public class ProxyTrustingFilter extends Object implements javax.servlet.Filter
<filter> <filter-name>ProxyTrustingFilter</filter-name> <filter-class>org.pentaho.platform.web.http.filters.ProxyTrustingFilter</filter-class> <init-param> <param-name>TrustedIpAddrs</param-name> <param-value>192.168.10.60,192.168.10.61</param-value> </init-param> </filter>In the above example, when a request coming from IP addresses 192.168.10.60 and 192.168.10.61 has the parameter _TRUST_USER_=name set, tha user name will be authenticated.
NOTES:
It is easy to spoof the URL or IP address so this technique should only be used if the server running the filter is not accessible to users. For example if the BI Platform is hosted in a DMZ.
For this class to be useful, both Pentaho servers should be using the same database repository.
The sending server should be using the ProxyServlet enabled to generate the requests.
The parameter that this filter looks for can be configured in the init parameters, as well as whether to check the request headers. The following shows the defaults used if these settings aren't provided.
<init-param> <param-name>CheckHeader</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>RequestParameterName</param-name> <param-value>_TRUST_USER_</param-value> </init-param> <init-param> <param-name>HeaderName</param-name> <param-value>_TRUST_USER_</param-value> </init-param>
ProxyServlet
Constructor and Description |
---|
ProxyTrustingFilter() |
Modifier and Type | Method and Description |
---|---|
protected void |
becomeUser(String principalName) |
protected boolean |
checkHeader() |
void |
destroy() |
void |
doFilter(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
javax.servlet.FilterChain chain) |
protected String |
getHeaderName() |
org.apache.commons.logging.Log |
getLogger() |
protected String |
getParameterName() |
protected String |
getTrustUser(javax.servlet.http.HttpServletRequest request)
Gets the trusted user from the request, and optionally from the HTTP Header
|
void |
init(javax.servlet.FilterConfig filterConfiguration) |
boolean |
isEmpty(String str) |
static void |
main(String[] args) |
protected String |
normalizeHeaderName(String in) |
public org.apache.commons.logging.Log getLogger()
public void init(javax.servlet.FilterConfig filterConfiguration) throws javax.servlet.ServletException
init
in interface javax.servlet.Filter
javax.servlet.ServletException
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain) throws IOException, javax.servlet.ServletException
doFilter
in interface javax.servlet.Filter
IOException
javax.servlet.ServletException
public void destroy()
destroy
in interface javax.servlet.Filter
public static void main(String[] args)
args
- protected String getHeaderName()
protected String getParameterName()
protected boolean checkHeader()
protected String getTrustUser(javax.servlet.http.HttpServletRequest request)
request
- The HttpServletRequest to examine for the trusted informationpublic boolean isEmpty(String str)
protected void becomeUser(String principalName)
Copyright © 2019 Hitachi Vantara. All rights reserved.