当前位置: 文江博客话题详情

如何使用 Java 重定向到 Pentaho 用户控制台?

发布于 2024-11-10 06:04:27 字数 911 浏览 0 评论 0原文

我在服务器上运行 Pentaho。在另一台服务器上,我正在运行一个 Struts 1 应用程序。

我想要做的是提供 Pentaho 用户控制台的链接 (http://myserver/pentaho/Home)。然而,这需要身份验证。

我可以在 URL 字符串中传递用户名/密码,它工作得很好。但显然,这会暴露 URL 中的密码。

有关如何执行此操作的任何线索?以下代码显示了我如何做到这一点并转储输出(通过 PrintWriter),但它要求 pentaho 源位于本地。

感谢您的任何帮助。

public ActionForward execute(ActionMapping mapping, ActionForm form,
       HttpServletRequest request, HttpServletResponse response) throws Exception {

    HttpClient client = new HttpClient();
    PostMethod method = new PostMethod("http://myserver/pentaho/Home");
    method.addParameter("userid", "moe.howard");
    method.addParameter("password", "password");

    int status = client.executeMethod(method);

    PrintWriter out = response.getWriter();
    out.print(method.getResponseBodyAsString());
    out.flush();
    out.close();

    return mapping.findForward(SUCCESS);
}
原文

I have Pentaho running on a server. On a different server, I have a Struts 1 app running.

What I want to do is provide a link to the User Console of Pentaho (http://myserver/pentaho/Home). However, this requires authentication.

I can pass the user/pass in the URL string and it works just fine. But obviously, this exposes the password in the URL.

Any clues on how to do this? The following code show how I was able to do it and dump the output (via an PrintWriter) but it requires the pentaho source to be local.

Thanks for any help.

public ActionForward execute(ActionMapping mapping, ActionForm form,
       HttpServletRequest request, HttpServletResponse response) throws Exception {

    HttpClient client = new HttpClient();
    PostMethod method = new PostMethod("http://myserver/pentaho/Home");
    method.addParameter("userid", "moe.howard");
    method.addParameter("password", "password");

    int status = client.executeMethod(method);

    PrintWriter out = response.getWriter();
    out.print(method.getResponseBodyAsString());
    out.flush();
    out.close();

    return mapping.findForward(SUCCESS);
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

深居我梦 2024-11-17 06:04:27

终于找到解决办法了。我最终在 Pentaho 服务器上创建了一个 redirect.jsp 文件。然后,我将加密的 http 身份验证令牌传递给它,解密它,然后重定向到登录。效果很好。

编辑

确实是老问题,但我被要求提供有关我的解决方案的更多信息。所以就这样吧。

首先,Pentaho 的默认安装使用 HTTP 基本身份验证 (BA)。如果您使用单点登录或 LDAP 解决方案,这可能不适合您。

所以我所做的就是在 ..tomcat\webapps\ROOT 下的 ROOT 文件夹中放置一个 JSP 文件。该 JSP 获取传入的登录信息并对其进行解密。该登录信息只是一个经过 BASE64 身份验证的请求。

无论如何,这都不是超级安全的。但它允许我做的是从一台服务器发送加密的用户/密码并将其传递到另一台服务器。当然,如果您一直使用 SSL,那么这可能不需要,但我们遇到的情况是信息在内部以明文形式传递。因此,它从未暴露于外部,但我仍然想确保我们的内部服务器尽可能安全。

JSP:

<%@page contentType="text/html; charset=iso-8859-1" language="java" 
import="java.security.*"
import="javax.crypto.Cipher"
import="javax.crypto.spec.SecretKeySpec"
import="sun.misc.*"
%>

<%
  // Decrypt authenticated hash
  String ALGORITHM = "AES";
  byte[] keyValue = "MY-SECRET-PASSWORD".getBytes();

  Key key = new SecretKeySpec(keyValue, ALGORITHM);
  Cipher c = Cipher.getInstance(ALGORITHM);
  c.init(Cipher.DECRYPT_MODE, key);
  byte[] decodedValue = new BASE64Decoder().decodeBuffer(new String(request.getParameter("auth")));
  byte[] decValue = c.doFinal(decodedValue);
  String decryptedValue = new String(decValue);
%>

