How to Bypass JasperReports Server login and hide passed username and password.

Purpose

You are looking to embed Jaspersoft reports/dashboards/views but need the users to be logged in from another application. This is a very simple (yet insecure) way to hide credentials at login. The web application will make a call into JasperReportsServer, passing the user's credentials in plain text, this method will remove them from being visible in the URL

Instructions

Open "loginState.jsp" page.

\apache-tomcatwebappsjasperserverWEB-INFjspmodulesloginloginState.jsp

Add below java script.

{
//---------------------------------------------- start java script -------------------------

 var param1var = getQueryVariable("singlesingon");

 if (param1var == 'y')
    window.location.href = "http://localhost:8080/jasperserver/flow.html?_flowId=viewReportFlow&ParentFolderUri=/FOLDER_NAME/SUB_FOLDER_NAME&reportUnit=/FOLDER_NAME/SUB_FOLDER/REPORTNAME"

 function getQueryVariable(variable) {
   var query = window.location.search.substring(1);
   var vars = query.split("&");
   for (var i=0;i<vars.length;i++) {
     var pair = vars[i].split("=");
     if (pair[0] == variable) {
       return pair[1];
     }
   }
   //alert('Query Variable ' + variable + ' not found');
 }

//---------------------------------------------- end java script -------------------------
}

 Call The below link from your web application.

http://localhost:8080/jasperserver/login.html?j_username=jasperadmin&j_password=jasperadmin&singlesingon=y

So it will auto login and hide URL parameter.

Cautions

Passing usernames and passwords plaintext via URL is not a secure method for authentication, please refer to the JasperReports Server Authentication Cookbook for details on a secure Single Sign On implementation