The recommended approach for implementing custom security (as of version 9.0) is to use the Composite Security Provider. The composite security provider modularizes security into 'Authentication' and 'Authorization'. Authentication deals with getting user/role/group information and validating login requests. Authorization deals with setting and getting report related permissions.
In order to set up composite security directly add the following properties in the 'sree.properties' file.
security.provider =
inetsoft.sree.security.CompositeSecurityProvider
security.authentication.provider={AuthenticationProvider}
security.authorization.provider={AuthorizationProvider}
{AuthenticationProvider} can be one of:
• inetsoft.sree.security.FileAuthenticationProvider
• inetsoft.sree.security.ldap.ADSecurityProvider
• inetsoft.sree.security.ldap.IPlanetSecurityProvider
• inetsoft.sree.security.ldap.GenericLdapSecurityProvider
• class which extends inetsoft.sree.security.AbstractAuthenticationProvider e.g., com.company.security.MyAuthorizationProvider
{AuthorizationProvider} can be one of:
• inetsoft.sree.security.FileAuthorizationProvider
• inetsoft.sree.security.ldap.ADSecurityProvider
• inetsoft.sree.security.ldap.IPlanetSecurityProvider
• inetsoft.sree.security.ldap.GenericLdapSecurityProvider
• class which extends inetsoft.sree.security.AbstractAuthorizationProvider, e.g., com.company.security.MyAuthorizationProvider
If you already have a custom security implementation in versions 8.0 and below; the recommended approach is to re-implement your security using the new Composite security provider as described above. However if you have an existing implementation which implements the 'SecurityProvider' interface you may use it with the addition of some methods.
public class MyProvider implements inetsoft.sree.security.SecurityProvider
{
public boolean checkPermission(Principal user, String resource, char acc){
//check the type of permission, which a user
//has on a resource
//user is of type SRPrincipal
//acc is one of 'r','w','d'.
}
public boolean supportGroupPermission() {
//check if provider has support for setting
//permissions on groups
}
public boolean authenticate(String user, Object credential){
//validate user credentials
//credential is object of type
//inetsoft.sree.security.DefaultTicket
}
public String[] getUsers() {
// return a list of all user logins
}
public String[] getIndividualUsers() {
//return a list of users not belonging to a group
}
public User getUsers(String name) {
//return inetsoft.sree.security.User object
}
public String[] getRoles() {
// return a list of all Roles
}
public String[] getRoles(String user) {
// return a list of all Roles for a given user
}
public String[] getGroups() {
// return a list of all Groups
}
public Group getGroup(String name) {
// Get a group by name
}
public Identity findIdentity(Indentity identity) {
//find the concrete identity of the security provider
}
public void setPermission(String resource,
Permission perm) {
// save the permission for a resource
}
public Permission getPermission(String resource) {
// get the permission for a resource
}
public void removePermission(String resource) {
// remove the permission for a resource
}
public void teardown() {
//teardown the security provider
}
}