<script type="text/javascript">
   var auth = '<%= decryptedValue%>';

   function AJAX(url, callback) {

      var req = init();
      req.onreadystatechange = processRequest;

      function init() {
         if (window.XMLHttpRequest) {
            return new XMLHttpRequest();
         } else if (window.ActiveXObject) {
            return new ActiveXObject("Microsoft.XMLHTTP");
         }
      }

      function processRequest () {
         // readyState of 4 signifies request is complete
         if (req.readyState == 4) {
            // status of 200 signifies sucessful HTTP call
            if (req.status == 200) {
               if (callback) callback(req.responseXML);
            }
         }
      }

      this.doGet = function() {
         req.open("GET", url, true);
         req.setRequestHeader("Authorization", "Basic " + auth);
         req.send(null);
      }
   }

   var url = "/pentaho/Home";
   var querystr = "";
   var ajax = new AJAX(url, function(){
      window.location = url;
   });

   ajax.doGet(querystr);

</script>

因此,我的登录服务器根据 Pentaho 使用的相同 MySQL 数据库对用户进行身份验证,创建经过身份验证的 (BA) 请求(BASE64),使用相同的 MY-SECRET-PASSWORD 对其进行加密并发送该请求到 JSP。然后 JSP 对其进行解密并读取 BA 标头并将其传递给 Pentaho。

对我们来说效果很好。

希望它能帮助别人。

Finally found a solution. I ended up creating a redirect.jsp file on the Pentaho server. Then, I passed an encrypted http auth token to it, decrypted it, and then redirected to the login. Works great.

EDIT

Really old question but I was asked to provide more information on my solution. So here goes.

First, the default install of Pentaho used HTTP Basic Authentication (BA). If you're using a single sign-on or LDAP solution this might not work for you.

So what I did was put a JSP file in the ROOT folder under ..tomcat\webapps\ROOT. That JSP takes the passed in login information and de-crypts it. That login information is just a BASE64 authenticated request.

This isn't super secure, by any means. But what it allowed me to do was send an encrypted user/pass from one server and pass it to another server. Of course, if you're SSL all the way then this probably isn't needed but we had a situation where the information was being passed in clear text INTERNALLY. So, it was never exposed to the outside but I still wanted to make sure our internal servers are as secure as possible.

The JSP:

<%@page contentType="text/html; charset=iso-8859-1" language="java" 
import="java.security.*"
import="javax.crypto.Cipher"
import="javax.crypto.spec.SecretKeySpec"
import="sun.misc.*"
%>

<%
  // Decrypt authenticated hash
  String ALGORITHM = "AES";
  byte[] keyValue = "MY-SECRET-PASSWORD".getBytes();

  Key key = new SecretKeySpec(keyValue, ALGORITHM);
  Cipher c = Cipher.getInstance(ALGORITHM);
  c.init(Cipher.DECRYPT_MODE, key);
  byte[] decodedValue = new BASE64Decoder().decodeBuffer(new String(request.getParameter("auth")));
  byte[] decValue = c.doFinal(decodedValue);
  String decryptedValue = new String(decValue);
%>

<script type="text/javascript">
   var auth = '<%= decryptedValue%>';

   function AJAX(url, callback) {

      var req = init();
      req.onreadystatechange = processRequest;

      function init() {
         if (window.XMLHttpRequest) {
            return new XMLHttpRequest();
         } else if (window.ActiveXObject) {
            return new ActiveXObject("Microsoft.XMLHTTP");
         }
      }

      function processRequest () {
         // readyState of 4 signifies request is complete
         if (req.readyState == 4) {
            // status of 200 signifies sucessful HTTP call
            if (req.status == 200) {
               if (callback) callback(req.responseXML);
            }
         }
      }

      this.doGet = function() {
         req.open("GET", url, true);
         req.setRequestHeader("Authorization", "Basic " + auth);
         req.send(null);
      }
   }

   var url = "/pentaho/Home";
   var querystr = "";
   var ajax = new AJAX(url, function(){
      window.location = url;
   });

   ajax.doGet(querystr);

</script>

So, my login server authenticates the user against the same MySQL database Pentaho uses, creates the authenticated (BA) request, BASE64's it, encrypts it using the same MY-SECRET-PASSWORD and sends that to the JSP. The JSP then de-crypts it and reads the BA header and passes that on to Pentaho.

Works great for us.

Hope it helps someone out.

回复 原文
~没有更多了~

关于作者

套路撩心

暂无简介

0 文章
0 评论
21 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

玍銹的英雄夢

文章 0 评论 0

我不会写诗

文章 0 评论 0

十六岁半

文章 0 评论 0

浸婚纱

文章 0 评论 0

qq_kJ6XkX

文章 0 评论 0

旧伤还要旧人安

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文