Updating your Security File
In JasperReports Server 6.0, we added support for hierarchical attributes, which extend attribute functionality. For security files, we added a new service, attributesService, that supports hierarchical attributes and usually has better performance. This section describes how to update your security file to use attributesService.
With hierarchical attributes, a user can inherit attributes from their organization or the server in addition to any attributes assigned to the user directly. When providing an attribute, you can either specify the category (user, organization, or server) in which the server should look for its value, or allow the server to locate the value hierarchically.
To update an existing Domain security file:
| • | Where possible, update principal expressions to use attributesService. However, attributesService does not support information that is stored in the Spring principal object, such as user roles. |
| • | If you need to retrieve information from the principal object, as in the case of roles, you should use a getter instead of accessing the attribute directly. For example, use authentication.getPrincipal.getRoles, not authentication.principal.roles. |
|
|
Where possible, you should update any security file that uses the older authentication.principal.attributes syntax. Although this syntax still works, it does not support hierarchical attributes. In addition, when your security file uses the authentication.principal.attributes syntax, and you change a user's attributes, the user must log in back in for the change to take effect. attributesService is updated immediately after a user's attributes are changed. |
Updating to attributesService:
For example, suppose you have the following resource access grant, which does not support hierarchical attributes:
<resourceAccessGrant id="custom_grant_1">
<principalExpression>
authentication.principal.attributes.any{ it.attrName in ['AccessLevel'] ?
it.attrValue.equals('Manager') : false }
</principalExpression>
<filterExpression>testProfileAttribute(region11.sales_city,'Cities')</filterExpression>
</resourceAccessGrant> |
You can update the principal expression as shown below:
<resourceAccessGrant id="custom_grant_2">
<principalExpression>
attributesService.getAttribute('AccessLevel', null)?.getAttrValue().equals('Manager')
</principalExpression>
<filterExpression>testProfileAttribute(region11.sales_city,'Cities')</filterExpression>
</resourceAccessGrant> |
