JasperServer 2.0 feedback

[anandharaj]

Hi,

 

This is my feedback on JasperServer 2.0.0's "What's New"

 

* Upgraded third party versions: mondrian-2.3, jpivot-1.7

- No idea since im not using JasperAnalysis

 

* JasperSoft has improved its display of input controls.

- This is really cool. I like the external input control box. Much better

 

* JasperSoft has simplified the object permissions page.

- As per input control, this one also nice and easy to set the permissions

- The thing that i like here is, we can change back to "No Access" which will use parent permission

 

* Users can change their passwords. This option must be enabled by an administrator.

- Cool

 

* Users can export to CSV (comma separated values) format and can create additional export formats.

- Yo, this is what i was waiting such a long time. Really cool.

- What mean by create additional export formats? Any details?

 

* JasperServer can store passwords in encrypted format.

- Now JS is more secure

 

* Users can test connections when they create data sources.

- This was already in version 1.2.1 right?

 

* XML/A data sources are now available for JasperServer

reports.

- No comments

 

* Improved error handling.

- i was sent a post on this issues also. Now its look cool and user-friendly message

 

Since no details documentation provided for some functionaly, I was able to find it after dig the code.

 

1. How to enable "change password" function?

- edit /WEB-INF/jasperserver-servlet.xml

- find 'allowUserPasswordChange' and set it to 'true'

 

2. How to change report export properties?

- export properties can be found in /WEB-INF/flows/viewReportBeans.xml

 

3. How to encrypt existing password.

- If you not change the encryption secret key and algorithm, you may reset all password to 'password'

in encrypted format. Later you may change back via JS UI

 

update jiuser set password='33DBCB07706FCA297077043CE39DC696'

update jijdbcdatasource set password='33DBCB07706FCA297077043CE39DC696'

[martynhiemstra]

I have a beter idea. Just right your own jasperserver.

 

I did just that. It took me 3 weeks and the result is so much beter than jasperforge could ever imagine. It's really fast, it has a much beter and easier to understand security, beter design etc etc. Jasperserver uses hibernate just to execute sql queries. This is just bad. I use hibernate using criteria and HQl allowing my own report tool to run on any database that is supported by Hibernate. It is designed so that it allows modules. Meaning you can plug in modules. For example a datasource module, a jasperreport module, you could even write a excel module that could allow the displaying and editing of excel files online.

 

It's a one time investment but it will really benifite your company.

[swood]

martynhiemstra wrote:

I have a beter idea. Just right your own jasperserver. I did just that. It took me 3 weeks and the result is so much beter than jasperforge could ever imagine. It's really fast, it has a much beter and easier to understand security, beter design etc etc.

 

We have a lot of imagination ;-)

 

Where is JasperServer slow?

 

What security model were you looking for?

 

What were the design weaknesses in JasperServer you were looking to address?

 

 

Jasperserver uses hibernate just to execute sql queries. This is just bad.

 

This is not correct. JasperServer uses Hibernate to manage the repository, but when running a report to get the data, the native JasperReports data source is used. In the case of a report using a SQL data source, straight JDBC is used.

 

I use hibernate using criteria and HQl allowing my own report tool to run on any database that is supported by Hibernate.

 

Hibernate does not meet everyone's need. We have people using a vast variety of data source types, and we are making it easier and easier to plug new data source types into JasperServer.

 

It is designed so that it allows modules. Meaning you can plug in modules. For example a datasource module, a jasperreport module, you could even write a excel module that could allow the displaying and editing of excel files online.

 

We have people doing this all the time with the JasperServer platform. Our use of Spring allows a modular approach. We have, out of the box, the following services:

 

repository management

JasperReport report generation

OLAP management

scheduling

authentication (leveraging Acegi)

repository object level permissions (leveraging Acegi)

 

These services can be accessed seamlessly through a user interface or web services. You can use the UI as is, customize the look and feel and/or use your own UI. Many users are embedding JasperServer in their applications, or leveraging it as a backend service.

[martynhiemstra]

Thank you for your explaination. Please also forgive the bluntness of my first response. I had discovered many difficulties with jasperserver and the frustration I took out on this post.

 

First of all jasperserver is good enough in most standard situations. I needed more and better in some cases.

 

I can explain what I liked and disliked.

 

1. I hated the fact that nearly every page is POST'ed. If a client presses F5 then the client is asked if they want to repost. This should only happen after a form post but never where simply information is being loaded. I know it's a samll thing but I just dont like it.

