TIBCO Spotfire Server (Repository) - Import
Bridge Requirements
This bridge:requires Internet access to https://repo.maven.apache.org/maven2/ and/or other tool sites to download drivers into <TDC_HOME>/data/download/MIMB/.
Bridge Specifications
Vendor | TIBCO Software Inc. |
Tool Name | Spotfire Server |
Tool Version | 7.13 or newer |
Tool Web Site | https://spotfire.tibco.com |
Supported Methodology | [Business Intelligence] Multi-Model, BI Report (Relational Source, Expression Parsing, Report Structure) via Java API |
Data Profiling | |
Incremental Harvesting | |
Multi-Model Harvesting | |
Remote Repository Browsing for Model Selection |
SPECIFICATIONS
Tool: TIBCO Software Inc. / Spotfire Server version 7.13 or newer via Java API
See https://spotfire.tibco.com
Metadata: [Business Intelligence] Multi-Model, BI Report (Relational Source, Expression Parsing, Report Structure)
Component: TibcoSpotfireServer version 11.2.0
DISCLAIMER
This import bridge requires internet access to download third-party libraries:
- such as https://repo.maven.apache.org/maven2/ to download open source third-party libraries,
- and more sites for other third-party software such as database specific JDBC drivers.
The downloaded third-party libraries are stored into $HOME/data/download/MIMB/
- If HTTPS fails, the import bridge then tries with HTTP.
- If a proxy is used to access internet, you must configure that proxy in the JRE (see the -j option in the Miscellaneous parameter).
- If the import bridge does not have full access to internet, that $HOME/data/download/MIMB/ directory can be copied from another server with internet access where the command $HOME/bin/MIMB.sh (or .bat) -d can be used to download all third-party libraries used by all bridges at once.
By running this import bridge, you hereby acknowledge responsibility for the license terms and any potential security vulnerabilities from these downloaded third-party software libraries.
OVERVIEW
This import bridge imports from Tibco Spotfire Server.
REQUIREMENTS
This import bridge connects to Spotfire server using the WebService API and OAuth 2.0 protocol for authentication and authorization.
Before the API can be used, an OAuth 2.0 API client must be registered.
You must complete the following configuration steps to register an OAuth 2.0 API client in the Spotfire server:
- On the computer running Spotfire Server, open a command line as an administrator
- Change the directory to the location of the command line configuration tool (config.bat on Windows, config.sh on Linux).
The default location is $server installation dir$/tomcat/bin
- Export the active server configuration from the Spotfire database into a local configuration.xml file by using the export-config command.
Example: config export-config --tool-password=mypassword
- Use the register-api-client command to register an OAuth API client.
Example: config register-api-client -n OAuthClient1 -Sapi.soap.library-service
All information needed to use the client, including a client ID and a client secret, will be shown after successful completion of the command.
For example:
Client ID: eeb2e41a2ae5d7df13cc600b5973727e.oauth-clients.spotfire.tibco.com
Client secret: 797fc101fbb1d0aa599e65413b33a90b713a65f7f667ee61f61506cc1e76a9a5
To view the full oauth client configuration, you can use the 'show-oauth2-client' command.
The bridge uses such URL to download DXP documents by their GUID identifier, for example:
http[s]://server:port/spotfire/library?id=672418a9-7c64-44ec-88b6-f36a090fe9a5
Downloading DXP documents as local file is a function that can be enabled in the license.
In Spotfire Analyst, using menu Tools -> Administration manager
Groups and Licenses -> select a group -> Licenses -> Tibco Spotfire Enterprise Player -> Save Spotfire Analysis File
The selected group (such as 'Everyone' or 'OAuth2 Client') should contain the user account used for downloading.
Some servers may also restrict DXP download with custom server configuration, according to this support article:
https://support.tibco.com/s/article/How-to-block-restrict-Save-Spotfire-Analysis-File-option-when-using-the-Spotfire-web-player-link
Please ask your server administrator to enable download of DXP documents.
FREQUENTLY ASKED QUESTIONS
Q: I am encountering an HTTP 403 error, while trying to download DXP documents from the Spotfire library.
A: Utilize the "Download user" and "Download password" fields, note this account must have the necessary permissions in order to download the DXP Documents.
Note, for Spotfire versions 11.4.2 and greater, OAuth authentication is no longer supported for downloading DXP documents.
LIMITATIONS
Refer to the current general known limitations at MIMB Known Limitations or bundled in Documentation/ReadMe/MIMBKnownLimitations.html
InformationLinks are not supported, because there is no public metadata API for them.
SUPPORT
Provide a troubleshooting package with:
- the debug log (can be set in the UI or in conf/conf.properties with MIR_LOG_LEVEL=6)
- the metadata backup if available (can be set in the Miscellaneous parameter with -backup option, although this common option is not implemented on all bridges for technical reasons).
To verify that the server is up and running and check the server properties, you may point your web browser to URL:
http://server:port/spotfire/manifest
To verify that the WebService API is available, you may point your web browser to URL:
http://server:port/spotfire/api/soap/LibraryService/wsdl
This WebService API is available since Spotfire server version 7.13.0
Older versions of the WebService API are deprecated, and therefore not supported.
Bridge Parameters
Parameter Name | Description | Type | Values | Default | Scope |
Server URL | Specify here the Tibco Spotfire Server URL. The default URL is usually: http://localhost:8080/spotfire Accessing Spotfire Server via HTTPS: In order to connect to the Spotfire Server via HTTPS, you need to import the server certificate into the client machine Java trust store. 1. Copy the Spotfire Server certificate to the client machine, for example in jre\lib\security\server.cer 2. Open a command prompt window, and set the local directory: cd jre\lib\security 3. If the jssecacerts trust store is missing, make a copy of the default cacerts file: copy cacerts jssecacerts 4. Import the server certificate file into the trust store: ..\..\bin\keytool.exe -importcert -alias serveralias -file server.cer -keystore jssecacerts Enter keystore password: changeit Trust this certificate? [no]: yes |
STRING | http://localhost:8080/spotfire | Mandatory | |
Login User | The username which the import bridge will use to log in. Be sure this user name has necessary permissions to access the objects you wish to import. This corresponds to the Client ID for an OAuth 2.0 authentication method. |
STRING | Mandatory | ||
Login password | The password associated with the username which the import bridge will use to log in. This corresponds to the Client secret for an OAuth 2.0 authentication method. |
PASSWORD | Mandatory | ||
Download user | The username which the import bridge will use to download DXP documents. Be sure this user name has necessary permissions to access the objects you wish to import. For Spotfire versions older than 11.4.2, the OAuth user account allows downloading, so this parameter is not necessary, you can leave the value empty. For Spotfire versions 11.4.2 and greater, downloading DXP documents via OAuth authentication is no longer supported, so this parameter is necessary. Basic Http authentication is used by default. If the server is configured for SSO authentication (for example Kerberos), you should configure such runtime properties below: -Djava.security.krb5.conf=C:\Windows\krb5.ini This defines the Kerberos Key Distribution Center (KDC) configuration file location -Djava.security.auth.login.config=C:\Windows\jaas.conf This defines the JAAS login configuration file location -Djavax.security.auth.useSubjectCredsOnly=false -Dhttp.auth.preference="scheme" This defines a preferred authentication scheme like "basic", "SPNEGO", "Kerberos" or "NTLM" -Dhttp.auth.ntlm.domain=mydomain This defines an NTLM domain -Djava.security.debug=gssloginconfig -Dsun.security.krb5.debug=true -Dsun.security.jgss.debug=true -Dsun.security.spnego.debug=true This enables troubleshooting output for an Oracle JVM -Dcom.ibm.security.krb5.Krb5Debug=all -Dcom.ibm.security.jgss.debug=all This enables troubleshooting output for an IBM JVM For details, refer to the JVM documentation: https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/BasicClientServer.html#TheLCF https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/troubleshooting-security.html |
STRING | |||
