external authentication for jasperserver

[crafty]

configuration: Jasperserver Professional 2.1, tomcat 6.0.26, Java 1.6

I am trying to configure jasperserver to authenticate via Active Directory using JAAS.  I just wrote a simple (non-production) authorityGranter class (see attached) that grants role_adminstator to everyone. The class appears to be getting called and run from applicationContext-security.xml (also attached).   The login page comes up and the logfile appears to show a "successful" login but the following error is displayed in jasperserver.log:

11:49:18,691  WARN JILicenseFilter,http-8082-1:104 - License OK. JasperServer Professional Commercial license with no expiration date.
11:49:35,113  WARN LoggerListener,http-8082-2:55 - Authentication event AuthenticationSuccessEvent: admin; details: null
11:49:35,129  WARN LoggerListener,http-8082-2:55 - Authentication event InteractiveAuthenticationSuccessEvent: admin; details: org.acegisecurity.ui.WebAuthenticationDetails@0: RemoteIpAddress: 192.168.188.44; SessionId: 4B19AC6948595A773DCF71E5EEA531E8
11:49:35,175 ERROR JSErrorPage_jsp,http-8082-1:339 -
java.lang.NullPointerException
    at com.jaspersoft.jasperserver.war.control.LoginController.getBestHomeURLForUser(LoginController.java:174)
    at com.jaspersoft.jasperserver.war.control.LoginController.loginSuccess(LoginController.java:147)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)

The stdout from tomcat log is also attached. It appears to show that authentication succeeded and my AuthorityGranter code does get run.

Can some explain what the subsequent error means and what I need to do to resolve it.  Thanks.

 

 

 

[shmee]

Is there a reason you want to use JAAS instead of LDAP?

 

I use LDAP to authenticate against my AD and it works great. It took a little while to get it working but I think it is easier to setup then JAAS.

[crafty]

I want to use JAAS because other (non Jasper) applications from my system use JAAS and it will allow me to reuse some code.

[crafty]

I got the following reply from JasperSoft support:

 

===========

It seems that jaas can return a principal that is a string. But
com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter
expects that the principal will always be an instance of UserDetails.
MetadataAuthenticationProcessingFilter needs to be more flexible so that it
correctly handles the case where the principal is a string.
 

Workaround:
create your own class for use with JIAuthenticationSynchronizer.
Therefore we don't use the normal line in applicationContext-security.xml:
<bean id="JIAuthenticationSynchronizer"
class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter">
 
Instead we use this:
<bean id="JIAuthenticationSynchronizer"
class="yourpackage.jasper.auth.MetadataUserAuthFilter">
 
In case it's interesting, this guy seems to have solved the same issue:
http://forum.springframework.org/showthread.php?t=41588

==================

Note: This issue is resolved in JasperServer 4.  I was able to login using JAAS and AD with no problems. I am not sure about the versions between 2.1 and 4.