Container Security with Community Server 6.0.1?

[mboorshtein]

The administration guide (https://community.jaspersoft.com/documentation/tibco-jasperreports-server-administrator-guide/v601/overview-security) mentions that "Container security (Tomcat, Jetty)" is supported but the authentication cookbook makes no mention of this (or siteminder which is also mentioned in the administration guide).  I also can't find a wiki page on this.  Are there any instructions on how to enable Jasper to use getUserPrincipal?  

Thanks

Marc

[mboorshtein]

Ok, so after digging through the code and a considerable amount of trial and error I have a configuration that works with the standard spring header filter (I assume it would work with the j2ee filter as well.  Create WEB-INF/applicationContext-externalAuth-preauth.xml with the following:

 

<beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">    <!-- marker disabling JIAuthenticationSynchronizer: pre-5.1 external auth config-->    <alias name="${bean.authenticationProcessingFilter}" alias="proxyAuthenticationProcessingFilter"/>    <bean id="proxyPreAuthenticatedProcessingFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">        <property name="principalRequestHeader" value="uid" />        <property name="authenticationManager" ref="preauthenticationManager" />    </bean>   <bean id="preauthenticationManager" class="org.springframework.security.authentication.ProviderManager">        <constructor-arg name="providers">            <list>                <ref bean="preauthAuthProvider"/>            </list>        </constructor-arg>    </bean>  <bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">    <property name="preAuthenticatedUserDetailsService">      <bean id="userDetailsServiceWrapper"          class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">  <property name="userDetailsService"><ref bean="${bean.internalUserAuthorityService}"/></property>      </bean>    </property>    </bean></beans>[/code]

Replace uid with the name of the header that contains the user's id.  NOTE: this only will do SSO and assumes that the user already exists inside of your configuration.  If the user doesn't exist I'm sure you'll get an error.  Also, make sure that your accounts are NOT marked as external.

[mboorshtein]

Ok, so after digging through the code and a considerable amount of trial and error I have a configuration that works with the standard spring header filter (I assume it would work with the j2ee filter as well.  Create WEB-INF/applicationContext-externalAuth-preauth.xml with the following:

<beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">    <!-- marker disabling JIAuthenticationSynchronizer: pre-5.1 external auth config-->    <alias name="${bean.authenticationProcessingFilter}" alias="proxyAuthenticationProcessingFilter"/>    <bean id="proxyPreAuthenticatedProcessingFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">        <property name="principalRequestHeader" value="uid" />        <property name="authenticationManager" ref="preauthenticationManager" />    </bean>   <bean id="preauthenticationManager" class="org.springframework.security.authentication.ProviderManager">        <constructor-arg name="providers">            <list>                <ref bean="preauthAuthProvider"/>            </list>        </constructor-arg>    </bean>  <bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">    <property name="preAuthenticatedUserDetailsService">      <bean id="userDetailsServiceWrapper"          class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">  <property name="userDetailsService"><ref bean="${bean.internalUserAuthorityService}"/></property>      </bean>    </property>    </bean></beans>[/code]

Replace uid with the name of the header that contains the user's id.  NOTE: this only will do SSO and assumes that the user already exists inside of your configuration.  If the user doesn't exist I'm sure you'll get an error.  Also, make sure that your accounts are NOT marked as external.