login page in pentaho, but so i lost the control of my page.

The problem seems to lie in the fact that I can't get pentaho authentication cookies automatically, without manual authentication.

Alessandro De Stefani posted 06-01-2022 04:58

Anriew, thaks for your interest!
Reading better your question, I better understand your question!
Than I look for the suggested log that I show as follow:
 

Now I can say that the script that stop the execution and wait for the authentication is definitely dashboard.js.
What can I do now?

Thanks in advance!

Andrew Cave posted 06-02-2022 02:13

Starting from Pentaho version 8.2.0.1 the HTTP client step stop passing the authentication from the entered username and password.

• Stop your Pentaho Server if it is already running.
• Navigate to server\pentaho-server\pentaho-solutions\system and edit the applicationContext-spring-security.xml file.
• Find the element sec:filter-chain with the pattern "/api/repos/**"
• Replace exceptionTranslationFilter with exceptionTranslationFilterForWS
• under <sec:filter-security-metadata-source add the lines

<sec:intercept-url pattern="\A/.*require-cfg.js.*\Z" access="Anonymous,Authenticated"/>
<sec:intercept-url pattern="\A/.*require-js-cfg.js.*\Z" access="Anonymous,Authenticated"/>

• Save and exit the file.
• Restart your Pentaho Server.

Give this a try

Alessandro De Stefani posted 06-03-2022 06:12

Thanks for your help Andrew but it doesn't seem to work!
I followed your suggestions and just to clarify I added the filter in sec: filter-security-metadata-source indicated by you at the end of all the others (I don't know if the position of the filter can have an impact on the overall functioning).
In any case, the change does not seem to have the desired effect.
I am attaching the sequence generated in this case. 


As you can see I pass the credentials to embed.js and up to a point it seems to work.
Unfortunately, these credentials do not pass when dashboard.js is called. The log is the result after I cancel the credential request so that the dashboard.js request went into 401 status if you produced the same report during the authentication request you would see the dashboard.js line in pending status.
Do you have any other suggestions?

Carl Messner posted 06-03-2022 06:53

Greatings
We have a similar issue too and we couldn't solve it.
But instead that, we choose to modify security.properties file:
request Parameter Authentication Enabled=true
and after that we passed credentials to the dashboard.
The dashboard then is called for other software and the end user never see the screen for login credentials.
Best regards

Alessandro De Stefani posted 06-06-2022 04:10

Hi Carl, thanks for your contribution, but are you sure you are using the same version of Pentaho as me?
In any case, I also set requestParameterAuthenticationEnabled to "true" in the security.properties file and call the script
<pentaho-server>/pentaho/plugin/pentaho-cdf-dd/api/renderer/cde-embed.js passing username and password.
Unfortunately the server keeps asking me for authentication credentials.
But there is a passage in your answer that intrigues me: you say that you have passed the credentials to the dashboard but you do not clarify how this happens and maybe there is some call that I could have omitted.
Please note that in the Pentaho literature (see link: https://help.hitachivantara.com/Documentation/Pentaho/7.0/0R0/070/010/00A) several options are proposed (relative to previous versions) that I tried to verify in the current (9.3) but still unsuccessful:
1) execute a preventive call j_spring_security_check (I tried through different forms of POST call without being able to keep control of the page through an appropriate ajax call)
2) pass the credentials using the Basic Authentication (which doesn't seem to work on this version since the passed parameters are ignored).
Any other tips or advice to make one of the two options above work?
Thanks in advance.

Carl Messner posted 06-06-2022 05:50

Hi Alessandro
We tryed to do this in former versions but there were problems in Pentaho, so we had to wait until the release of 9.3 version that has a fix for requestParameterAuthenticationEnabled to "true" (i also reported that in the community).
I don't know if this is the solution that you are looking for, but at least it worked for us.

The example (very simple) calls a dashboard named ConsultaBajas.wcdf in /publics/OpenReports/Personal/ConsultaBajas.
This is the way i pass the credentials to the dashboard:
https://10.20.xx.xxx:8444/pentaho/api/repos/%3Apublic%3AOpenReports%3APersonal%3AConsultaBajas%3AConsultaBajas.wcdf/generatedContent?userid=myUser&password=myPassword

Andrew Cave posted 06-06-2022 20:03

HI Carl
Network addresses in the 10.x.x.x are private so nobody outside your network can see them unfortunately.

Hi Allessandro

The dashboard.js files come from pentaho/plugin/pentaho-cdf/api so what about trying to change the pattern so the url is allowed

<sec:intercept-url pattern="\A/plugin/pentaho-cdf/api.*\Z" access="Anonymous,Authenticated"/>

Carl Messner posted 06-07-2022 05:22

Hi Andrew,
In the case of the example i sent, yes, it's a private network but it doesn't matters, dashboard also works on an opened net.
Best regards.

