skolluri Posted June 16, 2009 Share Posted June 16, 2009 Hi,I am trying to user Direct URL to access a JasperServer report from another web application. I got some good info on Direct URLs earlier on the forum and thanks to everyone who answered! I found some postings on the authentication mechanism as well,but I couldnt quite understand. So, here I am again...I hope someone can answer and explain to me this time (pleeaaseee!)I have reports running on JasperServer. I need to access these reports from an extrernal web application (which also uses Acegi for its security). I am currently using DIRECT URLs to access the JasperServer reports. It is working great - simple, no extra changes or configuration. Except that I have to pass the login credentials as parameters in the URL like -&j_acegi_security_check?&j_username=jasperadmin&j_password=jasperadminI dont want to do this since I am exposing the login credentials in the URL and it is not very secure. We are using the community version of JasperServer(JS) 3.0 version currently. And web services is not an option either.Is there another way to achieve this?Can I use Basic Authentication instead - set the encrypted credentials in the headers, and update the JS configuration to accept Basic Auth. Since JS uses Acegi for its security as well, I am hoping it would be pretty straightforward. I am just learning Acegi, so i am a bit confused. Will that be a safe? We installed JasperServer using the war file. So, I am not sure if we can update/modify/add code, other than the config files.I really need this soon. Appreciate any comments or ideas from the JasperServer team?? Thanks,Sridevi Link to comment Share on other sites More sharing options...
deepthirohini86 Posted July 14, 2009 Share Posted July 14, 2009 Hi Sridevi, Sorry for this much delay to reply you , i am new to this forum.I am also faced the same problem , but i gave some solution. Do the following : *) In file jasperserver/WEB-INF/jsp/login_welcome.jsp you need to comment the front end design for that file and you need to write one functionfunction setusernamepassword() { var queryString=window.top.location.search.substring(1); alert(queryString); var querystring_split=queryString.split("&"); var username_details=querystring_split[0].split("="); var password_details=querystring_split[1].split("="); // write the decrypt code for user name and password and set it to the document.fmLogin.j_username.value=username_details[1]; alert("username:"+username_details[1]); document.fmLogin.j_password.value=password_details[1];}call this function into the validatePassword().If you do the following changes u can pass the http url itself without showing the login page.*) Then from your application where you are calling, encrypt the user name and password,then in the function setusernamepassword() you need to decrypt it. If you are having any trouble kindly ask me. ########If you are changing any code in the jsp file then no need to recompile the jasper server. With Regards,Rohini A.M Link to comment Share on other sites More sharing options...
skolluri Posted July 14, 2009 Author Share Posted July 14, 2009 Hi Rohini,Thanks for sharing your solution for this problem. That is a neat solution. I ended up writing a filter to do exactly the same thing as you are doing. I wrote a filter, and added it to a jar and put the jar file in ../jasperserver/WEB-INF/lib directory. This filter replaces the "RequestParameterAuthenticationFilter" that was JasperServer's filter, which basically takes the username and password from the query string and adds it to the Authentication object. I basically updated that code, to decrypt the username and password after taking it from the query string, but before adding it to the Authentication object - just like you did in the java script function.Thanks again for sharing your solution! Sridevi Link to comment Share on other sites More sharing options...
deepthirohini86 Posted August 10, 2009 Share Posted August 10, 2009 Hi sridevi, Can you share me in deeply about this solution. I am new to acegi scripts. What steps i need to follow, Actually now how you are adding the jasper server to your application,by url or by some other things. What filter i need to write, how i need to achieve without hack , kindly help me. Regards, Rohini A.M Link to comment Share on other sites More sharing options...
swood Posted August 12, 2009 Share Posted August 12, 2009 Have a look at the FAQ http://jasperforge.org/plugins/mwiki/index.php/Jasperserver/FAQ#Security_between_JasperServer_and_other_applicationsand more detailed infohttp://jasperforge.org/plugins/mwiki/index.php/Jasperserver/AuthenticationConfiguration ShermanJaspersoft Link to comment Share on other sites More sharing options...
