Jasper community Edition and Roles

[laurenthdl]

 Hi,

I created a new Role on a Jasper community Edition server ROLE_MYROLE. And added a test user which has that role only.

I added one directory and some ressources in this directory and changed the permissions to enable the role ROLE_MYROLE to administer that directory.

But when I log in as test, then the server shows Access denied.

Are permissions enabled in Jasper Community Edition ? Is there a way to enable that ? Is there something to change in the configuration file in order to add custom permissions ? Should I restart the server in order to update the permission table in memory ?

 

[mrmangosir]

 Hi,

What current roles does that user now have and when you login as administrator (normally jasperadmin unless changed), can you click on that user and click "login as user". What that will do is to test if you can login as that user. Check that role has rights if the folder is a sub folder?

Thanks 

[laurenthdl]

 What current roles does that user now have and when you login as administrator (normally jasperadmin unless changed), can you click on that user and click "login as user".

It has only : ROLE_MYROLE

When I click on login as user : I get Access denied.

The folder is a sub folder. But user test has READ ONLY access to root directory and I tried administrator or READ ONLY access on a subfolder.

Is there something to enable in the configuration files ? If so, what ?

 

[laurenthdl]

 Hi, I have went through the configuration files and found :

jasperserver/WEB-INF/applicationContext-security-web.xml

line 262 contains the code pasted below

The roles there look quite "hardcoded".

Is it there that I should add some other ROLES ?

If so, and if I wnated to add a kind of a USER class declined into many subroles, could there be a way to add wildcards for roles ?

Code:

           <value>                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON                PATTERN_TYPE_APACHE_ANT                /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR                /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY                /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR                /error.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR                /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY                /home.html=ROLE_USER,ROLE_ADMINISTRATOR                /flow.html=ROLE_USER,ROLE_ADMINISTRATOR                /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR                /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR                /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR                /j_spring_switch_user*=ROLE_ADMINISTRATOR                /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR                /olap/**=ROLE_USER,ROLE_ADMINISTRATOR                /xmla=ROLE_USER,ROLE_ADMINISTRATOR                /services/**=ROLE_USER,ROLE_ADMINISTRATOR                /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR                /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR                /heartbeatinfo.html=ROLE_USER,ROLE_ADMINISTRATOR                /rest/**=ROLE_USER,ROLE_ADMINISTRATOR            </value>

[mrmangosir]

So you have a user called "user", you assigned the role ROLE_MYROLE?

 

If you login in what is the exact message? Like for example does it log in, but then show "Access Denied" or is it "Invalid credentials supplied" and never goes beyond the login?

 

Lastly if you go to where your Jasper Server is installed ie. C:\Program Files\jasperreports-server-cp-4.7.0\ and go to apache-tomcat\logs. The log file stderr<todaysdate>.log, open that and check the last entry. What does it say?

[laurenthdl]

 Hi

Thanks for your answer.

When I try, i actually log in.

But then, I get "Accès refusé" that is "access denied" or "permission denied" with "Please Contact system administrator or connact with a user with appropriate permissions" (Sorry if translation is fuzzy, but messages are in French).

and I have no stderr file.

And catalina.out is quiet. maybe i should enable logger properties for acegi in the configuration.properties.

But which properties are really important ? Got :

log4j.logger.org.acegisecurity.intercept=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.intercept.method=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.intercept.web=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.afterinvocation=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.acl=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.acl.basic=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.taglibs.authz=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.ui.basicauth=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.ui.rememberme=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.ui=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.afterinvocation=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.ui.rmi=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.ui.httpinvoker=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.util=DEBUG, stdout, fileout

log4j.logger.org.acegisecurity.providers.dao=DEBUG, stdout, fileout

Which are the most important to debug those ?

, and where will the information get logged ? (I guess catalina.out file)

 

[laurenthdl]

 Hi

I added some debug information.

When trying to log in with test user :

I get that error in catalina.out :

 17 sept. 2012 17:23:24 org.apache.jasper.runtime.JspFactoryImpl internalGetPageContext

GRAVE: Exception initializing page context

is there something to setup ?