Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.pentaho.platform.web.http.filters
Class ProxyTrustingFilter

java.lang.Object
  extended by org.pentaho.platform.web.http.filters.ProxyTrustingFilter
All Implemented Interfaces:
javax.servlet.Filter
public class ProxyTrustingFilter
extends Object
implements javax.servlet.Filter

This servlet is used to filter Servlet requests coming from another server for processing and sets authentication for the user passed in by the parameter _TRUST_USER_. It then passes the request down the servlet chain to be serviced. Only requests coming from a trusted host will be authenticated. Implement the filter and setup the trusted hosts by editing the web.xml file as follows. 

  
  <filter>
    <filter-name>ProxyTrustingFilter</filter-name>
    <filter-class>org.pentaho.platform.web.http.filters.ProxyTrustingFilter</filter-class>
      <init-param>
        <param-name>TrustedIpAddrs</param-name>
        <param-value>192.168.10.60,192.168.10.61</param-value>
      </init-param>
  </filter>
In the above example, when a request coming from IP addresses 192.168.10.60 and 192.168.10.61 has the parameter _TRUST_USER_=name set, tha user name will be authenticated.

NOTES:

It is easy to spoof the URL or IP address so this technique should only be used if the server running the filter is not accessible to users. For example if the BI Platform is hosted in a DMZ.

For this class to be useful, both Pentaho servers should be using the same database repository.

The sending server should be using the ProxyServlet enabled to generate the requests.

Author:
Doug Moran
See Also:
ProxyServlet

Constructor Summary
ProxyTrustingFilter()
           
 
Method Summary
 void destroy()
           
 void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
           
 org.apache.commons.logging.Log getLogger()
           
 void init(javax.servlet.FilterConfig filterConfiguration)
           
static void main(String[] args)
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ProxyTrustingFilter

public ProxyTrustingFilter()
Method Detail

getLogger

public org.apache.commons.logging.Log getLogger()

init

public void init(javax.servlet.FilterConfig filterConfiguration)
          throws javax.servlet.ServletException
Specified by:
init in interface javax.servlet.Filter
Throws:
javax.servlet.ServletException

doFilter

public void doFilter(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Specified by:
doFilter in interface javax.servlet.Filter
Throws:
IOException
javax.servlet.ServletException

destroy

public void destroy()
Specified by:
destroy in interface javax.servlet.Filter

main

public static void main(String[] args)
Parameters:
args -
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD