Changes in 6.0.1 That May Affect Your Upgrade
JasperReports® Server uses the Spring Security framework to implement security throughout the product. In JasperReports® Server 6.0.1, the Spring Security framework was updated from Spring Security 2.0.x to 3.2.5. For many users, this upgrade will have no impact. However, you may need to make some changes if you have implemented the following:
| ||• ||External authentication – If you have implemented external authentication or single sign-on in your server implementation, you need to update your implementation: |
| ||• ||If you implemented external authentication using one of the sample files included in the project, you need to reimplement your changes in the updated sample files in JasperReports® Server 6.0.1. |
| ||• ||If you implemented a custom external authentication solution, you need to migrate your solution to the new framework. |
| ||• ||Customizations – If you have customized the server using Spring Security classes, you need to migrate your solution to the new framework. |
Migrating External Authentication Sample Files
If you have implemented external authentication using one of the sample-applicationContext-<customName>.xml files in the <js‑install>/samples/externalAuth-sample-config directory,do the following to migrate your changes to JasperReports® Server 6.0.1:
| ||1. ||Before upgrading, back up your applicationContext-<customName>.xml (for example, applicationContext-externalAuth-LDAP.xml), located in the <js-webapp>/WEB-INF directory of your previous version of JasperReports® Server. |
| ||2. ||Update your server installation to JasperReports® Server 6.0.1, as described in the JasperReports® Server Upgrade Guide. |
As of JasperReports® Server 6.0.1, you can customize the default admin users created when external authentication creates a new organization. Optionally you can also encrypt the admin's password in the configuration files. If you want to encrypt the default password, you need to set this up before installation or upgrade. See the JasperReports® Server External Authentication Cookbook and the JasperReports® Server Security Guide for more information.
| ||3. ||In the new installation, locate the sample file that corresponds to the file you implemented previously. For example, if you implemented applicationContext-externalAuth-LDAP.xml, locate <js‑install-6.0.1>/samples/externalAuth-sample-config/sample-applicationContext-externalAuth-LDAP.xml. |
| ||4. ||Rename the JasperReports® Server 6.0.1 sample file to remove the sample- prefix. For example, rename sample-applicationContext-externalAuth-LDAP.xml to applicationContext-externalAuth-LDAP.xml. |
| ||5. ||Configure the properties in the new sample file to match the properties in your existing sample file. To do this: |
| ||a. ||Locate each bean you modified in the previous version. |
| ||b. ||Find the same bean in the JasperReports® Server 6.0.1 sample. The names of the beans are the same in each version. |
| ||c. ||Copy or re-enter the properties you need for your server, taking care not to copy over class names or class packages. |
Although the bean names are the same in the JasperReports® Server 6.0.1 sample files, the name and package of the class in many bean definitions have changed. Make sure not to overwrite the new names with the old ones.
| ||d. ||Save the JasperReports® Server 6.0.1 sample file. |
| ||e. ||Rename the JasperReports® Server 6.0.1 sample file to remove sample- prefix. For example, rename sample-applicationContext-externalAuth-LDAP.xml to applicationContext-externalAuth-LDAP.xml. |
| ||f. ||Place the modified file in the <js-webapp-6.0.1>/WEB-INF directory. |
To reduce the impact of future upgrades, we created wrapper classes for the Spring Security classes used in the external authentication sample files. Wrapper Classes in JasperReports Server 6.0.1 shows the correspondence between Spring Security classes in earlier versions of JasperReports® Server and the new wrapper classes in JasperReports® Server 6.0.1.
At a minimum, you need to change the names and paths of the Spring Security classes you reference in any customizations you've made to JasperReports® Server. The Spring Security codebase was significantly restructured from 2.x to 3.x. Many classes were moved to new packages and some classes were renamed. Mapping of Spring Classes from 2.0.x to 3.2.5 shows the mapping from 2.0.x to 3.2 for important Spring Security classes used in JasperReports® Server. This table is for information only. It has not been verified with the Spring Security project and is not guaranteed to be correct. Additional information is included in the Spring Security 3.2.5 source code. You can also search the internet.