william_ferguson_au Posted August 4, 2006 Share Posted August 4, 2006 We don't want to use the JasperIntel UI (in general) as report scheduling etc will be performed via a WebService. But we do want users to be able to retrieve their reports without having to authenticate to the JasperIntel application as they will already have autheticated to another application. Our plan is to generate a token for each report and use that token to create a path within the repository (or hopefully filesystem) at which the report results will be stored. Is there some way I can switch off authentication requirements for "/fileview/*" Requests but not for anything else? William Link to comment Share on other sites More sharing options...
swood Posted August 4, 2006 Share Posted August 4, 2006 All security configuration is in /WEB-INF/applicationContext-security.xml. See the filterInvocationInterceptor bean definition in that configuration file and the line: /fileview/**=ROLE_USER Make that /fileview/**=ROLE_ANONYMOUS,ROLE_USER and move it higher in the list. ShermanJasperSoft Link to comment Share on other sites More sharing options...
william_ferguson_au Posted August 4, 2006 Author Share Posted August 4, 2006 Thanks Sherman, that work nicely. But I don't understand why you also suggested moving it higher in the list of URIs. It isn't maked by anything above it so it shouldn't matter right? In any case, it worked fine by just adding in the ROLE_ANONYMOUS entry. To keep the names of the generated results human comprehensible and to provide the token level security I mentioned above, we will be creating a new folder in the repository for each ReportJob based on the token. Each such folder would then contain one generated report output for each time that schedueld ReportJob is executed. Are you aware of any limitations we might encounter by having so many folders created within the Repository? William Link to comment Share on other sites More sharing options...
kadimulam Posted February 18, 2009 Share Posted February 18, 2009 Hi,I am working on the similar requirement. I checked '/WEB-INF/applicationContext-security.xml', but i didnt find '/fileview/**=ROLE_USER' in that file. However i found '/fileview/**=ROLE_USER,ROLE_ADMINISTRATOR'. I am using JasperServer 3.0. Could you please help me in doing this customization?ThanksKiran Link to comment Share on other sites More sharing options...
swood Posted February 25, 2009 Share Posted February 25, 2009 I can't remember why I suggested moving it higher in the list. It will have worked fine just changing it. We are seeing some issues related to performance with large numbers of resources in the repository. Our checking of permissions on resources and folders is not as efficient as it could be. This will slow down screens that show resources or folders from across the repository, like view reports or analysis views, or folders that have large numbers of resources in them (over 100 say). We are working to improve this in the next release. The release candidate is out in a week or so, but we are still working on the performance in this area. ShermanJaspersoft Link to comment Share on other sites More sharing options...
swood Posted February 25, 2009 Share Posted February 25, 2009 Just add ROLE_ANONYMOUS to the fileview entry. ShermanJaspersoft Link to comment Share on other sites More sharing options...
theodan Posted May 31, 2009 Share Posted May 31, 2009 Post Edited by theodan at 05/31/2009 23:19 Link to comment Share on other sites More sharing options...
gshukert Posted June 9, 2010 Share Posted June 9, 2010 We want to allow anonymous access to reports online. Which property should we change to ROLE_ANONYMOUS?I've changed flow.html, fileview, and jrpxml but get the message below. (It does not take me to the login page as before)Error Message: Access denied: You do not have permission to take the requested action. Link to comment Share on other sites More sharing options...
lucianc Posted June 17, 2010 Share Posted June 17, 2010 gshukertWrote: We want to allow anonymous access to reports online. Which property should we change to ROLE_ANONYMOUS? I've changed flow.html, fileview, and jrpxml but get the message below. (It does not take me to the login page as before) Error Message: Access denied: You do not have permission to take the requested action. I'm not sure what exactly you changed (what's that jrpxml?), but you'll need to also add viewReportFlow=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS to the list of flow permissions configured in the flowVoter bean. And then make sure that ROLE_ANONYMOUS has read permissions to all resources used by the reports (data suorces, images, etc).Regards,Lucian Link to comment Share on other sites More sharing options...
