Domain Security using tenantId

[pw1971]

We're looking to use V3.5 and the new mulit-tenancy features.  Reviewing the supermartDomain_security example it demonstrates looking up a tenantId from the user table and applying this as a filter, extract is shown below:

------------------------------------

<!-- For multi-tenancy demo.
    Assumes state abbreviations are used for the Organization ID (tenantId).
    Examples:
      Organization Names : California, Washington, Oregon
      Organization IDs (tenantId) : ca, wa, or  (tenantId maps to the values held in store_state)
    -->

    <!-- for Sales -->
    <!--resourceAccessGrant id="sales_join_ROLE_SUPERMART_TENANTID_row_grant">
     <principalExpression>authentication.principal.tenantId != null</principalExpression>
            <filterExpression>store1.store_state in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>
        </resourceAccessGrant-->

      </resourceAccessGrants>
    </resourceAccessGrantList>

------------------------------------

I have tried to change this for our requirements as shown below but receive "An error has occured uploading the security file"  when trying to upload it using the Domain/Add Security option.

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">

    <resourceAccessGrants>
   
    <resourceAccessGrant id="JoinTree_1">
     <principalExpression>authentication.getPrincipal().tenantId != null</principalExpression>
            <filterExpression>TableName.OwnerID in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>
   
    </resourceAccessGrant-->

    </resourceAccessGrants>

</securityDefinition>

 

[andrewsok]

 I am not sure whether you posted a full version of your security file, or just part of it, but it is incorrect from XML and XSD point of view (which very likely is what is causing the error).

Here is the valid version, please, try it.

Code:

<securityDefinition xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0" itemGroupDefaultAccess="granted">  <resourceAccessGrants>    <resourceAccessGrantList id="JoinTree_1_grantList" label="aLabel" resourceId="JoinTree_1">      <resourceAccessGrants>        <resourceAccessGrant id="JoinTree_1_grant">          <principalExpression>authentication.getPrincipal().tenantId != null</principalExpression>          <filterExpression>TableName.OwnerID in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>        </resourceAccessGrant>      </resourceAccessGrants>    </resourceAccessGrantList>  </resourceAccessGrants></securityDefinition>

[pw1971]

It works but I am struggling to get the tenanId, I have tried <filterExpression>OwnerID in (groovy('authentication.principal.tenantId'))</filterExpression> but it doesn't allow any data to be retrieved.

It works if I manually set it as <filterExpression>OwnerID in ('2')</filterExpression>

Thanks.

[andrewsok]

It shouldn't matter but... Try using actual methods, not properties :

<filterExpression>OwnerID in (groovy('authentication.getPrincipal().getTenantId()'))</filterExpression>

[samvijay]

Or you can try this

 

((com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails)(org.acegisecurity.context.SecurityContextHolder.getContext().getAuthentication().getDetails())).getTenantId()

[pw1971]

What's the correct syntax for this as the below errors:

 

OwnerID in (groovy((com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails)(org.acegisecurity.context.SecurityContextHolder.getContext().getAuthentication().getDetails())).getTenantId()

 

[pw1971]

The following syntax works:

<filterExpression>OwnerName in (groovy('authentication.getPrincipal().getTenantId()'))</filterExpression>

Note that the getTenantId() returns the value stored in the tenantId field in the jasperserver.JITenant table.