Security Check

The security check call is equivalent to a login call. You send the user credentials and you can tell from the response whether they are valid or not on the server. If they are valid, the server creates a user session or if the user has already performed an operation with valid credentials, it accesses the existing user session.

In either case, the successful response contains the JSESSIONID cookie of the user session. As with the login service, once you receive the session cookie, you should return it with future requests and use it to close the session as described in Logout.

Method

URL

GET

http://<host>:<port>/jasperserver[-pro]//j_spring_security_check?<arguments>

Argument

Type/Value

Description

orgId? Text The organization ID or alias. Required for organization admins and users when there is more than one organization defined. Not required for the system admin (superuser by default).

j_username

Text

The user ID.

j_password

Text

The user’s password. If the server has login encryption enabled, the password must be encrypted as explained in Login Encryption.

userLocale? Java locale string Set the optional locale for user in this session.
userTimezone? Java time zone Set the optional time zone for the user in this session.
Options  
accept: application/json  

Return Value on Success

Typical Return Values on Failure

302 Moved Temporarily – Response HTTP Header "Location" redirects to "/loginsuccess.html" by default, but often depends on the last session operation.

See below if you specify JSON.

302 Moved Temporarily – Response HTTP Header "Location" redirects to /login.html?error=1.

If you specify accept: application/json in your request, the location of the redirect in case of success is always the file /scripts/bower_components/js-sdk/src/common/auth/loginSuccess.json. The content of this file is:

{
"success":true
}

You can configure the location of this file. Edit the configuration file applicationContext-security-web.xml and change the constructor value of the following bean:

<bean id="authSuccessJsonRedirectUrl" class="java.lang.String">
 
  <constructor-arg type="java.lang.String"
    value="/scripts/bower_components/js-sdk/src/common/auth/loginSuccess.json"/>
 
</bean>

Using an SSO Token

If you are using Single Sign-On for authentication, you can use the security check to submit the ticket.

Method

URL

GET

http://<host>:<port>/jasperserver[-pro]//j_spring_security_check?<arguments>

Argument

Type/Value

Description

ticket Text The ticket for your SSO mechanism. The default parameter name for an SSO authentication token is "ticket". This parameter name can be changed in the configuration file applicationContext-externalAuth-<sso>.xml.
Options
accept: application/json

Return Value on Success

Typical Return Values on Failure

302 Moved Temporarily – Response HTTP Header "Location" redirects to "/loginsuccess.html" by default, but often depends on the last session operation.

302 Moved Temporarily – Response HTTP Header "Location" redirects to /login.html?error=1.

For example, if you have configured the server to use CAS as your SSO provider, you can authenticate and receive the session ID with the following request:

GET http://localhost:8080/jasperserver-pro/j_spring_security_check?ticket=ST-40-CZeUUnGPxEqgScNbxh9l-sso-cas.eng.jaspersoft.com

The response has the same behavior as the password-based security check, including the use of a JSON file if requested.

Using a Pre-Authentication Token

When using a pre-authentication mechanism, the verification of the credentials is performed at the base URL of the server.

Method

URL

GET

http://<host>:<port>/jasperserver[-pro]/?<arguments>

Argument

Type/Value

Description

pp Text The token for your pre-authentication mechanism. The default parameter name for a pre authentication token is "pp". This parameter name can be changed in the configuration file applicationContext-externalAuth-preAuth.xml.
Options
accept: application/json

Return Value on Success

Typical Return Values on Failure

302 Moved Temporarily – Response HTTP Header "Location" redirects to "/loginsuccess.html" by default, but often depends on the last session operation.

302 Moved Temporarily – Response HTTP Header "Location" redirects to /login.html?error=1.

For example, if you have configured the server to use pre-authentication, you can authenticate and receive the session ID with the following request:

GET http://localhost:8080/jasperserver-pro?pp=u%3DSteve%7Cr%3DExt_User%7Co%3Dorganization_1%7Cpa1%3DUSA%7Cpa2%3D1
Version: 
Feedback
randomness