Mondrian - Configuring a secure HTTPS connection

NOTE: new features and further improvements are no longer released for the Mondrian data source.
Instead of Mondrian, our team highly recommends considering Flexmonster Data Server. Just like Mondrian, this tool aggregates data on the server side and can handle large datasets.
You can see the full list of available data sources here: Supported data sources.

Overview

All data that is sent by HTTP is not encrypted and can be inspected. This is why we have added an option to enable HTTPS for Flexmonster Accelerator. HTTPS encrypts all data that is sent from the client to the Accelerator and vice versa. Follow these steps to configure a secure HTTPS connection for your setup.

Requirements

  • Flexmonster Pivot version 2.205 or higher
  • A relational database with a Mondrian schema
  • Java JRE 1.7+
  • A valid and trusted SSL certificate

Step 1: Import the certificate to Java KeyStore

A Java KeyStore (JKS) is a repository of security certificates. JDKs provide a keytool utility to manipulate the keystore.

If you already have the private key in PKCS 12, just navigate to JRE/bin/ folder and execute this command:

keytool -importkeystore -destkeystore keystore.jks -srckeystore <private_key> -srcstoretype PKCS12

Where <private_key> is the path to .p12 file with the private key (i.e. flexmonster.p12).

It will ask you to enter a new password for the keystore and a password for the private key. It will then generate a keystore.jks file with the imported private key inside. Copy this file to some location, it will be necessary for the next step.

Step 2: Enable HTTPS in Flexmonster Accelerator

After you have the certificate imported, enable HTTPS in the Accelerator’s config. Open the flexmonster.config file and modify/add the necessary parameters as follows:

HTTPS=true
KEY_STORE_PATH=<keystore_path>
KEY_STORE_PASSWORD=<keystore_password>
KEY_MANAGER_PASSWORD=<private_key_password>

Where:

  • <keystore_path> - path to the JKS file (i.e. keystore.jks).
  • <keystore_password> - password for the keystore.
  • <private_key_password> - password for the imported key.

Available values for the HTTPS parameter are true or false. By default HTTPS is disabled (false).

The Accelerator is ready to be launched. Just execute the following command in terminal:

java -jar flexmonster-proxy-mondrian.jar

You can check if the Accelerator is up and running by navigating to its URL in the browser (https://localhost:50006 by default).

Step 3: Configure Flexmonster Pivot

Now it’s time to configure the client – Flexmonster Pivot. Let’s create a minimal configuration using the JavaScript API (replace proxyUrl, catalog, and cube parameters with your specific values):

var pivot = new Flexmonster({
container: "pivotContainer",
toolbar: true,
report: {
dataSource: {
type: "mondrian",
proxyUrl: "https://localhost:50006",
dataSourceInfo: "MondrianFoodMart",
catalog: "FoodMart",
cube: "Sales",
binary: true
}
}
});

Notice that proxyUrl now contains https://. That means that the data is protected and encrypted with your SSL certificate.