Alessandro De Stefani posted 06-08-2022 09:12

Hi Andrew,
regarding the changes you suggest and in particular the last one, the addition of the following directive

<sec: intercept-url pattern="\A/plugin/pentaho-cdf/api.*\Z" access="Anonymous, Authenticated" />

that I entered in the parameters section of:

<bean id="filterInvocationInterceptorForWS" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">)

The request continues to hang in the script

<pentaho_server>/pentaho/content/common-ui/resources/web/require.js

but currently on call:

<pentaho_server>/pentaho/plugin/pentaho-cdf-dd/api/renderer/getDashboard?path=<path and filename.wcdf>

and no longer on the call:

<pentaho_server>/pentaho/plugin/pentaho-cdf/api/resources/js/compressed/lib/require-dashboard/dashboard.js

So surely the directive has changed something but the change was not completely decisive.
I attach the actual log:

Something tells me that we are on the right path !!! 😊
thank you very much!!!
Do you have some other suggestion to resolve the current issue?

Thanks in advance

Alessandro De Stefani posted 06-09-2022 09:05

Hi Carl,
see next post!

Alessandro De Stefani posted 06-09-2022 09:21

Hi Carl,
I have try to inner a dashboard get using your suggestion into a div:

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<title>Embedding CDE Dashboards with RequireJS</title>
</head>
<body>
<div id="dashboard"></div>
<script>

function f()
{
var url = "<pentaho-server>/pentaho/api/repos/:home:alessandro:Test.wcdf/generatedContent?userid=<username>&password=<password>";
var xhr = new XMLHttpRequest();
xhr.addEventListener("readystatechange", function() {
if(this.readyState == 4 && this.status == 200){
document.getElementById("dashboard").innerHTML=xhr.response;
}
});
xhr.open("GET", url );
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send();
}
f();
</script>
</body>
</html>

but to make it works I had to download and add the two jar files:
cors-filter-2.6.jar
java-property-utils-1.9.1.jar

into
<pentaho-server>/tomcat/webapps/pentaho/WEB-INF/lib/

and also add the proper filter:

<filter>

       <filter-name>CORS</filter-name>

       <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>

</filter>

 

<filter-mapping>

        <filter-name>CORS</filter-name>

        <url-pattern>/*</url-pattern>

</filter-mapping>

into the file:
<pentaho-server>/tomcat/webapps/pentaho/WEB-INF/web.xml 

ufortunately the page lost any format, function, settings and also the interoperability with the rest of the objects in tha page (it is not a good thing).
In addition adding this cors filter the scenario suggested by Andrew don't work anymore (I don't know why)

As you see I'm try to found the better way to reach my target! 😊

Carl Messner posted 06-13-2022 07:21

Hi Alessandro, thank you for sharing your advances
Did you try something like this?

<!DOCTYPE html>
<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Reportes MCSF</title>
<script type="text/javascript" src="../../../plugin/pentaho-cdf-dd/api/renderer/cde-embed.js"></script>
<!--
<style>
body {
padding: 10px;
}

img {
width: 300px;
padding-bottom: 10px;
}
</style>
-->

</head>

<body>
<div class="dashboardContainer">
<div id="content">
</div>
</div>

<script>
require([
"dash!/public/OpenReports/Personal/ConsultaBajas/ConsultaBajas.wcdf/generatedContent?userid=myUser&password=myPassword"
], function (SampleDash) {
// Create an instance of the dashboard that use DOM element
(new SampleDash("content")).render();
});
</script>


</body>

</html>

Alessandro De Stefani posted 06-15-2022 10:55

As of today, I have not yet been able to solve all the integration problems reported at the time!
I want to summarize the steps taken and the results obtained during my attempts trying to clarify:

To embed a Pentaho CDE inside an html page, I added the call to the script:
<script src = "<pentaho-server-position> /pentaho/plugin/pentaho-cdf-dd/api/renderer/cde-embed.js"> </script>
I have prepared a div for the CDE dashboard in the body.
<div id = "dashboardContainer"> </div>
Finally I added, in the script section, the specific function and the call to it.
GetPentahoDashboard () function
{
var path = "<full_path> /";
var file = "<filename> .wcdf";
require (["dash!" + path + "/" + file],
(Sample Dash) function {(
new SampleDash ("dashboardContainer"). render ();
});
}
GetPentahoDashboard ();
I state that having installed the Pentaho server on a server other than the application server (my Server) the problems encountered were of two types:
• Cross-reference problems
• Authentication problems

Cross-reference problems
In order to embed the pentaho C-Tools I had to present the settings.xml files in the three directories:
<server-pentaho>/pentaho_solutions/system/cda/
<server-pentaho>/pentaho_solutions/system/pentaho-cdf/
<server-pentaho>/pentaho_solutions/system/pentaho-cdf-dd/

