hozawa Posted November 8, 2014 Share Posted November 8, 2014 I want to know what other users in Tibco Jaspersoft community think about this because Tibco Jaspersoft Support is telling me it's not their problem.The problem is this, If I login to JRS and open a new tab with a Visualize.js page that is accessing JRS report using a different user/password then what I've logged in, the logged in user changes to the user that is used to access the Visualize.js page.To reproduce:1. Login to JRS with superuser account2. Open a new tab on web browser3. Open a page with Visualize.js that access JRS report using a different user account4. Go back to the JRS superuser page. The user is changed to those used by Visualize.jsThat is, I'll be able to be logged in as an user used by Visualize.js just by viewing a Visualize.js page.I think other services on the Internet is avoiding this issue by having login site url be different from the web api url or having different login (user used only for web browser login site and user only to be used when accessing via web api).As of now, it may be better to deny regular users direct access to JasperReports Server so they won't be able to login or create a role to be used by Visualize.js and modify JasperReports Server to deny login for that role. Link to comment Share on other sites More sharing options...
srang Posted April 12, 2015 Share Posted April 12, 2015 I have seen this same thing happen Link to comment Share on other sites More sharing options...
vivek.suyampu Posted June 30, 2015 Share Posted June 30, 2015 Same issue.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now