huwtrimet.org Posted August 26, 2008 Share Posted August 26, 2008 I want to enable Single Sign On for JasperServer. I want to make sure this is not to be confused with the role_anonymous logon.All of my users have windows XP PC, and they are logon on to the LDAP and active directory. Basically, I want they to browse to the Jasperserver without ever login in the Jasperserver's login.html page. I want to know if this is doable? What are the estimated time to implement it with one incident technical support call?Thanks in advance Link to comment Share on other sites More sharing options...
anandharaj Posted September 4, 2008 Share Posted September 4, 2008 Hi, Well, JS do support for LDAP, so you need to configure it. I never try it before, but there is few posts regarding this. Please try search this forum Link to comment Share on other sites More sharing options...
huwtrimet.org Posted September 4, 2008 Author Share Posted September 4, 2008 Hi, I do not want to confuse LDAP with Single Sign On. I already got LDAP authentication working. Single Sign On is a different beast as far as I know. I want to bypass the Jasper login screen totally once users are already login to the windows XP PC. Is this doable? Link to comment Share on other sites More sharing options...
cjturner Posted September 7, 2008 Share Posted September 7, 2008 From your description, you are actually looking for Integrated Windows Authentication (MS/IIS definition). While similar to SSO, this is a bit different. How to do it might be beyond the scope of this forum. Assuming you are running under tomcat direct... This might be done in IIS/Tomcat using the Tomcat connector (lookup mod_jk at apache.org). It is essentially a redirector such that IIS will pass all of your tomcat requests to the tomcat instance. Your users will access JasperServer via IIS, where you will have IWA turned on. This will only authenticate, you will need to be creative to do authorization (roles). Link to comment Share on other sites More sharing options...
swood Posted September 12, 2008 Share Posted September 12, 2008 For JasperServer, the functionality would be handled by Acegi (Spring Security). Have a look at the Spring Security forums for help with this. Here is a post I think would be relevant to you forum.springframework.org/showthread.php ShermanJaspersoft Link to comment Share on other sites More sharing options...
vsoneta Posted April 30, 2009 Share Posted April 30, 2009 Hello Did you try to get this implemented if yes can you please let me know how this can be done... Link to comment Share on other sites More sharing options...
sjongenelen Posted November 30, 2009 Share Posted November 30, 2009 same.. gonna make a support call for it :/ Link to comment Share on other sites More sharing options...
riteshkumar_c Posted December 1, 2009 Share Posted December 1, 2009 We are trying to implement single sign on configuration using siteminder. But we are being directed to login.html every time.please help, i have added applicationSecurity.xml for reference.the log that is show is as below13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:46,226 WARN JILicenseFilter,http-8080-Processor25:104 - License OK. JasperAnalysis Professional Commercial license with no expiration date.13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,303 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'13:49:47,392 WARN UserAuthorityServiceImpl,http-8080-Processor24:618 - Added following external roles to: anonymousUserROLE_ANONYMOUS 13:49:47,403 WARN UserAuthorityServiceImpl,http-8080-Processor24:654 - Updated user: anonymousUser. Roles are now:ROLE_ANONYMOUSROLE_USER 13:49:47,417 WARN UserAuthorityServiceImpl,http-8080-Processor24:660 - Updated user: anonymousUser. Roles are now:ROLE_ANONYMOUSROLE_USER Code:--<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd"> <!-- ======================== FILTER CHAIN ======================= ACLs later: requestMethodsFilter Not in 1.0-RC1: exceptionTranslationFilter, Later: ,rememberMeProcessingFilter Web services currently can't use the filter chain because Axis instantiates the web service handler classes, not Spring. However, we can do the context integration filter, which associates a security context with the http session, and call into the Acegi beans from the service handler --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /xmla=httpSessionContextIntegrationFilter,basicProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /services/**=httpSessionContextIntegrationFilter,portletAuthenticationProcessingFilter,basicProcessingFilter,passwordExpirationProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /**=httpSessionContextIntegrationFilter,userPreferencesFilter,authenticationProcessingFilter,userPreferencesFilter,basicProcessingFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter </value> </property> </bean> <!-- updater bean to insert a filter --> <bean id="insertFilter" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterChainProxy"/> <property name="propertyName" value="filterInvocationDefinitionSource"/> <property name="operation" value="insert"/> </bean> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> <property name="siteminderUsernameHeaderKey"><value>sm_user</value></property> <property name="siteminderPasswordHeaderKey"><value>sm_user</value></property> <property name="formUsernameParameterKey"><value>j_username</value></property></bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <!-- not on by default <ref local="ldapAuthenticationProvider"/> --> <ref local="siteminderAuthenticationProvider"/> <ref local="daoAuthenticationProvider"/> <!