 

2. I hate acegi. It's probaly well implemented but if I look at how many classes you need and how much configuration for the security it's just overkill. It gave me the chills. I used 1 filter class. Just one. It's really easy. If a url starts with /secure/ then only logged in users are allowed to visit the requested page. If the url starts with /admin/ then only administrators are allowed. So simple.

 

3. The jasperserver code was so static. All the different options under 'Add new' where all hoked in the code as far as a could see. I could be wrong but I got the impression that everything was entangled. I created a modulair system. If I want a new module, I create a new module, add 1 line to the database and the new module is active. The core only contains things like User and Usergroup models etc. For example I creayed a datasource module. It allows other modules to load datasources and use them. This still creates some dependancies for example the jasperreport module relies on the datasource module but it is far less entangled.

 

4. The fact that mysql must be used as a datasource. I saw mysql queries in the code. Since you use Hibernate I beleive you should use HQL or criteria objects. This will allow the use of Hibernate Dialects. In my situation our development system is running on mysql where as our live system is running oracle. Due to licencing reasons, we cant run oracle on each development system only on a few live systems. This is real easy when using HQL or Critaeria. Each system can use any type of database.

 

5. The front end was really really bad. I saw the jsp pages and wondered who on earth designed it. They were unclean, no tab spacing (no structure). But the worst thing of all no c:url tags. These means that after each page the a new session would be created if the visitor would have cookies turned of. I replaced all the href's with encased url's. Meaning all the href url's where put in <c:url value="" /> tags. This includes jsessionid to the url. Allowing the session id to be passed to the url keeping the session intact. I also compared the amount of lines of the jasperserver css and my own css file. My css was about 10 times smaller than the css file in jasperserver. You can do alot with css and in theorie you should be able you design your website with css but at a certain point the css file becomes unreadable. I know the code wasnt meant to be altered by others outside jasperforge but for yourself it's really helpfull too.

 

6. I wanted to stream the output of a report to another website. In short, another website uses frames and we wanted the report to be displayed in the main frame making it look like the report was generated by the website and not jasperserver. This also removed the login procedure of jasperserver. Also clients wouldnt have to click on all those folders to look for the right report. In our situation we have created a url on our website that loads our report from the report server in a certain frame displaying the report on the screen right away. Just the ways clients want it. Fast and easy.

 

7. By designing our own report server, we have full control of the report server source code. We arent tied down by possible restrictions layed down by jasperserver like the ones defined by GPL and other licenses that apply to jasperserver. Making adjustments is easy in our reportserver. I could make adjustments in jasperserver but there is a chance that updates could undo these changes for example updates in jsp pages.

 

Please consider these points as positive critism that is meant to help out. Please if you have any comments on these points, I would like to hear your thoughts.

Post edited by: martynhiemstra, at: 2007/07/09 10:36

[lucianc]

I'm posting my comments on your points, Sherman will correct me if I'm wrong or missing something.

 

1. I hated the fact that nearly every page is POST'ed. If a client presses F5 then the client is asked if they want to repost. This should only happen after a form post but never where simply information is being loaded. I know it's a samll thing but I just dont like it.

 

I guess that the JasperServer web UI does not want to rely on browser navigation. And if we'd change all the navigation actions in JS to use GET instead of POST, some URL's might get rather long and I'm sure that there are people who hate that as well.

 

2. I hate acegi. It's probaly well implemented but if I look at how many classes you need and how much configuration for the security it's just overkill. It gave me the chills. I used 1 filter class. Just one. It's really easy. If a url starts with /secure/ then only logged in users are allowed to visit the requested page. If the url starts with /admin/ then only administrators are allowed. So simple.

 

You hate too much :)

 

If we'd have developed JasperServer for our internal use, maybe we would have chosen to implement a simple security mechanism that would have suited our needs. However, JasperServer is a product and needs to suit the requirements of many people, and I don't think a simple/in-house security implementation would do that. Acegi, on the other hand, is very powerful/flexible so people are to use it to customize the security aspects of JasperServer.

 

3. The jasperserver code was so static. All the different options under 'Add new' where all hoked in the code as far as a could see. I could be wrong but I got the impression that everything was entangled. I created a modulair system. If I want a new module, I create a new module, add 1 line to the database and the new module is active. The core only contains things like User and Usergroup models etc. For example I creayed a datasource module. It allows other modules to load datasources and use them. This still creates some dependancies for example the jasperreport module relies on the datasource module but it is far less entangled.

