JasperReports Server uses the Spring Security framework to implement security throughout the product. In JasperReports Server 6.0.1, the Spring Security framework was updated from Spring Security 2.0.x to 3.2.5. For many users, this upgrade will have no impact. However, you may need to make some changes if you have implemented the following:
|•||External authentication – If you have implemented external authentication or single sign-on in your server implementation, you need to update your implementation:|
|•||If you implemented external authentication using one of the sample files included in the project, you need to reimplement your changes in the updated sample files in JasperReports Server 6.0.1.|
|•||If you implemented a custom external authentication solution, you need to migrate your solution to the new framework.|
|•||Customizations – If you have customized the server using Spring Security classes, you need to migrate your solution to the new framework.|
If you have implemented external authentication using one of the sample-applicationContext-<customName>.xml files in the <js‑install>/samples/externalAuth-sample-config directory, do the following to migrate your changes to JasperReports Server 6.0.1:
|1.||Before upgrading, back up your applicationContext-<customName>.xml file (for example, applicationContext-externalAuth-LDAP.xml), located in the <js-webapp>/WEB-INF directory of your previous version of JasperReports Server.|
|2.||Update your server installation to JasperReports Server 6.0.1, as described in the JasperReports Server Community Project Upgrade Guide.|
As of JasperReports Server 6.0.1, you can customize the default admin users created when external authentication creates a new organization. Optionally you can also encrypt the admin's password in the configuration files. If you want to encrypt the default password, you need to set this up before installation or upgrade. See the JasperReports Server External Authentication Cookbook and the JasperReports Server Security Guide for more information.
|3.||In the new installation, locate the sample file that corresponds to the file you implemented previously. For example, if you implemented applicationContext-externalAuth-LDAP.xml, locate <js‑install-6.0.1>/samples/externalAuth-sample-config/sample-applicationContext-externalAuth-LDAP.xml.|
|4.||Rename the JasperReports Server 6.0.1 sample file to remove the sample- prefix. For example, rename sample-applicationContext-externalAuth-LDAP.xml to applicationContext-externalAuth-LDAP.xml.|
|5.||Configure the properties in the new sample file to match the properties in your existing sample file. To do this:|
|a.||Locate each bean you modified in the previous version.|
|b.||Find the same bean in the JasperReports Server 6.0.1 sample. The names of the beans are the same in each version.|
|c.||Copy or re-enter the properties you need for your server, taking care not to copy over class names or class packages.|
Although the bean names are the same in the JasperReports Server 6.0.1 sample files, the name and package of the class in many bean definitions have changed. Make sure not to overwrite the new names with the old ones.
|d.||Save the JasperReports Server 6.0.1 sample file.|
|e.||Rename the JasperReports Server 6.0.1 sample file to remove sample- prefix. For example, rename sample-applicationContext-externalAuth-LDAP.xml to applicationContext-externalAuth-LDAP.xml.|
|f.||Place the modified file in the <js-webapp-6.0.1>/WEB-INF directory.|
To reduce the impact of future upgrades, we created wrapper classes for the Spring Security classes used in the external authentication sample files. Wrapper Classes in JasperReports Server 6.0.1 shows the correspondence between Spring Security classes in earlier versions of JasperReports Server and the new wrapper classes in JasperReports Server 6.0.1.
At a minimum, you need to change the names and paths of the Spring Security classes you reference in any customizations you've made to JasperReports Server. The Spring Security codebase was significantly restructured from 2.x to 3.x. Many classes were moved to new packages and some classes were renamed. Mapping of Spring Classes from 2.0.x to 3.2.5 shows the mapping from 2.0.x to 3.2 for important Spring Security classes used in JasperReports Server. This table is for information only. It has not been verified with the Spring Security project and is not guaranteed to be correct. Additional information is included in the Spring Security 3.2.5 source code. You can also search the internet.