Dear visitor, despite the COVID-19 outbreak, our team continues operating at full speed.

Also, here is the form where you can apply for a special discount and we will contact you with possible options. Stay safe and continue achieving your business goals.

Fill the form
Get Free Trial
Get Free Trial
  1. API reference
  2. Welcome
    1. Component overview
    2. Quick start
    3. System requirements
    4. Troubleshooting
    5. Managing license keys
    6. Migrating from WebDataRocks to Flexmonster
  3. Connecting to Data Source
    1. JSON
      1. Connecting to JSON
      2. Connecting to JSON using Flexmonster Data Server
      3. Data types in JSON
    2. CSV
      1. Connecting to CSV
      2. Connecting to CSV using Flexmonster Data Server
      3. Data types in CSV
    3. Database
      1. Connecting to SQL databases
      2. Connecting to a MySQL database
      3. Connecting to a Microsoft SQL Server database
      4. Connecting to a PostgreSQL database
      5. Connecting to an Oracle database
      6. Connecting to other databases
    4. MongoDB
      1. Introduction to Flexmonster MongoDB Connector
      2. Getting started with the MongoDB Connector
      3. Embedding the MongoDB Connector into the server
    5. Microsoft Analysis Services
      1. Connecting to Microsoft Analysis Services
      2. Getting started with the Accelerator
      3. Installing the Accelerator as a Windows service
      4. Referring the Accelerator as a DLL
      5. Configuring the authentication process
      6. Configuring a secure HTTPS connection
      7. Troubleshooting
    6. Pentaho Mondrian
      1. Connecting to Pentaho Mondrian
      2. Getting started with the Accelerator
      3. Configuring Mondrian roles
      4. Configuring username/password protection
      5. Configuring a secure HTTPS connection
      6. Troubleshooting
    7. Elasticsearch
      1. Connecting to Elasticsearch
      2. Configuring the mapping
    8. Custom data source API
      1. Introduction to the custom data source API
      2. A quick overview of a sample Node.js server
      3. A quick overview of a sample .NET Core server
      4. Implementing the custom data source API server
      5. Implementing filters
      6. Supporting more aggregation functions
      7. Returning data for the drill-through view
    9. Flexmonster Data Server
      1. Getting started with Flexmonster Data Server
      2. Installation guide
      3. Configurations reference
      4. Data sources guide
      5. Security and authorization guide
  4. Security
    1. Security in Flexmonster
    2. Security aspects of connecting to an OLAP cube
      1. Ways of connecting to an OLAP cube
      2. The data transfer process
      3. Data security
      4. Data access management
  5. Configuring report
    1. What is a report
    2. Data source
    3. Slice
    4. Options
    5. Mapping
    6. Number formatting
    7. Conditional formatting
    8. Set the report for the component
    9. Get the report from the component
    10. Date and time formatting
    11. Configuring global options
    12. Export and print
    13. Calculated values
    14. Custom sorting
  6. Integration with frameworks
    1. Available tutorials
    2. Integration with AngularJS (v1.x)
    3. Integration with Angular
    4. Integration with React
    5. Integration with React Native
    6. Integration with Vue
    7. Integration with Python
      1. Integration with Django
      2. Integration with Jupyter Notebook
    8. Integration with R Shiny
    9. Integration with Webpack
    10. Integration with ASP.NET
    11. Integration with jQuery
    12. Integration with JSP
    13. Integration with TypeScript
    14. Integration with RequireJS
    15. Integration with PhoneGap
  7. Integration with charts
    1. Integration with Highcharts
    2. Integration with Google Charts
    3. Integration with FusionCharts
    4. Integration with any charting library
  8. Customizing
    1. Customizing the Toolbar
    2. Customizing appearance
    3. Customizing the context menu
    4. Localizing the component
  9. Updating to the latest version
    1. Updating to the latest version
    2. Release notes
    3. Migration guide from 2.7 to 2.8
    4. Migration guide from 2.6 to 2.7
    5. Migration guide from 2.5 to 2.6
    6. Migration guide from 2.4 to 2.5
    7. Migration guide from 2.3 to 2.4
    8. Migration guide from 2.2 to 2.3
    9. Documentation for older versions
Table of contents

Security and authorization guide

This tutorial describes how to configure the data access security in Flexmonster Data Server. To connect the Data Server to your data, refer to the Data sources guide.

Flexmonster Data Server supports different essential security configurations, such as built-in basic authorization and HTTPS. To learn more about security configurations in the Data Server, see the following guides:

Built-in basic authorization

By default, Flexmonster Data Server is accessible to anyone who can access the host on which the Data Server runs on. Using the built-in basic authorization, you can restrict access to Flexmonster Data Server.

Step 1. Create a user

The flexmonster-setup-users.exe utility allows creating new users and managing them. Run the following command in the console to create a new user:

flexmonster-setup-users.exe add <username> 

Here, <username> is the name of the created user.

Then you will be prompted to create and confirm the password for the user.