 

Which release are we discussing? This was partially true for initial releases (and I think mostly for the web UI), but things have changed since. The architecture can be of course be improved, but I don't think the code is "static" (for instance JS PRO and J4SalesForce extend/customize JasperServer by adding modules/functionality).

 

4. The fact that mysql must be used as a datasource. I saw mysql queries in the code. Since you use Hibernate I beleive you should use HQL or criteria objects. This will allow the use of Hibernate Dialects. In my situation our development system is running on mysql where as our live system is running oracle. Due to licencing reasons, we cant run oracle on each development system only on a few live systems. This is real easy when using HQL or Critaeria. Each system can use any type of database.

 

This is simply false. The JasperServer repository is built exclusively on Hibernate, and hence can run on any Hibernate-supported DB. We do use criteria queries (mostly) and HQL. Where exactly did you see SQL queries?

 

5. The front end was really really bad. I saw the jsp pages and wondered who on earth designed it. They were unclean, no tab spacing (no structure). But the worst thing of all no c:url tags. These means that after each page the a new session would be created if the visitor would have cookies turned of. I replaced all the href's with encased url's. Meaning all the href url's where put in <c:url value="" /> tags. This includes jsessionid to the url. Allowing the session id to be passed to the url keeping the session intact. I also compared the amount of lines of the jasperserver css and my own css file. My css was about 10 times smaller than the css file in jasperserver. You can do alot with css and in theorie you should be able you design your website with css but at a certain point the css file becomes unreadable. I know the code wasnt meant to be altered by others outside jasperforge but for yourself it's really helpfull too.

 

This is true, some JSPs are still rather messy. However, the URL issue has been fixed in JS 1.2.1. Also, newly developed JSPs have a much cleaner coding style.

 

6. I wanted to stream the output of a report to another website. In short, another website uses frames and we wanted the report to be displayed in the main frame making it look like the report was generated by the website and not jasperserver. This also removed the login procedure of jasperserver. Also clients wouldnt have to click on all those folders to look for the right report. In our situation we have created a url on our website that loads our report from the report server in a certain frame displaying the report on the screen right away. Just the ways clients want it. Fast and easy.

 

JasperServer features direct report URLs, which can be used to do what you've described. The only difference is that with the default JS security configuration, authentication is required which, in my opinion, is a good thing since the goal of a security mechanism is to make sure that information is only displayed to allowed users.

 

7. By designing our own report server, we have full control of the report server source code. We arent tied down by possible restrictions layed down by jasperserver like the ones defined by GPL and other licenses that apply to jasperserver. Making adjustments is easy in our reportserver. I could make adjustments in jasperserver but there is a chance that updates could undo these changes for example updates in jsp pages.

 

I can't argue with this, it is your own responsibility to decide what is the best solution to your requirements. However, the same holds for each customer and I don't think your solution is the best for everyone.

 

Regards,

Lucian

[martynhiemstra]

Hi Lucian,

 

Thanks for the great input.

 

I think I was using an older version in which somethings havent been solved or implemented yet. I also think that it was easier for me to implement our reportserver because I first saw jasperserver and saw how it could improve for me making it easier to list the points menthioned above. It's too bad I havent got the latest version. I could of cleaned up the jsp pages for you. My boss has assigned me full-time to our own reportserver so I cant help out anymore. I may compain a bit but if I had the time I would really help out.

 

I think we can conclude by saying that you created jasperserver knowing that many people would use it. Creating such a system is always going to suit many people and not suit a few.

 

If you plan a new project in the future, fell free you share it with us developers. I am always willing to help out.

 

Thanks for the input,

Martyn

[xwcheng]

Deploy jasperserver in a cluster environment error:

 

 

java.lang.IllegalArgumentException: Attribute [com.tonbeller.wcf.controller.RequestContextFactory] is not serializable

 

it's seems that that some property not implement

serializable

 

 

cluster environment:

2 tomcat v5.5.20

jdk5

two cluster machine share the same database

 

 

others:

run anyone tomcat of the cluster there is no error.

[contentengineer]

IMHO Upgrade process from 1.2.0 -> 2.0.0 requires further testing before being used in anger.

 

Have had to backout from upgrade, even after running 2.0.0 in development for a while.

 

- Have to modify all report entries [input controls]

- Have to manually hack db if space character at end of label or name; otherwise export/import fails

- Parameter passing

- Extraneous errors in log files