1
votes

I am currently in the process of writing a WebApp to access reports from our ICCube-System. The Application page is hosted on a server different to the IcCube-server. The server is currently a local Apache server (xampp) using Basic Auth to authenticate users before they can access my htdocs. I would like my Apache to do the authentication while icCube's internal authorization manages report access, with only a single login being required.

My application is based on the live demo for web reporting provided by IcCube; therefore it's using explicit JavaScript authentication (it's getting the demo user data through ic3.getDemoDataSourceSettings()).

After trying to work through the IcCube documentation on the matter, I am just as confused as before. The related page on Apache configuration lists possible configurations for Apache & icCube, but I don't understand which I should use (advantages & disadvantages) and if all of them even work with our server setup.

  1. Apache Configuration Overview: If I set these proxy parameters in my server config, what exactly is forwarded to IcCube?
  2. icCube Authentication Servlet Filter: Does this config extract belong to IcCube or Apache? What exactly are these filters doing?

Any help with the issue or pointers to a more in-depth documentation would be greatly appreciated.

1

1 Answers

1
votes

You Web App (i.e. Apache) will have to forward calls related to accessing the reports in icCube. You can for example configure Apache to forward everything related to icCube as following:

<VirtualHost *:80>
ServerName your.domain.com

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass        /icCube http://your-ip:8383/icCube
ProxyPassReverse /icCube http://your-ip:8383/icCube

</VirtualHost>

Then the communication between Apache and icCube is secured using Servlet Filters that are part of icCube configuration (icCube.xml):

IcCubeApacheAuthenticationServletFilter
IcCubeApacheGwtAuthenticationServletFilter

The first filter can be used for all services but GWT; for GWT you can use the second one. Here is an extract of a possible icCube.xml:

<xmlaComponentConfiguration>
    <!--<tcpPortNumber>8484</tcpPortNumber>-->
    <httpUrl>/icCube/xmla</httpUrl>
    <enableHttpCompression>true</enableHttpCompression>
    <filter>XMLA (Apache) Authentication</filter>
</xmlaComponentConfiguration>

<gwtServiceComponentConfiguration>
    <enableFileDownloadCompression>true</enableFileDownloadCompression>
    <filter>GWT (Apache) Authentication</filter>
</gwtServiceComponentConfiguration>

<reportingComponentConfiguration>
    <url>/icCube/doc/*</url>
    <enableCompression>true</enableCompression>
    <filter>Report Authentication</filter>
</reportingComponentConfiguration>

<gviComponentConfiguration>
    <url>/icCube/gvi</url>
    <enableCompression>true</enableCompression>
    <filter>GVI Authentication</filter>
    <filter>GVI Authentication (logout)</filter>
</gviComponentConfiguration>

<filterConfiguration>
    <filter>
        <filter-name>XMLA (Apache) Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>GWT (Apache) Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheGwtAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>Report Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
    </filter>
    <filter>
        <filter-name>GVI Authentication</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeApacheAuthenticationServletFilter</filter-class>
        <init-param>
            <param-name>anonymousLogon</param-name>
            <param-value>false</param-value>
        </init-param>
    </filter>
    <filter>
        <filter-name>GVI Authentication (logout)</filter-name>
        <filter-class>crazydev.iccube.server.authentication.IcCubeGviLogoutAuthenticationServletFilter</filter-class>
    </filter>
</filterConfiguration>

Hope that helps.