Increase security log levels in the Pentaho Server
The security logging facilities of the Pentaho Server are set to ERROR by default, which may not supply enough details for troubleshooting and testing.
The following procedure explains how to set up verbose logging which increases the level of detail in the Pentaho Server logs for security-related messages.
Stop the Pentaho Server with the following script
sh /usr/local/pentaho/server/pentaho-server/stop-pentaho.shOpen the
/pentaho/server/pentaho-server/tomcat/webapps/pentaho/WEB-INF/classes/log4j2.xmlfile with a text editor.Change or add the ThresholdFilter value in the
<Console>or <RollingFile> sections to one of the following logging levels:WARN,ERROR,FATAL, orDEBUG(depending on which level you prefer):< Console name="PENTAHOCONSOLE" > <ThresholdFilter level="ERROR"/> <PatternLayout><Pattern>%d{ABSOLUTE} %-5p [%c{1}] %m%n</Pattern> </PatternLayout> </Console>Add the following log statements directly above the root element:
<!-- all Spring Security classes will be set to DEBUG --> <Logger name="org.springframework.security" level=”DEBUG”> <!-- all Pentaho security-related classes will be set to DEBUG --> <Logger name="org.pentaho.platform.engine.security" level=”DEBUG”> <Logger name="org.pentaho.platform.plugin.services.security" level=”DEBUG”>Save and close the file, then edit the Spring Security configuration file that corresponds with your security back end in the
/pentaho/server/pentaho-server/pentaho-solutions/system/directory. The file will be one of the following options:applicationContext-spring-security-memory.xmlapplicationContext-spring-security-jdbc.xmlapplicationContext-spring-security-ldap.xml
Find the
daoAuthenticationProviderbean definition, then add the following property anywhere inside of it (before the</bean>tag):<property name="hideUserNotFoundExceptions" value="false" />Save the file and close the text editor.
Start the Pentaho Server with the following script:
sh /usr/local/pentaho/server/pentaho-server/start-pentaho.sh
For this example, Pentaho Server security logging is now globally set to DEBUG, which provides verbose logging for debugging security configuration problems. All Pentaho Server messages will be collected in the /pentaho/server/pentaho-server/logs/pentaho.log file.
When you are finished configuring and testing the Pentaho Server, you should decrease verbose logging down to a less detailed level, such as ERROR, to prevent pentaho.log from growing too large.
Enable extra LDAP security logging
If you need more LDAP-related security details in pentaho.log, or if you are specifically having difficulty with LDAP authentication configuration, perform the following steps to set up verbose logging.
Note: These instructions are for testing and pre-production only. User names and passwords will be displayed in the log file in plain text.
Stop the Pentaho Server
Go to the
/pentaho/server/pentaho-server/pentaho-solutions/systemdirectory and open theapplicationContext-spring-security-ldap.xmlfile with a text editor.Locate the bean declaration for
DefaultLdapAuthenticationProviderand replace theconstructor-argbean with the following new bean:Old Bean:
<constructor-arg> <ref bean="authenticator" /> </constructor-arg>New Bean:
<constructor-arg> <ref bean="ldapAuthenticatorProxy" /> </constructor-arg>In the same directory, locate and open the
pentaho-spring-beans.xmlfile.Add the following import line to the list of files:
<import resource="applicationContext-logging.xml" />Save and close the file.
Locate the
/pentaho-server/tomcat/webapps/pentaho/WEB-INF/classesdirectory and open thelog4j2.xmlfile with a text editor.Add this category to the
log4j2.xmlfile.<Logger name="org.springframework.security.providers" level="DEBUG"/>Save and close the file, then start the Pentaho Server.
You will now have verbose LDAP-specific log messages in pentaho.log, which include login credentials for every user that tries to log on.
See the Install Pentaho Data Integration and Analytics document for instructions on starting and stopping the Pentaho Server.
Last updated
Was this helpful?