jconkey Posted June 17, 2010 Share Posted June 17, 2010 I'm also trying to switch off authentication, in Jasper 3.7.0 CE. I want to provide single sign on through an Apache proxy, so when the request reaches the jasperserver, I want it to act as if a ROLE_USER is logged in. When I make the changes to applicationContext-security.xml suggested in this thread or related threads, I get this error:2010-06-17 12:24:19,556 ERROR SearchAction,http-8080-Processor25:270 - SEARCH_ERROR: Can't load search result.java.lang.ClassCastException: java.lang.String at com.jaspersoft.jasperserver.search.filter.FolderFilter.hasRole(FolderFilter.java:101) at com.jaspersoft.jasperserver.search.filter.FolderFilter.addRoleAccessUrlsRestrictions(FolderFilter.java:81) at com.jaspersoft.jasperserver.search.filter.FolderFilter.applyRestrictions(FolderFilter.java:75)...I made these changes:1. gave access to ROLE_ANONYMOUS to the repository root.2. modified the filterInvocationInterceptor bean to add ROLE_ANONYMOUS to URLs (I tried several combinations).e.g. /flow.html=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS3. modified the flowVoter bean to add ROLE_ANONYMOUS to the * row (I also tried adding to other rows)e.g. *=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS4. restarted jasperserverI also tried editing the anonymousProcessingFilter but just got errors.Does anyone know if the process is different in 3.7 from previous versions, and what the settings are? Thank you,Jason Link to comment Share on other sites More sharing options...
lucianc Posted July 1, 2010 Share Posted July 1, 2010 jconkeyWrote: When I make the changes to applicationContext-security.xml suggested in this thread or related threads, I get this error: 2010-06-17 12:24:19,556 ERROR SearchAction,http-8080-Processor25:270 - SEARCH_ERROR: Can't load search result. java.lang.ClassCastException: java.lang.String at com.jaspersoft.jasperserver.search.filter.FolderFilter.hasRole(FolderFilter.java:101) Indeed, anonymousProcessingFilter is not compatible with some JasperServer screens. That's because several places in the code assume that the current authenticated principal is a user object (com.jaspersoft.jasperserver.api.metadata.user.domain.impl.client.MetadataUserDetails), and anonymousProcessingFilter sets a String as auth principal.The only solution is to extend the anonymous filter so that it uses a user object as principal.Regards,Lucian Link to comment Share on other sites More sharing options...
roeycohen Posted July 28, 2010 Share Posted July 28, 2010 Hi, I'm also trying to remove authentication from my JasperServer.I've edited the file:C:\Program Files\jasperserver-pro-3.7\apache-tomcat\webapps\jasperserver-pro\WEB-INF\applicationContext-security.xmladded the ROLE_ANONYMOUS to all URLs and restarted the server. when i entered all kind of urls, all of them redirected me the login page... any ideas??ThanksRoey Link to comment Share on other sites More sharing options...
roeycohen Posted July 28, 2010 Share Posted July 28, 2010 Post Edited by roeycohen at 07/28/2010 08:58 Link to comment Share on other sites More sharing options...
roeycohen Posted July 28, 2010 Share Posted July 28, 2010 luciancWrote: jconkey Wrote: ... The only solution is to extend the anonymous filter so that it uses a user object as principal. Regards, Lucian how do i extended the anonymous filter? Link to comment Share on other sites More sharing options...
lasinir Posted August 10, 2010 Share Posted August 10, 2010 Okay. I know we had this working under 3.5. but I recently upgraded to JS 3.7 CE (and my working version of 3.5 is formated ;).I have tried all the solutions presented in this posting, (and still have the flowVoter bean change to add ROLE_ANONYMOUS and /fileview/**=ROLE_ANONYMOUS,ROLE_USER setting) but none of these worked.But then after gonig back almost 20 pages in forum post's I came across this obscure thread.http://jasperforge.org/plugins/espforum/view.php?group_id=112&forumid=102&topicid=71124And then after I made the change mentioned (adding the line in bold):Change the entry in applicationContext-evetns-lgging.xml - Exactly what sherman told me to.<bean id="accessContext" class="com.jaspersoft.jasperserver.api.logging.access.context.impl.AccessContextImpl"> <property name="clientClassFactory" ref="mappingResourceFactory"/> <property name="loggingContextProvider" ref="${bean.loggingContextProvider}"/> <property name="userAuthorityService" ref="${bean.userAuthorityService}"/> </bean>Then a restart of the services and bingo!. anonymous access started working again.Hope this helps some one. or more than one. Link to comment Share on other sites More sharing options...
usmansaleem Posted August 17, 2010 Share Posted August 17, 2010 Thanks, this last point really helped. --Uzi Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now