In these files, the line has been changed:
<allow-cross-domain-resources>false</allow-cross-domain-resources>
versus:
<allow-cross-domain-resources>true</allow-cross-domain-resources>

Also adding the server the myServer Address in the white list:

<cross-domain-resources-whitelist><!-- intentionally left blank --></cross-domain-resources-whitelist>

As specified below:
<cross-domain-resources-whitelist>http://myServerAddress</cross-domain-resources-whitelist>

But this is not enough.
To avoid CORS errors during web calls, you must also add the two files in the directory
<pentaho-server>/tomcat/webapps/pentaho/WEB-INF/lib/

after downloading them from the Internet:
• filter-cors-2.6.jar
• java-property-utils-1.9.1.jar

and added the specific filter in the file
<pentaho-server>/tomcat/webapps/pentaho/WEB-INF/web.xml

the following section:
<filter>
<filter-name> CORS </filter-name>
<filter-class> com.thetransactioncompany.cors.CORSFilter </filter-class>
</filter>

<filter mapping>
<filter-name> CORS </filter-name>
<model-url> / * </model-url>
</ filter mapping>

Authentication problems
For authentication, since the call is generated from an html page, authentication must be implicit in the call.
To do this, to allow pentaho to use necessary within the call is to modify the file
<server-pentaho>/pentaho_solution/system/security.properties

By setting the parameter
requestParameterAuthenticationEnabled=true

changing the default setting (false).

This change allows the userid and password parameters to be passed but this does not seem to be the command line solution.

In fact, the execution of the first script is performed:
<script src="<pentaho-server-location>/pentaho/plugin/pentaho-cdf-dd/api/renderer/cde-embed.js?userid=<username>&password=<password>"> </script>

But this is not the case for the second call:
require (["dash!" + path + "/" + file],
(Sample Dash) function {(
new SampleDash ("dashboardContainer").render();
});

where executing the require statement fails to authenticate.
I also tried making an explicit call, passing the username and password in the request:
require (["<sever-pentaho-position>/pentaho/plugin/pentaho-cdf-dd/api/renderer/getDashboard?path="+path+"/"+file+"&userid=<username>& password=<password>"],
(Sample Dash) function {(
new SampleDash ("dashboardContainer")).render();
});

but it crashes later.

The feeling is that something is missing that allows me to authenticate the session.

I should perhaps authenticate in advance with a call to j_spring_security_check as documented in
https://help.pentaho.com/Documentation/8.0/Developer_Center/REST_API

but I can't get the cookie back to use on requests.
Do you have any suggestions about this?

Thank you in advance,
Alessandro

Andrew Cave posted 06-15-2022 21:51

Hi Allessandro

I'd try doing a POST pre-authentication in your script then doing the call.  If it is the same domain AJAX should send the cookie with the Session ID again

If the problem is with catalina rejecting something, you can turn on full-debug mode using the instructions here

https://www.netiq.com/documentation/access-manager-45/admin/data/b1kxjaku.html

add it into tomcat/conf/web.xml

Try keeping the Chrome developer tools window open while you're working with the page.  It should preserve any errors in the Console view which might give you a further clue.

Alessandro De Stefani posted 06-21-2022 06:27

Hi Andrew,
thank you for your suggestions!
I activated catalina full debug mode using the instructions you provided me with.
then, by making the ajax call (jQuery.ajax) with the parameters detailed below:

type: "POST",
url: <pentaho server>/pentaho/j_spring_security_check",
dataType: "text",
data: "j_username=<username>&j_password=<password>”,

this doesn’t seem to work (catalina.out):

21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 START TIME        =21-Jun-2022 09:44:37
21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         requestURI=/pentaho/Login
21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6           authType=null
21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6  characterEncoding=UTF-8
21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6      contentLength=-1
21-Jun-2022 09:44:37.368 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6        contentType=application/x-www-form-urlencoded; charset=UTF-8
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6        contextPath=/pentaho
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=host==<pentaho host:port>
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=connection=keep-alive
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=accept=text/plain, */*; q=0.01
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=content-type=application/x-www-form-urlencoded; charset=UTF-8
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=origin=<origin IP server>
21-Jun-2022 09:44:37.369 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=referer=http://<origin IP server>
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=accept-encoding=gzip, deflate
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=accept-language=it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             locale=it_IT
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             method=GET
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6           pathInfo=null
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6           protocol=HTTP/1.1
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6        queryString=null
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         remoteAddr=<IP Address>
21-Jun-2022 09:44:37.370 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         remoteHost=<IP Address>
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         remoteUser=null
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 requestedSessionId=null
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             scheme=http
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         serverName=<pentaho server ip address>
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         serverPort=<pentaho port>
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6        servletPath=/Login
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6           isSecure=false
21-Jun-2022 09:44:37.371 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 ------------------=--------------------------------------------
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 ------------------=--------------------------------------------
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6           authType=null
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6        contentType=text/html;charset=UTF-8
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=Access-Control-Allow-Credentials=true
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=Access-Control-Allow-Origin=<call origin IP server>
21-Jun-2022 09:44:37.372 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=Vary=Origin
21-Jun-2022 09:44:37.373 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             header=Set-Cookie=JSESSIONID=<SESSION ID>; Path=/pentaho; HttpOnly
21-Jun-2022 09:44:37.373 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6         remoteUser=null
21-Jun-2022 09:44:37.373 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6             status=200
21-Jun-2022 09:44:37.373 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 END TIME          =21-Jun-2022 09:44:37
21-Jun-2022 09:44:37.373 INFO [http-nio-8091-exec-6] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-6 ===============================================================

