Remove /Bypass Security in pentaho

1. Stop the BA Server.

   sudo /etc/init.d/pentaho stop

2. Open the /pentaho/server/biserver-ee/pentaho-solutions/system/applicationContext-spring-security.xml file with a text editor and ensure that a default anonymous role is defined. You may have changed this role, or it may not be properly defined for some other reason. Match your bean definition and property value to the example below. The username does not matter in this particular bean; only the role name.

   <bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous​.AnonymousProcessingFilter">
   <!-- omitted -->
       <property name="userAttribute" value="anonymousUser,Anonymous" />
   </bean>

3. Now find the filterSecurityInterceptor bean in the same file, and the objectDefinitionSource property inside of it, and match its contents to the example below: This step allows Pentaho client tools to publish to the BI Platform without having to supply a username and password.

   <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
       <property name="authenticationManager">
           <ref local="authenticationManager" />
       </property>
       <property name="accessDecisionManager">
           <ref local="httpRequestAccessDecisionManager" />
       </property>
       <property name="objectDefinitionSource">
           <value>
               <![CDATA[ CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON\A/.*\Z=Anonymous,Authenticated ]]> </value>
       </property>
   </bean>

4. Save the file, then open pentahoObjects-spring.xml in the same directory.
5. Change the IAclVoter class to PentahoAllowAnonymousAclVoter

   <beans>
   <!-- omitted -->
       <bean id="IAclVoter" class="org.pentaho.platform.engine.security.acls​.voter.PentahoAllowAnonymousAclVoter" scope="singleton" />
   <!-- omitted -->
   </beans>

6. Save the file, then open pentaho.xml in the same directory.
7. In the <anonymous-authentication> part of the <pentaho-system> section, define the anonymous user and role. This is the same user and role you will use when assigning ACLs in the next step.

   <pentaho-system>
   <!-- omitted -->
       <anonymous-authentication>
           <anonymous-user>anonymousUser</anonymous-user>
           <anonymous-role>Anonymous</anonymous-role>
       </anonymous-authentication> <!-- omitted -->
   </pentaho-system>

8. Using the same anonymous user and role from before, adjust the ACLs accordingly and remove all ACL overrides.

   <pentaho-system>
   <!-- omitted -->
       <acl-publisher>
           <default-acls>
               <acl-entry role="Anonymous" acl="ADMIN_ALL" />
               <acl-entry role="Authenticated" acl="ADMIN_ALL" /> </default-acls>
               <!-- remove any active overrides entries -->
       </acl-publisher>
   <!-- omitted -->
   </pentaho-system>

9. Adjust the <acl-voter> properties such that the new anonymous user has administrator privileges.

   <pentaho-system> <!-- omitted -->
       <acl-voter>
           <admin-role>Anonymous</admin-role>
       </acl-voter> <!-- omitted -->
   </pentaho-system>

10. Save the file and close the text editor.