As of JasperReports Server 5.5, all sensitive passwords in exported catalogs are encrypted for security. In order for two servers to share the encrypted contents of an exported catalog, they must share a private key. The default key is an AES 128-bit string stored in a configuration file.
This encryption is separate from the server's own internal encryption. All passwords are stored encrypted in the internal database. The import-export encryption applies only to export catalogs.
|
Setting the Import-Export Encryption Key |
||
|
Configuration File |
||
|
…\WEB-INF\applicationContext-security.xml |
||
|
Property |
Bean |
Description |
|
<property name="keyBytes"> |
importExport |
Set the value of the keyBytes property to the same hexadecimal value on all servers that will exchange export catalogs. |
However, be aware that when you change a private key on a server, all previous exports are invalidated. Therefore, you must configure your new server soon after installing it, and you should configure it with the key from an existing server, if you have one. This way all your servers and all your export catalogs will use the same key and be mutually compatible.
Importing Unencrypted Catalogs
Versions prior to 5.5 did not encrypt the user passwords upon export. These passwords appear in plain text. For backwards compatibility, unencrypted catalogs are still supported and can be imported into a 5.5 server, even with an encryption key is configured.
Passwords that are encrypted by an export operation in JasperReports Server 5.5 have encryption markers, so older passwords without the markers can be detected and imported without being decrypted.
