mikewoinoski Posted April 26, 2012 Share Posted April 26, 2012 Is it possible to configure JRS to use the JSESSIONID cookie to authenticate HTTP API requests (e.g., embed a dashboard), in the same way JRS authenticates REST requests? I know we can include j_username and j_password parameters or use Basic Auth with HTTP API requests. However, both techniques require that we include the user’s password in every request to embed a resource. So we would need to keep the user’s password in memory or look it up for every request.Here’s an example scenario of what I’d like to do: User logs into our app Our app sends a REST login request to JRS JRS sends a response with Set-Cookie: JSESSIONID=… Our app sends an HTTP API request to embed a dashboard to JRS. The request includes the JSESSIONID cookie from the login response JRS authenticates the HTTP request using the session id I tried this, and tcpmon shows that the JSESSIONID cookie is included with all requests, but requests to embed resources are redirected to the JRS login page. Does JRS support this scenario, or do I need to write a new security filter that explicit checks for the JSESSIONID? Link to comment Share on other sites More sharing options...
mikewoinoski Posted April 26, 2012 Author Share Posted April 26, 2012 I did more experimenting, and JRS actually uses JSESSIONID after a login from the console. For example, I embedded a dashboard in an iFrame in our app's home page. On the initial display of the page, JRS shows the login page. After logging in, the dashboard comes up, and later requests to embed other resources work without another login. My browser shows the JSESSIONID cookie in its collection of cookies. So it looks like the same mechanism (JSESSIONID cookie) is used to authenticate both REST requests and HTTP API calls. But a REST login doesn't work when authenticating HTTP API calls. Maybe the HttpSession contents are different for a REST login and a console login. So maybe the intial login needs to use the same mechanism as a console login instead of a REST login. I'll keep hacking. Link to comment Share on other sites More sharing options...
tzaharia Posted December 3, 2012 Share Posted December 3, 2012 Hello! Did you solve this? I have a similar issue. Link to comment Share on other sites More sharing options...
aaron.mcmullen Posted October 3, 2013 Share Posted October 3, 2013 Any progress on this one? The Jasper Embedding Guide section 4.3.3 Logging Into JasperReports Server (below) seems to indicate this is possible but I can find no further docs on it or samples: "Before displaying any page, JasperReports Server requires its users to log on with a username and password. There are several ways to enter the password before displaying a dashboard: - In Kelly’s solution, the hybrid architecture using web services can be used to log in before displaying the dashboard. Because she is using web services to display lists of dashboards, she must send the user name and password as one of the first web service calls. Even in a solution that does not otherwise use web services, the API for logging in is simple and one of the most secure ways to authenticate users." Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now