Penthao comes along with its own security implementation to manage Authentication/Authorization for the users. Pentaho has a Hibernate DB which is used for managing users and roles. There are situations for very obvious reasons when companies would like to use a different Datasource for Authentication/Authorization of users within Pentaho. A very valid use-case being that there is a HR system where the users and their roles are managed and the company would not like to replicate the same set of users within Pentaho for the basic concerns of redundancy and inconsistency.
Pentaho, given to its, plug and play architecture gives a lot of flexibility to accomodate this need. It is rather straight forward to implement this change with a few steps.
Pentaho BI server uses simple configuration to read the legitimate users and their credentials w.r.t passwords/roles etc at the time of start up and then performs the Authentication and authorization as needed. System folder in the pentaho-solutions directory of biServer has it all.
1) applicationContext-spring-security-jdbc.xml file in the system folder.
This instantiates a class “userDetailsService”, and makes SQL calls to get “authoritiesByUsernameQuery” and “usersByUsernameQuery”
This also defines “dataSource” from where to get the required details.
Simple change needed is to modify the queries in a way to read a similar structure of details from your target DB
2) applicationContext-pentaho-security-jdbc.xml file in the system folder.
This instantiates classes, “jdbcUserRoleListService” and “pentahoUserRoleListService” and makes SQL calls to get “allAuthoritiesQuery”, “allUsernamesInRoleQuery”, “allUsernamesQuery”
It uses the same dataSource defined in “applicationContext-spring-security-jdbc.xml” and you should be able to modify the queries to read from your desired dataSource.
Please note, that the queries to your desired DB should result the same structure of Datasource as in the default pentaho Hibernate DB. This might be very easily achievable by creating a View on your existing DB in case your current data model has the required information distributed across tables.
The above two changes and then restarting the server should keep you going authenticating from a different JDBC source.
Similarly, you should be able to set up for sources other than JDBC too.