Authentication and authorizaton for XMLA Connect and Mondrian

If you would like to turn on basic authentication for mondrian cubes from excel you need to implement steps below.

First step, what you need to do is to impelment Authentication Callback Class. This class is an extension of default AuthenticatingXmlaRequestCallback class, which is provided by mondrian.

XMLA Connect sends from Excel user and password as http request authorization header. We need to read user name and password and auhtenticate against LDAP or database, where users are saved.


public class CustomAuthentication extends AuthenticatingXmlaRequestCallback {

public void preAction(HttpServletRequest request, Element[] requestSoapParts, Map<String, Object> context)
            throws Exception {
        String authHeader = request.getHeader("authorization");
        String encodedValue = authHeader.split(" ")[1];
        String decodedValue = Base64.base64Decode(encodedValue);
        int k = decodedValue.indexOf(":");
        if (k > 0) {
            String user = decodedValue.substring(0, k);
            String password = decodedValue.substring(k + 1, decodedValue.length());
            context.put(XmlaConstants.CONTEXT_XMLA_USERNAME, user);
            context.put(XmlaConstants.CONTEXT_XMLA_PASSWORD, password);
        }

        super.preAction(request, requestSoapParts, context);
    }

  /**
     * Implementation of authentication
     */
    @Override
    public String authenticate(String username, String password, String sessionID) {
        try {
            customAuthMethod(username, password);
        } catch (Exception e) {
            throwAuthenticationException("User: " + username + e.getMessage());
        }
        //role
        return "xmla";
    }
}

Next we need to register this class in web.xml like:

<servlet>
....
                <init-param>
			<param-name>Callbacks</param-name>
			<param-value>CustomAuthentication</param-value>
		</init-param>
...
</servlet>

Next step you need to add role in your schema xml for mondrian, where you define cubes:

<Schema>
...
<Cube>
...
</Cube>

<Role name="xmla">
    <SchemaGrant access="all">
    </SchemaGrant>
</Role>
</Schema>

more details for this step you can find here: Defining Roles