}
@Override
protected ConnectionFactory createConnectionFactory( final ServletConfig servletConfig ) throws ServletException {
final ConnectionFactory delegate =
super.createConnectionFactory( servletConfig );
/*
* This wrapper for the connection factory allows us to
* override the list of roles with the ones defined in
* the IPentahoSession and filter it through the
* IConnectionUserRoleMapper.
*/
return new ConnectionFactory() {
public Map<String, Object> getPreConfiguredDiscoverDatasourcesResponse() {
return delegate.getPreConfiguredDiscoverDatasourcesResponse();
}
public OlapConnection getConnection(
String databaseName,
String catalogName,
String roleName,
Properties props )
throws SQLException {
// What we do here is to filter the role names with the mapper.
// First, get a user role mapper, if one is configured.
final IPentahoSession session =
PentahoSessionHolder.getSession();
final IConnectionUserRoleMapper mondrianUserRoleMapper =
PentahoSystem.get(
IConnectionUserRoleMapper.class,
MDXConnection.MDX_CONNECTION_MAPPER_KEY,
null ); // Don't use the user session here yet.
String[] effectiveRoles = new String[0];
/*
* If Catalog/Schema are null (this happens with high level metadata requests,
* like DISCOVER_DATASOURCES) we can't use the role mapper, even if it
* is present and configured.
*/
if ( mondrianUserRoleMapper != null
&& catalogName != null ) {
// Use the role mapper.
try {
effectiveRoles =
mondrianUserRoleMapper
.mapConnectionRoles(
session,
catalogName );
if ( effectiveRoles == null ) {
effectiveRoles = new String[0];
}
} catch ( PentahoAccessControlException e ) {
throw new SQLException( e );
}
}
// Now we tokenize that list.
boolean addComma = false;
roleName = ""; //$NON-NLS-1$
for ( String role : effectiveRoles ) {
if ( addComma ) {
roleName = roleName.concat( "," ); //$NON-NLS-1$
}
roleName = roleName.concat( role );
addComma = true;
}
// Now let the delegate connection factory do its magic.
if ( catalogName == null ) {
return
delegate.getConnection(
databaseName,
catalogName,
roleName.equals( "" )
? null
: roleName,