With the flexmonster-setup-users.exe utility, it is possible to see all created users, change the password for a user, and delete a user. Run the following command in the console to learn more about users management:

flexmonster-setup-users.exe --help

Step 2. Enable authorization

In the flexmonster-config.json file, enable the authorization by setting the "Enabled" property of the "Authorization" object to true:

"Security" : {
"Authorization": {
   "Enabled": true
},
...
}

Step 3. Configure CORS

Basic Authorization requires certain origins to be defined in the Access-Control-Allow-Origin header. Origin is a domain that sends requests to Flexmonster Data Server (e.g., http://localhost:8080 or https://example.com). To allow the origin to send requests to the Data Server, specify the "AllowOrigin" property in the flexmonster-config.json file:

"Security" : {
...
"CORS": {
   "AllowOrigin": "http://localhost:8080"
  }
}

Several origins can be defined as follows:

"AllowOrigin": "http://localhost:8080, https://example.com"

Step 4. Configure credentials on the client side

In this step, credentials are configured in Flexmonster Pivot. There are two ways to configure credentials:

  1. Use the withCredentials property:
    {
    dataSource: {
            type: "api",
            url: "http://localhost:9500",
            index: "data",
    withCredentials: true
        }
    }
    In this case, you need to enter your login and password when first connecting to Flexmonster Data Server.
  2. Add a request header with basic authentication. The header should be added in the following way:
    {
        dataSource: {
            type: "api",
            url: "http://localhost:9500",
            index: "data",
    requestHeaders: {
    "Authorization": "Basic QWxhZGRpbjpPcGVuU2VzYW1l"
    }
        }
    }
    Note: the header should be specified in the standard for basic authentication format.
    In this case, the authorization will be automatic, and the browser will not ask for the login and password.

Configure the HTTPS protocol

All data sent by HTTP is not encrypted and can be inspected. For this reason, we added an option to enable the HTTPS protocol for Flexmonster Data Server to make its usage more secure. Follow the steps below to configure a secure HTTPS connection.

Step 1. Enable the HTTPS protocol

To enable the HTTPS protocol, set the "Enabled" property of the "HTTPS" object to true in the flexmonster-config.json file:

"HTTPS": {
"Enabled" : true
}

Step 2. (optional) Add a certificate

There is an option to add an SSL/TLS certificate. The certificate can be added with either Path-Password Object or Subject-Store Object. Each of them has different properties.

To add the certificate with the Path-Password Object, specify the path to the certificate and a password required to access the certificate:

"HTTPS": {
"Enabled": true,
"Certificate": {
  "Path": "sampleCert.pfx",
      "Password": "samplePassword"
 
}
}

To add the certificate with the Subject-Store Object, the following properties should be specified:

  1. In the "Certificate" object, specify the certificate subject name and the certificate store from which to load the certificate:
    "HTTPS": {
      "Enabled": true,
      "Certificate": {
    "Subject": "localhost",
    "Store": "My"
     
    }
    }
  2. (optional) Specify the location of the store from which to load the certificate. Skip this step if the needed location is "CurrentUser", since the default value of the location is "CurrentUser". Otherwise, set the "Location" property to "LocalMachine":
    "HTTPS": {
      "Enabled": true,
        "Certificate": {
    "Subject": "localhost",
    "Store": "My",
    "Location": "LocalMachine"
      }
    }
  3. (optional) To allow using invalid certificates, such as self-signed certificates, set the "AllowInvalid" property to true:
    "HTTPS": {
    "Enabled": true,
        "Certificate": {
    "Subject": "localhost",
    "Store": "My",
    "Location": "LocalMachine",
    "AllowInvalid": true
      }
    }

Step 3. (optional) Configure the protocols

The "Protocols" property establishes the HTTP protocols enabled on a connection endpoint or for the server. The "Protocols" property can be one of the following values: "Http1", "Http2", and "Http1AndHttp2". For example:

"HTTPS": {
"Enabled": true,
"Certificate": {
"Path": "sampleCert.pfx",
      "Password": "samplePassword"
},
"Protocols": "Http2"
}

Restart the Data Server to apply the configurations. Now, the HTTPS protocol will be used instead of HTTP.

Reverse proxy authorization

If you need to use your own authorization mechanism, you can restrict the public access to Flexmonster Data Server and enable access to it through the reverse proxy. This approach requires implementing the proxy, which is responsible for the data access control. The proxy will decide which requests should be accepted and passed to the Data Server, and which requests should be declined.

Note: the proxy has to implement the custom data source API to handle requests from Flexmonster Pivot. Then the proxy will be able to redirect Flexmonster Pivot’s requests to the Data Server. To see the full list of requests send by Flexmonster Pivot, refer to our documentation.

Custom authorization and role-based permissions

Currently, there is no support of role-based access to the data in Flexmonster Data Server. For such cases, we recommend implementing a custom data server with your own business logic. We are going to release Flexmonster.DataServer.Core.dll soon, and it will make that process fast and simple.

What’s next?

You may be interested in the following articles: