Configuration

In this section, you will:

  • Install and configure Apache Superset to make it available in Jmix applications.

  • Configure the Jmix application to connect to Apache Superset.

Apache Superset Installation

According to the Apache Superset documentation, there are different ways to install it.

The simplest way to get acquainted with Apache Superset is using Docker Compose. This way provides demonstration data with already created dashboards and enables custom configuration of the Superset.

Apache Superset does not recommend using Docker Compose for production, since it is primarily designed to run a set of containers on a single host and can’t support requirements for high availability.

Firstly, clone the Superset repository with a release tag, for example 4.0.1:

git clone --depth 1 --branch 4.0.1 https://github.com/apache/superset.git

Secondly, specify the same version for the Apache Superset docker image in the docker-compose-non-dev.yml file located in the root directory of cloned repository. Open the docker-compose-non-dev.yml file and set the following value to the x-superset-image property:

x-superset-image: &superset-image apache/superset:4.0.1

And finally, to simplify the integration of Superset with the Jmix application, configure a database service that will be accessible to both Superset and the application.

Add the PostgreSQL service to the docker-compose-non-dev.yml:

  superset-worker-beat:
  # ...

  jmix_database:
    image: postgres:16.3
    container_name: jmix_database
    ports:
      - 5432:5432
    environment:
      POSTGRES_DB: onboarding
      POSTGRES_USER: jmix
      POSTGRES_PASSWORD: jmix

volumes:
# ...

If you already have local PostgreSQL using the standard port 5432, expose another port to avoid conflicts. For example, 5433:

    ports:
      - 5433:5432

Now Apache Superset is ready to launch. Run the following command in the root directory of the cloned repository:

docker compose -f docker-compose-non-dev.yml up

The Superset web UI will be available at http://localhost:8088. The user credentials are admin / admin.

superset login

Apache Superset Configuration

Superset has a lot of configuration parameters. You can find the whole list in the superset/config.py file. To make Superset accessible from Jmix applications you need to configure Content Security Policy (CSP) and enable default role with feature flags.

Apache Superset supports custom configuration definition in:

  • docker/pythonpath_dev/superset_config.py file

  • docker/pythonpath_dev/superset_config_docker.py file that is ignored by git.

In this guide, you will use the second option. Create the superset_config_docker.py file in the /apache-superset/superset/docker/pythonpath_dev/ directory.

Guest Token

The Jmix Superset add-on uses a guest token to access embedded dashboards. Using this token, Apache Superset creates an anonymous user object that has a role from the GUEST_ROLE_NAME property set to Public by default. To enable anonymous users to see the dashboards you should use the Gamma role.

Add the following property to the superset_config_docker.py file:

GUEST_ROLE_NAME = 'Gamma'

Embedded Dashboards

By default, Superset does not enable embedding dashboards into iframe. You can enable it using the FEATURE_FLAGS property.

Add the following property to the superset_config_docker.py file:

FEATURE_FLAGS = {
    "EMBEDDED_SUPERSET": True,
}

Content Security Policy (CSP)

In order to embed dashboards into iframe you also need to configure Content Security Policy. Apache Superset uses Talisman (an extension for Flask web framework) that enables integrating additional security layers such as CSP, HTTPS, etc.

Content Security Policy has the frame-ancestors directive that specifies valid parents that may embed a page. The Superset has already defined the TALISMAN_CONFIG property with default values in superset/config.py.

Copy the TALISMAN_CONFIG property to superset_config_docker.py and add the frame-ancestors value:

TALISMAN_CONFIG = {
    "content_security_policy": {
        # ...
        "frame-ancestors": ["http://localhost:8080"]
    },
    # ...
}

The resulting configuration in superset_config_docker.py file is the following:

GUEST_ROLE_NAME = 'Gamma'
FEATURE_FLAGS = {
    "EMBEDDED_SUPERSET": True,
}
TALISMAN_CONFIG = {
    "content_security_policy": {
        "base-uri": ["'self'"],
        "default-src": ["'self'"],
        "img-src": [
            "'self'",
            "blob:",
            "data:",
            "https://apachesuperset.gateway.scarf.sh",
            "https://static.scarf.sh/",
        ],
        "worker-src": ["'self'", "blob:"],
        "connect-src": [
            "'self'",
            "https://api.mapbox.com",
            "https://events.mapbox.com",
        ],
        "object-src": "'none'",
        "style-src": [
            "'self'",
            "'unsafe-inline'",
        ],
        "script-src": ["'self'", "'strict-dynamic'"],
        "frame-ancestors": ["http://localhost:8080"]
    },
    "content_security_policy_nonce_in": ["script-src"],
    "force_https": False,
    "session_cookie_secure": False,
}
This configuration is used only for demonstration purposes and is not production ready. For a production environment you should provide a more precise configuration with enabled CORS, HTTPS, etc.

Now the Superset is configured and can be restarted. Stop the running containers and start again:

docker compose -f docker-compose-non-dev.yml up

Jmix Configuration

Jmix Superset add-on requires you to define the following properties:

application.properties
jmix.superset.url = http://localhost:8088
jmix.superset.username = admin
jmix.superset.password = admin

Since you have started the application database as a PostgreSQL service in Docker Compose, change the Main Data Store from HSQLDB to PostgreSQL.

If the jmix_database in the container configuration defines a port other than 5432, specify it in the database URL. For example, set localhost:5433 in the field for the database host.

Now the application is ready to communicate with Superset. Since the database is empty, the application will run the schema migration scripts and fill the database with demonstration data. Start the application and open the Users view:

users list