Access Denied Error while running a report with a user

[yogesh.gupta]

I created a report using Jasper Studio and published it on Jasper Report Server (v6.3). The report is using a domain as a data source. No security file is attached to the domain. When I run the report as a user (where the role is ROLE_USER), it throws an error "Access Denied". 

Domain and underlying data source objects had Execute only permission for "ROLE_USER" role. Here is the error I received on the UI - 

 

Error Message

Access is denied

Error Trace

org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:60) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy52.getResource(Unknown Source) at com.jaspersoft.jasperserver.multipleTenancy.PathTransformationRepositoryService.getResource(PathTransformationRepositoryService.java:299) at sun.reflect.GeneratedMethodAccessor319.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy52.getResource(Unknown Source) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.DataSourceWrapperParameterContributorFactory.getContributors(DataSourceWrapperParameterContributorFactory.java:80) at net.sf.jasperreports.engine.fill.JRFillDataset.getParameterContributors(JRFillDataset.java:1083) at net.sf.jasperreports.engine.fill.JRFillDataset.contributeParameters(JRFillDataset.java:1029) at net.sf.jasperreports.engine.fill.JRFillDataset.setParameterValues(JRFillDataset.java:634) at net.sf.jasperreports.engine.fill.BaseReportFiller.setParameters(BaseReportFiller.java:436) at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:548) at net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:396) at net.sf.jasperreports.engine.fill.JRFillSubreport.fillSubreport(JRFillSubreport.java:732) at net.sf.jasperreports.engine.fill.JRSubreportRunnable.run(JRSubreportRunnable.java:59) at net.sf.jasperreports.engine.fill.AbstractThreadSubreportRunner.run(AbstractThreadSubreportRunner.java:221) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:748)

 

 

Any suggestion, why I am getting this error?

 

[elizam]

Make sure everything has read permission, including the directories that contain your domain and data source.

[yogesh.gupta]

Thanks, the report starts working if I set read permission to "ROLE_USER" on the folder (or directory) contains domain and data source. But now the user is able to see all domains/data sources in the folder under repository tree.

I don't want user to see any data source/domain under the repository tree but still able to execute reports. If I set "execute" permission on the folder containing data source/domain, then report doesn't work. Any idea?