jackh Posted June 5, 2013 Share Posted June 5, 2013 Hello -Recently we moved from Jasper Pro to CE. We installed the latest CE (Product Version: 5.1.0 Build: 20130508_1313) and followed the instructions in the Authentication Cookbook (which is nearly identical to what we had done in the pro version, but in a new single file). We can now authenticate and sync roles to users to our Active Directory. However, not all roles sync - a role with spaces in the name, such as "Software Development" or "NJ Management" does NOT come over to Jasper, while a role such as "SoftwareDevelopment" without the space comes over fine.Any ideas how we can resolve this issue? It was working fine in the pro version.Thanks for any assistance. - Jack Link to comment Share on other sites More sharing options...
elizam Posted June 5, 2013 Share Posted June 5, 2013 Unfortunately, this may be a bug in 5.1. I have filed it as such and notified the developer responsible. Link to comment Share on other sites More sharing options...
dlitvak Posted June 5, 2013 Share Posted June 5, 2013 Bingo, I just realized that this is by design. When you look in the logs after you turn up log level for com.jaspersoft.jasperserver.api.security.externalAuth.processors, you should see a warning "External role XXX YYY has forbidden characters according to permittedExternalRoleNameRegex: [A-Za-z0-9_]+. Skipping this role for the user ZZ"To fix the problem, please modify permittedExternalRoleNameRegex which is [A-Za-z0-9_]+ regex by default. To do that, add this property to applicationContext-externalAuth-LDAP.xml externalUserSetupProcessor bean as follows:<bean id="externalUserSetupProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.ExternalUserSetupProcessor" parent="abstractExternalProcessor"> <property name="userAuthorityService"> <ref bean="${bean.internalUserAuthorityService}"/> </property> ..... <property name="permittedExternalRoleNameRegex" value="[A-Za-z0-9_s]+"> </bean>The property permittedExternalRoleNameRegex was added to fix another bug at or after the time of the actual doc writing. Apologies. Link to comment Share on other sites More sharing options...
jackh Posted June 7, 2013 Author Share Posted June 7, 2013 First, thank you for that detailed explanation, which makes total sense. I tried this, and it still doesn't work, so perhaps it is a bug? I turned up the logging as you suggested and I see lines like this: WARN ExternalUserSetupProcessor,http-bio-80-exec-7:258 - External role PRL_INFORMATION TECHNOLOGY has forbidden characters according to permittedExternalRoleNameRegex: [A-Za-z0-9_\s]+ As you can see the "\s" is in there. Any other thoughts? Thank you! - Jack Link to comment Share on other sites More sharing options...
dlitvak Posted June 7, 2013 Share Posted June 7, 2013 My mistake, please use instead. I changed the original post as well. Link to comment Share on other sites More sharing options...
naumchik2301 Posted June 10, 2013 Share Posted June 10, 2013 Hello!This property working fine, but may be You have some solution how to replace spaces to underline? Just in 4.7 it was automaticaly, and now I want to upgrade to 5.1 but I'll need change all permissions :(Thx Link to comment Share on other sites More sharing options...
dlitvak Posted June 14, 2013 Share Posted June 14, 2013 Sorry for your trouble. It's probably best to post a separate issue if you want attention faster :) or contact support. However, since I am accidentally here... Sounds like you might have a prof. edition, no? Yes, in 5.1, code has gone through some refactoring. We accidentally dropped this replace. Ooops. We are going to put it back in 5.2. For you, you have this option 1, unless you are using LDAP: You can follow the old authentication cookbook and configure this the old way, which is going to utilize the old code. 1 thing you would absolutely need to do though is to re-add JIAuthenticationSynchronizer in /** filter chain after delegatingRequestParameterAuthenticationFilter (in filterChainProxy bean in applicationContext-security-web.xml). Now, I have not tested this personally ..., but it should work. If you are on LDAP, we are in trouble, as we dropped com.jaspersoft.jasperserver.multipleTenancy.ldap.LdapExternalUserProcessor by accident. We have since re-added it to 5.2 Hence, Option 2 is to map your external roles with spaces to JRS internal ones in the new 5.1 config. To do that, setup key-value pairs in organizationRoleMap property of mtExternalUserSetupProcessor bean. ROLE ADMIN EXTERNAL ORGANIZATION ROLE_ADMIN_EXTERNAL_ORGANIZATION|* Note |*, it will assign organization id to the role, which usually is not the case. Good luck Link to comment Share on other sites More sharing options...
naumchik2301 Posted June 17, 2013 Share Posted June 17, 2013 Deleted Link to comment Share on other sites More sharing options...
naumchik2301 Posted June 17, 2013 Share Posted June 17, 2013 Hello! No, I have community edition :) 1 option not good, because I don't want in new version use old config :), Ok, I'm waiting 5.2 release. P.S. when would be avalibale 5.2 release ? :) Thx Link to comment Share on other sites More sharing options...
dlitvak Posted June 24, 2013 Share Posted June 24, 2013 Looking at July-August. We are wrapping it up here. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now