Download password | The password associated with the download user. | PASSWORD | |||
Library subset | Specify one or more IDs of documents and/or folders to be retrieved from the Spotfire library, separated by semicolons (;). By default, an empty value means all documents. Library Datasource connections will be retrieved when used by selected documents. Note: Local connections (Datasource connection defined inside documents) will not be imported as Library Datasource connections. |
REPOSITORY_SUBSET | |||
Import local connections | Specify one or more IDs of documents with local connections to be retrieved from the Spotfire library, separated by semicolons (;) where the Local connections (Datasource connection defined inside these documents) will be promoted to Library Datasource connections. | REPOSITORY_SUBSET | |||
Miscellaneous | INTRODUCTION Specify miscellaneous options starting with a dash and optionally followed by parameters, e.g. -connection.cast MyDatabase1="MICROSOFT SQL SERVER" Some options can be used multiple times if applicable, e.g. -connection.rename NewConnection1=OldConnection1 -connection.rename NewConnection2=OldConnection2; As the list of options can become a long string, it is possible to load it from a file which must be located in ${MODEL_BRIDGE_HOME}\data\MIMB\parameters and have the extension .txt. In such case, all options must be defined within that file as the only value of this parameter, e.g. ETL/Miscellaneous.txt JAVA ENVIRONMENT OPTIONS -java.memory <Java Memory's maximum size> (previously -m) 1G by default on 64bits JRE or as set in conf/conf.properties, e.g. -java.memory 8G -java.memory 8000M -java.parameters <Java Runtime Environment command line options> (previously -j) This option must be the last one in the Miscellaneous parameter as all the text after -java.parameters is passed "as is" to the JRE, e.g. -java.parameters -Dname=value -Xms1G The following option must be set when a proxy is used to access internet (this is critical to access https://repo.maven.apache.org/maven2/ and exceptionally a few other tool sites) in order to download the necessary third-party software libraries. Note: The majority of proxies are concerned with encrypting (HTTPS) the outside (of the company) traffic and trust the inside traffic that can access proxy over HTTP. In this case, an HTTPS request reaches the proxy over HTTP where the proxy HTTPS-encrypts it. -java.parameters -java.parameters -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=3128 -Dhttp.proxyUser=user -Dhttp.proxyPassword=pass MODEL IMPORT OPTIONS -model.name <model name> Override the model name, e.g. -model.name "My Model Name" -prescript <script name> This option allows running a script before the bridge execution. The script must be located in the bin directory (or as specified with M_SCRIPT_PATH in conf/conf.properties), and have .bat or .sh extension. The script path must not include any parent directory symbol (..). The script should return exit code 0 to indicate success, or another value to indicate failure. For example: -prescript "script.bat arg1 arg2" -postscript <script name> This option allows running a script after successful execution of the bridge. The script must be located in the bin directory (or as specified with M_SCRIPT_PATH in conf/conf.properties), and have .bat or .sh extension. The script path must not include any parent directory symbol (..). The script should return exit code 0 to indicate success, or another value to indicate failure. For example: -postscript "script.bat arg1 arg2" -cache.clear Clears the cache before the import, and therefore will run a full import without incremental harvesting. If the model was not changed and the -cache.clear parameter is not used (incremental harvesting), then a new version will not be created. If the model was not changed and the -cache.clear parameter is set (full source import instead of incremental), then a new version will be created. -backup <directory> This option allows to save the bridge input metadata for further troubleshooting. The provided <directory> must be empty. The primary use of this option is for data store import bridges, in particular JDBC based database import bridges. Note that this option is not operational on some bridges including: - File based import bridges (as such input files can be used instead) - DI/BI repository import bridges (as the tool's repository native backup can be used instead) - Some API based import bridges (e.g. COM based) for technical reasons. DATA CONNECTION OPTIONS Data Connections are