Overview
This guide will allow anonymous access to the Standard Charts Report ( /reports/samples/StandardChartsReport ). This report is included with the samples that ship with the product . Unauthenticated users will be able to see this report without needing to enter any credentials or pass them in the URL in the form of j_username & j_password.
The steps below are slightly different depending on version. 3.7.1 and below are unique, as are 4.x thru 5.2, and everything between 5.5 and 6.0. Users of 6.x have reported problems with the approach
Modify Spring Configuration Files
Edit js-install/WEB-INF/applicationContext-security-web.xml
Find bean id="filterInvocationInterceptor"
NOTE: (in JasperReports Server Version 3.7.1 and below edit js-install/WEB-INF/applicationContext-security.xml instead).
(!) - Lines marked with this sign may not be present in old versions, so do not add them if they're not there.
Find these lines:
/flow.html=ROLE_USER,ROLE_ADMINISTRATOR /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportpageupdatecheck.html=ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportasynccancel.html=ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportcancel.html=ROLE_USER,ROLE_ADMINISTRATOR </pre> </pre>
Modify them like this:
/flow.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /reportimage/**=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportpageupdatecheck.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportasynccancel.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR (!) /viewreportcancel.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
Edit js-install/WEB-INF/applicationContext-security.xml
Find bean id="flowVoter"
Add this line above the repoAdminFlow:
viewReportFlow=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS
In Pro versions of 5.2, also edit js-install/WEB-INF/applicationContext-security-pro-web.xml
Modify the following line
FROM:
/reportexecutioncountmessage.html=ROLE_USER,ROLE_ADMINISTRATOR
TO:
/reportexecutioncountmessage.html=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS
- Restart your application server
Community Edition/JasperReports Server Professional 3.7.1 Only
Edit js-install/WEB-INF/applicationContext-events-logging.xml
Find bean id="accessContext Modify it to look like this:
<bean class="com.jaspersoft.jasperserver.api.logging.access.context.impl.AccessContextImpl" id="accessContext"> <property name="clientClassFactory" ref="mappingResourceFactory" /> <property name="loggingContextProvider" ref="${bean.loggingContextProvider}" /> <property name="userAuthorityService" ref="${bean.userAuthorityService}" /> </bean>
JasperReports Server Professional 5.5 and above, additional steps
Edit js-install/WEB-INF/applicationContext-security-web.xml
In the same filterInvocationInterceptor bean mentioned above , again find the property named "securityMetadataSource", ensure the following paths exist and now contain ROLE_ANONYMOUS, like:
/dashboard/viewer.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/viewreportcancel.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/viewreportasynccancel.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/viewreportpageupdatecheck.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/getreportcomponents.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/getrequirejsconfig.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/runreportaction.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/rest_v2/reports/**"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/rest_v2/resources/**"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/reportimage/**"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"/flow.html"access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR"
Set Permissions
Set the appropriate permissions (ROLE_ANONYMOUS) for the report and for all of the peripheral objects of the report such as datasources, input controls, queries, and images.
- Login to JasperReports Server as jasperadmin and grant "Read Only" permission to ROLE_ANONYMOUS on these resources:
- Report Unit: /reports/samples/StandardChartsReport
- Datasource: /datasources/JServerJNDIDS
- Theme: Themes have permisssions too, make sure your theme is allowed!
The anonymous user doesn't belong to any organization, so you'll need to use the full path to a report ( e.g. organizations/organization_1/reports/samples&reportUnit=/organizations/organization_1/reports/samples/StandardChartsReport ).
View the Report
Since we don't want the user to see the JasperReports Server decorations, you will need to add &decorate=no to the URL. '''Here's the URL for this example:'''
And here's the result, without having to authenticate:
Disclaimer
This is only an example guide and not an exhaustive list of the possible ways that this impacts the security of your installation. This may not work with Dashboards.
Recommended Comments