deepthirohini86 Posted September 11, 2009 Share Posted September 11, 2009 Hi sridevi, In which programming you are encrypting the username and password. By using which function in java you are decrypting. Kindly tell me. Link to comment Share on other sites More sharing options...
anaganirakesh Posted June 20, 2012 Share Posted June 20, 2012 Hi1)In file jasperserver/WEB-INF/jsp/login_welcome.jsp is not available to comment the front end design for that file and you need to write one functionToset the user name & password previously i passed the login credentials through url like&j_acegi_security_check?&j_username=jasperadmin&j_password=jasperadmin,but i don't want to expose credentilas in url ,i need to hide the user name and password ,but in my jasper server login_welcome.jsp page is not available even though i created my own login _welcome.jsp but when i run the js it is giving error like 404 ( /jasper server) is not available2) can you please tell me where i need to put the below menction code ,i think we need to write in ( application context security.xml , or application context security.web ) can you please tel me the solution ASAPRegards,Rakesh Code:<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter, basicProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter, filterInvocationInterceptor </value> </property></bean> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <ref local="authenticationProcessingFilterEntryPoint"/> </property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"> <value>/login.html</value></property> <property name="forceHttps"> <value>false</value></property> </bean><bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"> <ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"> <value>/loginerror.html</value></property> <property name="defaultTargetUrl"> <value>/flow.html?_flowId=listReportsFlow</value> </property> <property name="filterProcessesUrl"> <value>/j_acegi_security_check</value></property> </bean><bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <!-- <property name="userDetailsService"> <ref bean="inMemoryDaoImpl"/></property> --> <property name="userDetailsService"> <ref bean="userAuthorityService"/></property> </bean><bean id="initialDirContextFactory" class="org.acegisecurity.providers.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://monkeymachine:389/dc=acegisecurity,dc=org"/> <property name="managerDn"> <value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"> <value>password</value></property> </bean> <bean id="userSearch" class="org.acegisecurity.providers.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="initialDirContextFactory" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <bean id="ldapAuthProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg> <ref local="initialDirContextFactory"/> </constructor-arg> <property name="userDnPatterns"><list> <value>uid={0},ou=people</value></list> </property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg><value>ou=groups</value></constructor-arg> <property name="groupRoleAttribute"> <value>ou</value></property> </bean> </constructor-arg> </bean> <!-- We would finally wire this into the authentication manager via: --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthProvider"/> <ref local="anonymousAuthenticationProvider"/> </list> </property> </bean> <bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider"> <property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property> <property name="loginContextName"> <value>FileLogin</value> </property> <property name="callbackHandlers"> <list> <bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/> <bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/> </list> </property> <property name="authorityGranters"> <list> <bean class="org.appfuse.web.JaasAuthorityGranter"/> </list> </property> </bean> Link to comment Share on other sites More sharing options...
anaganirakesh Posted June 20, 2012 Share Posted June 20, 2012 anaganirakeshWrote: Hi 1)In jasperserver/WEB-INF/jsp/login_welcome.jsp is not available to comment the front end design for that file and you need to write one function 2)To set the user name & password previously i passed the login credentials through url like &j_acegi_security_check?&j_username=jasperadmin&j_password=jasperadmin, but i don't want to expose credentilas in url ,i need to hide the user name and password ,but in my jasper server login_welcome.jsp page is not available even though i created my own login _welcome.jsp but when i run the js it is giving error like 404 ( /jasper server) is not available 3) can you please tell me where i need to put the below menction code ,i think we need to write in ( application context security.xml , or application context security.web ) can you please tel me the solution ASAP Regards, Rakesh Code: Link to comment Share on other sites More sharing options...
sm5.nsit Posted January 7, 2015 Share Posted January 7, 2015 Hey I want to achive the same i.e. to access reports on jasper server through direct url. but i am facing some problem. can you share any link to help me with the same. Thanks :) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now