Security concerns regarding REST implementation

[efrandsen]

We are about to implement Jaspersoft Server community version and I am starting to learn.

Our application setup:

• SelfService application
• Case Management application
• Jasper Report Server

Jasper is used by the internal case workers to get reports.

There is a need for external users in the SelfService application to automatically retrieve a report based on the data from the external users case. Our initial expectation was to do this with the rest api directly from SelfService with a button. However, before we investigate further, would this even be possible without security concerns? The user in SelfService should never be able to retrieve other reports than this specific report and only retrive it for cases that he/she owns.

Anyone who can guide me in the right direction?

 

[hozawa]

I think you're on the right track with calling JasperReports Server via REST API to get the report. Use the POST method to authenticate the request. If you're going to use https on your JasperReports Server, you'll need to set your application server.

Also, there's a documentation on server authentication that you may be interested in.

http://community.jaspersoft.com/documentation/tibco-jasperreports-server-authentication-cookbook/v610/introduction