Different if I do the ajax call (jQuery.ajax) as suggested by some forums:    

type: "POST",
url: <pentaho server>/ pentaho/Login",
dataType: "text",
data: "userid=<username>&password=<password>&generate-ticket=1&app=showcase&username=<username>",

that returs the follow log:

21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 START TIME        =21-Jun-2022 09:58:04
21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         requestURI=/pentaho/Login
21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9           authType=null
21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9  characterEncoding=UTF-8
21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9      contentLength=79
21-Jun-2022 09:58:04.753 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9        contentType=application/x-www-form-urlencoded; charset=UTF-8
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9        contextPath=/pentaho
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=host=<pentaho host:port>
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=connection=keep-alive
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=content-length=79
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=accept=text/plain, */*; q=0.01
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=content-type=application/x-www-form-urlencoded; charset=UTF-8
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=origin=http://<origin IP server>
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=referer=http://<origin IP server>/
21-Jun-2022 09:58:04.754 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=accept-encoding=gzip, deflate
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=accept-language=it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             locale=it_IT
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             method=POST
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          parameter=userid=<username>
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          parameter=password=<password>
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          parameter=generate-ticket=1
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          parameter=app=showcase
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          parameter=username=<username>
21-Jun-2022 09:58:04.755 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9           pathInfo=null
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9           protocol=HTTP/1.1
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9        queryString=null
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         remoteAddr=<IP Address>
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         remoteHost=<IP Address>
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         remoteUser=<username>
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 requestedSessionId=null
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             scheme=http
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         serverName=<pentaho server ip address>
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         serverPort=<pentaho port>
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9        servletPath=/Login
21-Jun-2022 09:58:04.756 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9           isSecure=false
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 ------------------=--------------------------------------------
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 ------------------=--------------------------------------------
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9           authType=null
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9        contentType=text/html;charset=UTF-8
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=Access-Control-Allow-Credentials=true
21-Jun-2022 09:58:04.757 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9            
header=Access-Control-Allow-Origin=<call origin IP server>
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9          header=Vary=Origin
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=Set-Cookie=JSESSIONID=<SESSION ID>; Path=/pentaho; HttpOnly
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9         remoteUser=<username>
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             status=200
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 END TIME          =21-Jun-2022 09:58:04
21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9 ===============================================================

In which an authenticated user appears to return correctly but the cookie is not stored and the request is repeated on the next call.

Do you have any suggestions on what the correct pre-authentication call is and how to make the token persistent in the session?

Andrew Cave posted 06-22-2022 19:46

Hi Allesandro

You're getting the cookie back in the line

21-Jun-2022 09:58:04.758 INFO [http-nio-8091-exec-9] org.apache.catalina.filters.RequestDumperFilter.doLog http-nio-8091-exec-9             header=Set-Cookie=JSESSIONID=<SESSION ID>; Path=/pentaho; HttpOnly

You should be able to retrieve it from your authentication request response in Javascript then add the cookie to your next (and subsequent) requests

Alessandro De Stefani posted 06-28-2022 12:42

Hi Andrew,
I'm trying to use your suggestion by using the cookie pentaho returns back.
Unfortunately the statement xhr.getResponseHeader() that I try to use to capture the Set-Cookie header don't return that entry.
I think the problem is that pentaho return the Set-Cookie with HttpOnly clausle and this restrict the usage of the cookie from javascript. 

Can you suggest how can I catch the cookie in order to use it in the subsequent call?

thank you
Alessandro

Carlos Lopez posted 07-30-2022 16:36

Alessandro:
I am wondering if you were able to get past this behavior? Sorry I am late to the reply but just checking to see if you have followed these steps:
https://help.hitachivantara.com/Documentation/Pentaho/9.3/Products/CDE_advanced_solutions#Embedding_dashboards_built_with.0D.0A____RequireJS