--<ref local="anonymousAuthenticationProvider"/>--> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> <bean id="siteminderAuthenticationProvider" class="org.acegisecurity.providers.siteminder.SiteminderAuthenticationProvider"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <!-- jdbcDaoImpl --> <!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> --> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <!-- <property name="passwordEncoder"><ref local="passwordEncoder"/></property> --> </bean> <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer"> <property name="allowEncoding"><value>false</value></property> <property name="keyInPlainText"><value>false</value></property> <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C 0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property> <property name="secretKeyAlgorithm"><value>DESede</value></property> <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property> </bean> <!-- <bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider"> <property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property> <property name="loginContextName"> <value>FileLogin</value> </property> <property name="callbackHandlers"> <list> <bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/> <bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/> </list> </property> <property name="authorityGranters"> <list> <bean class="org.appfuse.web.JaasAuthorityGranter"/> </list> </property> </bean> --> <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key"><value>foobar</value></property> <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property> </bean> <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key"><value>foobar</value></property> </bean> <!-- <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> tomcat=536c0b339345616c1b33caf454454d8b8a190d6c,ROLE_USER springlive=2a9152cff1d25b5bbaa3e5fbc7acdc6905c9f251,ROLE_USER </value> </property> </bean> --> <!-- For LDAP authentication <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://scopeserv1:389/dc=panscopic,dc=com"/> --> <!-- You may not need the next properties <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"><value>acegisecurity</value></property> --> <!-- </bean> --> <!-- For LDAP authentication This bean is not used by default <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="initialDirContextFactory" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> --> <!-- For LDAP authentication <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"><list><value>uid={0}</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg index="1"><value></value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property> </bean> </constructor-arg> </bean> --> <bean id="JIAuthenticationSynchronizer" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter"> <property name="externalUserService"><ref bean="userAuthorityService"/></property> </bean> <!-- Automatically receives AuthenticationEvent messages --> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> <bean id="userLocalesList" class="com.jaspersoft.jasperserver.war.common.LocalesListImpl"> <property name="locales"> <list> <value type="java.util.Locale">en</value> <value type="java.util.Locale">fr</value> <value type="java.util.Locale">it</value> <value type="java.util.Locale">es</value> <value type="java.util.Locale">de</value> <value type="java.util.Locale">ro</value> <value type="java.util.Locale">ja</value> <value type="java.util.Locale">zh_TW</value> </list> </property> </bean> <bean id="userPreferencesFilter" class="com.jaspersoft.jasperserver.war.UserPreferencesFilter"> <property name="cookieAge"> <value type="int">86400</value> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <!-- <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="rememberMeServices"><ref local="rememberMeServices"/></property> </bean> <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property> <property name="key"><value>springRocks</value></property> </bean> <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> <property name="key"><value>springRocks</value></property> </bean> --> <!-- Basic Authentication --> <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="portletAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.JIPortletAuthenticationProcessingFilter"> <property name="trustedIpAddress"> <list> <!-- uncomment this if both portal server and web server are running on the same machine --> <!-- <value>127.0.0.1</value> --> </list> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <bean id="passwordExpirationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter"> <property name="userService"> <ref bean="userAuthorityService"/> </property> <property name="passwordExpirationInDays" value="0" /> </bean> <!-- if there is no BASIC auth header, this filter will display a 401 error thanks to the entry point --> <bean id="basicAuthExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName"><value>Protected Area</value></property> </bean> <!-- Form-based Authentication <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> </bean> --> <!-- CWS <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean>--> <bean id="requestParameterAuthenticationFilter" class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginerror.html</value></property> <property name="excludeUrls"> <list> <value>/j_acegi_switch_user</value> </list> </property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.html</value></property> <property name="forceHttps"><value>false</value></property> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> <property name="context"><value>org.acegisecurity.context.security.SecureContextImpl</value></property> </bean> --> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/WEB-INF/jsp/AccessDeniedPage.jsp"/> </bean> </property> </bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> <!-- <bean id="runAsManager" class="org.acegisecurity.runas.RunAsImplAuthenticationProvider"> <property name="key"><value>my_run_as_password</value></property> </bean> --> <bean id="requestMethodsFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> <!-- Optionally, you can specify a "rolePrefix" property to change (or remove) the ROLE_ prefix for role names. --> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last ========= JasperServer Note ============== There are currently three roles: ROLE_ANONYMOUS (i.e. not logged in) ROLE_USER ROLE_ADMINISTRATOR Any page accessible by a non-admin user (or by someone not logged in) must be added explicitly. Any other pages are assumed to require the admin role --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <!-- <property name="runAsManager"><ref bean="runAsManager"/></property> --> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /home.html=ROLE_USER,ROLE_ADMINISTRATOR /flow.html=ROLE_USER,ROLE_ADMINISTRATOR /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR /j_acegi_switch_user*=ROLE_ADMINISTRATOR /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR /olap/**=ROLE_USER,ROLE_ADMINISTRATOR /xmla=ROLE_USER,ROLE_ADMINISTRATOR /services/**=ROLE_USER,ROLE_ADMINISTRATOR /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <!-- updater bean to set the roles allowed to get to a URL --> <bean id="setRolesForURL" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterInvocationInterceptor"/> <property name="propertyName" value="objectDefinitionSource"/> <property name="operation" value="append"/> </bean> <!-- get these done last --> <bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater"> <property name="definition" ref="setRolesForURL"/> <property name="order" value="1000000000"/> <property name="value"> <value> /*.html=ROLE_ADMINISTRATOR /*.jsp=ROLE_ADMINISTRATOR </value> </property> </bean> <!-- switchUserProcessingFilter for "login-as" feature --> <bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <property name="switchUserUrl"><value>/j_acegi_switch_user</value></property> <property name="exitUserUrl"><value>/j_acegi_exit_user</value></property> <property name="targetUrl"><value>/home.html</value></property> </bean> <!-- ===================== ACL-BASED SECURITY ==================== --> <!-- ACL permission masks used by this application --> <bean id="SimpleAclEntry.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value> </property> </bean> <bean id="SimpleAclEntry.READ_WRITE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ_WRITE</value> </property> </bean> <bean id="SimpleAclEntry.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ</value> </property> </bean> <bean id="SimpleAclEntry.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value> </property> </bean> <!-- An access decision voter that reads ACL_USER_ADMIN settings --> <bean id="aclUserAdminVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_ADMIN</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserReadVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_READ</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_UPDATE settings --> <bean id="aclUserUpdateVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_UPDATE</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserDeleteVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_DELETE</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <!-- An access decision manager used by the business objects --> <bean id="aclAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="roleVoter"/> <ref local="aclUserAdminVoter"/> <ref local="aclUserUpdateVoter"/> <!-- <ref local="aclUserCreateVoter"/> --> <ref local="aclUserDeleteVoter"/> <ref local="aclUserReadVoter"/> <ref local="aclUserMoveVoter"/> <ref local="aclUserCopyVoter"/> </list> </property> </bean> <!-- ========= ACCESS CONTROL LIST MANAGER DEFINITIONS ========= --> <bean id="aclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <!-- ===================== METHOD-LEVEL SECURITY ==================== Read methods: getResource getResourceData - Does not return a resource getContentResourceData - Does not return a resource getFolder getAllFolders getSubFolders findResource loadResourcesList* loadClientResources* getChildrenFolderName - Does not return a resource Write methods: saveFolder - Problems handling not existent objects... saveResource - Problems handling not existent objects... newResource - Not useful.... Delete methods: deleteResource deleteFolder delete - Not useful.... --> <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <bean id="repositoryServiceMethodSecurity" class="com.jaspersoft.jasperserver.api.common.util.spring.SimplePropertyFactoryBean"> <property name="objectType" value="org.acegisecurity.intercept.method.MethodDefinitionSource"/> <property name="value"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveFolder=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveResource=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyResource=ACL_USER_COPY com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyFolder=ACL_USER_COPY </value> </property> </bean> <!-- Not used <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.getRepoResource=ROLE_PermissionTestRoleAgain,AFTER_ACL_READ com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.loadResourcesList=ROLE_PermissionTestRole,ROLE_PermissionTestRoleAgain,AFTER_ACL_COLLECTION_READ </value> </property> </bean> <bean id="domainObjectInstanceSecurityAspect" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.ObjectSecurityAspect" factory-method="aspectOf"> <property name="securityInterceptor"><ref local="hibernateRepoServiceSecurity"/></property> </bean> --> <!-- ============== "AFTER INTERCEPTION" AUTHORIZATION =========== --> <bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> </list> </property> </bean> <bean id="afterInvocationManagerForUpdate" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> <ref local="afterAclCollectionUpdate"/> </list> </property> </bean> <!-- Processes AFTER_ACL_COLLECTION_READ configuration settings --> <bean id="afterAclCollectionRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- Processes AFTER_ACL_READ configuration settings --> <bean id="afterAclRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!--Processes AFTER_ACL_COLLECTION_UPDATE configuration settings--> <bean id="afterAclCollectionUpdate" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"> <ref local="aclManager"/> </property> <property name="processConfigAttribute"> <value>AFTER_ACL_COLLECTION_UPDATE</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer"> <property name="customEditors"> <map> <entry key="com.jaspersoft.jasperserver.war.security.FlowDefinitionSource"> <bean class="com.jaspersoft.jasperserver.war.security.FlowDefinitionSourceEditor"/> </entry> <entry key="org.acegisecurity.ConfigAttribute"> <bean class="com.jaspersoft.jasperserver.api.metadata.security.ConfigAttributeEditor"/> </entry> </map> </property> </bean> <bean id="flowAclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter"> <property name="flowAccessAttribute" value="FLOW_ACCESS"/> <property name="flowDefinitionSource"> <value> repoAdminFlow=ROLE_ADMINISTRATOR userListFlow=ROLE_ADMINISTRATOR roleListFlow=ROLE_ADMINISTRATOR reportUnitFlow=ROLE_ADMINISTRATOR olapUnitFlow=ROLE_ADMINISTRATOR olapClientConnectionFlow=ROLE_ADMINISTRATOR mondrianXmlaSourceFlow=ROLE_ADMINISTRATOR editFolderFlow=ROLE_ADMINISTRATOR fileResourceFlow=ROLE_ADMINISTRATOR dataTypeFlow=ROLE_ADMINISTRATOR listOfValuesFlow=ROLE_ADMINISTRATOR queryFlow=ROLE_ADMINISTRATOR reportDataSourceFlow=ROLE_ADMINISTRATOR inputControlsFlow=ROLE_ADMINISTRATOR objectPermissionToRoleFlow=ROLE_ADMINISTRATOR userEditFlow=ROLE_ADMINISTRATOR roleEditFlow=ROLE_ADMINISTRATOR queryReferenceFlow=ROLE_ADMINISTRATOR objectPermissionToUserFlow=ROLE_ADMINISTRATOR repositoryExplorerFlow=ROLE_USER,ROLE_ADMINISTRATOR *=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <bean id="flowAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="flowVoter"/> </list> </property> </bean> <bean id="flowExecuterSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="flowAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> org.springframework.webflow.executor.FlowExecutor.launch=FLOW_ACCESS </value> </property> </bean> <bean id="checkAclUpdateInterceptor" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.CheckMethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <!-- Use for saveResource --> <bean id="securityCheckerForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="checkAclUpdateInterceptor"/> </list> </property> </bean> <!-- Utility class using securityCheckerForAclUpdate --> <bean id="repositoryServiceSecurityChecker" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.RepositoryServiceSecurityChecker"> <property name="securityChecker"> <ref local="securityCheckerForAclUpdate"/> </property> </bean> <!-- run other interceptors if the user has update access. --> <bean id="aclUpdateMethodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE </value> </property> </bean> <!-- Use for getAllFolders: will run repositoryService methods if the user has update access. --> <bean id="repositoryServiceForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="hibernateRepoServiceTransactionInterceptor" /> <idref bean="aclUpdateMethodSecurityInterceptor"/> <idref bean="hibernateRepositoryService"/> </list> </property> </bean> <bean id="aclUserMoveVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_MOVE"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> </list> </property> </bean> <bean id="aclUserCopyVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_COPY"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </prope Link to comment Share on other sites More sharing options...
sjongenelen Posted December 2, 2009 Share Posted December 2, 2009 Ive been told from support that IWA-like single sign on never has been done... i might be hiring JasperSoft for it (they seem to be able to create it for you) could you please post your progres riteshkumar_c? Link to comment Share on other sites More sharing options...
swood Posted December 10, 2009 Share Posted December 10, 2009 Jaspersoft does a lot of custom single sign on work. There are many vendors and custom solutions people have used over the years. As you said IWA has not been done yet. Acegi Security (now Spring Security) gives JasperServer an authentication and authorization framework. I responded to this post http://jasperforge.org/plugins/espforum/view.php?group_id=112&forumid=102&topicid=56429 about SS0. There is also a discussion here http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux ShermanJaspersoft Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now