produced by the import bridges typically from ETL/DI and BI tools to refer to the source and target data stores they use. These data connections are then used by metadata management tools to connect them (metadata stitching) to their actual data stores (e.g. databases, file system, etc.) in order to produce the full end to end data flow lineage and impact analysis. The name of each data connection is unique by import model. The data connection names used within DI/BI design tools are used when possible, otherwise connection names are generated to be short but meaningful such as the database / schema name, the file system path, or Uniform Resource Identifier (URI). The following option allows to manipulate connections. These options replaces the legacy options -c, -cd, and -cs. -connection.cast ConnectionName=ConnectionType Casts a generic database connection (e.g. ODBC/JDBC) to a precise database type (e.g. ORACLE) for SQL Parsing, e.g. -connection.cast "My Database"="MICROSOFT SQL SERVER". The list of supported data store connection types includes: ACCESS APACHE CASSANDRA DB2/UDB DENODO GOOGLE BIGQUERY HIVE MYSQL NETEZZA ORACLE POSTGRESQL PRESTO REDSHIFT SALESFORCE SAP HANA SNOWFLAKE MICROSOFT SQL AZURE MICROSOFT SQL SERVER SYBASE SQL SERVER SYBASE AS ENTERPRISE TERADATA VECTORWISE HP VERTICA -connection.rename OldConnection=NewConnection Renames an existing connection to a new name, e.g. -connection.rename OldConnectionName=NewConnectionName Multiple existing database connections can be renamed and merged into one new database connection, e.g. -connection.rename MySchema1=MyDatabase -connection.rename MySchema2=MyDatabase -connection.split oldConnection.Schema1=newConnection Splits a database connection into one or multiple database connections. A single database connection can be split into one connection per schema, e.g. -connection.split MyDatabase All database connections can be split into one connection per schema, e.g. -connection.split * A database connection can be explicitly split creating a new database connection by appending a schema name to a database, e.g. -connection.split MyDatabase.schema1=MySchema1 -connection.map SourcePath=DestinationPath Maps a source path to destination path. This is useful for file system connections when different paths points to the same object (directory or file). On Hadoop, a process can write into a CSV file specified with the HDFS full path, but another process reads from a Hive table implemented (external) by the same file specified using a relative path with default file name and extension, e.g. -connection.map /user1/folder=hdfs://host:8020/users/user1/folder/file.csv On Linux, a given directory (or file) like /data can be referred to by multiple symbolic links like /users/john and /users/paul, e.g. -connection.map /data=/users/John -connection.map /data=/users/paul On Windows, a given directory like C:\data can be referred to by multiple network drives like M: and N:, e.g. -connection.map C:\data=M:\ -connection.map C:\data=N:\ -connection.casesensitive ConnectionName Overrides the default case insensitive matching rules for the object identifiers inside the specified connection, provided the detected type of the data store by itself supports this configuration (e.g. Microsoft SQL Server, MySql etc.), e.g. -connection.casesensitive "My Database" -connection.level AggregationLevel Specifies the aggregation level for the external connections, e.g.-connection.level catalog The list of the supported values: server catalog schema (default) TIBCO SPOTFIRE OPTIONS -r Remove the report pages and their graphical structure. -pi Import the document's preview image, storing the PNG image in base64. |
STRING |
Bridge Mapping
Meta Integration Repository (MIR) Metamodel (based on the OMG CWM standard) |
"TIBCO Spotfire Server (Repository)" Metamodel Tibco Spotfire (Server) |
Mapping Comments |
DirectoryStructureModel | Server | |
Name | Name | |
Folder | Folder | |
Author | Created By | |
CreationTime | Creation Time | |
Description | Description | |
LastModificationTime | Modification Time | |
Modifier | Modified By | |
Name | Name | |
NativeId | Native Id | |
NativeType | Native Type | |
StoreContent | Data Source, Information Link, Connection Data Source, Data Connection, Local Connection, Document | |
Author | Created By | |
CreationTime | Creation Time | |
Description | Description | |
LastModificationTime | Modification Time | |
Modifier | Modified By | |
Name | Name | |
NativeId | Native Id | |
NativeType | Native Type |