As of JasperReports Server 5.5, all sensitive passwords in exported catalogs are encrypted for security. In order for two servers to share the encrypted contents of an exported catalog, they must share a private key. The default key is an AES 128-bit string stored in a configuration file.
This encryption is separate from the server's own internal encryption. All user passwords are stored encrypted in the internal database, as described in Encrypting User Passwords. The import-export encryption applies only to export catalogs.
Setting the Import-Export Encryption Key | ||
Configuration File | ||
.../WEB-INF/applicationContext-security.xml | ||
Property | Bean | Description |
<property name="keyBytes"> | importExport | Set the value of the keyBytes property to the same hexadecimal value (16 bytes = 128 bits) on all servers that will exchange export catalogs. |
However, be aware that when you change a private key on a server, all previous exports become unusable. Therefore, you must configure your new server soon after installing it, and you should configure it with the key from an existing server, if you have one. This way all your servers and all your export catalogs will use the same key and be mutually compatible.
Importing Unencrypted Catalogs
Versions prior to 5.5 did not encrypt the user passwords upon export. These passwords appear in plain text within the files of the export catalog. For backwards compatibility, unencrypted catalogs are still supported and can be imported into a 5.5 server, even when an encryption key is configured.
Passwords that are encrypted by an export operation in JasperReports Server 5.5 or later have encryption markers, so older passwords without the markers can be detected and imported as plain text. Once plain-text passwords are imported, they are stored internally with encryption, and will be encrypted in any future export.
Recommended Comments
There are no comments to display.