Domain security demo

[navkum]

Hi,

I am new to the Jasper world and right now i am trying my hands on secutity in jasper server.

I tried to change the file for SuperMart (demo database that comes with Jasper server) as per the example given in JS-Ultimate Guide.  Following is the section of the file i changed. (added domain security for rows using Cities attribute)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">

    <resourceAccessGrants>
    <!-- Row level security -->

    <!-- What access do roles/users have to the rows in the resource? -->

    <resourceAccessGrantList id="sales_join_resource_access_grant" label="aLabel" resourceId="sales_join">
      <resourceAccessGrants>
        <!--
        This "join" will always be made when a query includes at least 1 item from this
        resource, even when the query does not include the related dataSet.
       
        <resourceAccessGrant id="sales_join_ROLE_SUPERMART_MANAGER_row_grant">
            <principalExpression>authentication.getPrincipal().getRoles().any{ it.getRoleName() in ['ROLE_SUPERMART_MANAGER'] }</principalExpression>
            <filterExpression>store1.store_country in ('USA') and store1.store_state in ('CA')</filterExpression>
        </resourceAccessGrant>
        -->

<!--    Following is the resourceAccessGrant I added form Ultimate Guide   -->
        <resourceAccessGrant id="Jointree_1_row_access_grant_4">
            <principalExpression><![CDATA[authentication.getPrincipal().getAttributes().any{it.getAttrName() in ['Cities']}]]> </principalExpression>
            <filterExpression>store1.store_city in (groovy('authentication.getPrincipal().getAttributes().find{ it.attrName == "Cities"}.attrValue'))
            </filterExpression>
        </resourceAccessGrant>

-------------------------------------------------------------------------------------------------------------------------------------------------------

 

But when i try create an adhoc report  get message stating : "No data was returned."

To create the report i log in as the California User ( User that comes by default when i chose to install demo)

California User has attributes :

 

CaliforniaUser

California User

 

Assigned Roles

ROLE_SUPERMART_MANAGER, ROLE_USER

Profile Attributes

[state:CA], [Cities:San Francisco, Oakland, San Jose]

This user is enabled.

 

***  Can some one please let me know what i am missing here that might be causing the error?.  This domins works fine with row level security using Roles e.g. ['ROLE_SUPERMART_MANAGER']

*** Is there a way to evaluate principle expressions externally so that i can see there results without actually having to add the whole file and then using the security file...

 

Thanks.

Code: