Direct url access to reports with no auth.

[tammclaughlin]

Hello,

I have searched the forum on help for the above problem and despite coming across many posts with different suggestions, I still cannot by-pass the authentication so seeking help.

I am using jasperserver 3.0.0 with the ireport plugin v 3.0.0.

 

We have reports that generate pdf's and stored in a repository called:  ContentFiles

The url to access an example report is:

http://myserver:8080/jasperserver/fileview/fileview/ContentFiles/pdf/uk4628_003_lot_schedule_hot_technology.pdf

 

I wish to bypass the login authentication for viewing reports and have made the following changes with no sucess:

 

1. Assigned ROLE_ANONYMOUS read permissions in the folder ContentFiles and pdf from the gui

2. Edited applicationContent-security.xml as follows:

 

   edit 1:

     <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                      .......

                      .......
                /flow.html=ROLE_USER,ROLE_ANONYMOUS
                /viewreport.html=ROLE_USER,ROLE_ANONYMOUS
                /fillparams.html=ROLE_USER,ROLE_ANONYMOUS
                /fileview/**=ROLE_USER,ROLE_ANONYMOUS
                /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR

 

  edit 2:

 

   <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key"><value>foobar</value></property>
          <!--  <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property> -->
        <property name="userAttribute"><value>anonymousUser,ROLE_USER</value></property>
    </bean>
 

edit 3:

 

<bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter">
        <property name="flowAccessAttribute" value="FLOW_ACCESS"/>
        <property name="flowDefinitionSource">
                <value>
                       
                      
                        *=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS
                </value>

 

 

Is there anything that I am missing?

Can anyone offer any suggestions?

Thanks.

Tam
 

 

 

 

[halfer]

I have not used the internals of JasperServer in this way, so can't offer direct advice on that. But I've used the SOAP API a fair bit and it works very well indeed. If you get stuck on this question, you could always implement an interface in a web language of your choice, which will of course generate your reports with as much or as little authentication as you want.

[mmflynn]

Hopefully this will work for you. All I did was:

 

(1) Login as admin. Assign "read only" privileges to ROLE_ANONYMOUS to the appropriate files/folders.

 

(2) Edit applicationContent-security.xml:

Add following line to <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> section:

/fileview/personalfolders/demo/**=ROLE_ANONYMOUS

 

(3) Restart JasperServer.

 

(4) Try the url. In my case, it was: http://localhost:8080/jasperserver-pro/fileview/fileview/PersonalFolders/demo/SugarOpportunities.pdf.

 

Good luck!

Mary

[tammclaughlin]

mmflynn
Wrote:

(1) Login as admin. Assign "read only" privileges to ROLE_ANONYMOUS to the appropriate files/folders. (2) Edit applicationContent-security.xml: Add following line to <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> section: /fileview/personalfolders/demo/**=ROLE_ANONYMOUS (4) Try the url. In my case, it was: http://localhost:8080/jasperserver-pro/fileview/fileview/PersonalFolders/demo/SugarOpportunities.pdf.

 

Thanks for your reply.

However, this did not work and jasper filed to start.

(1) I can see from the admin view that I have the following folders:  root -> content files -> pdf.

      I am not sure if content files existed by default or created by the admin user

(2) You have PersonalFolders in your URL but personalfolders in your xml file.

      Is this just a typo?  I am sure I tried it with both anyway.

(3) I have the read only permissions on the folder.

(4) I tried editing the xml file above with keeping   /fileview/**=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR

        and adding /fileview/ContentFiles/pdf/**=ROLE_ANONYMOUS   and just the /fileview/ContentFiles/pdf/**=ROLE_ANONYMOUS line on it's own, both with no sucess. Jasper does not start for some reason and the logs do not seem to give much away.

 

 

[tammclaughlin]

Ok, just checked all the logs and I can see an error relating to converting to lower case. This now makes sense so I may be onto the problem!

[lasinir]

Thanks!  This helped a lot. 

I was trying to get direct anonymous access to a Dashboard web page (scheduled refreshing 15 minutes).

I am using JasperServer Communtity Edition version 3.5.0 (with 3.5.3 jasperreports.jar).

[tamtomo_2]

No longer valid for latest jasper report..

This one works though : https://community.jaspersoft.com/wiki/allow-anonymous-access-reports