For projects, using Jaspersoft Server community edition is secure or not

[vvenkatkarthikk]

Hi,

For projects, using Jaspersoft Server community edition is secure or not.

Because I was trying "Login" Rest API  service through POSTMAN and I just passed username without password but still I am able to login & can access the reports using "Report" Rest API call.

Should we change something default settings manually in the internal files to make it secure or what is the solution for this.

Please let me know about how to make it secure.

[joseng62]

You might be authenicated already. You using the plugin to the browser ? If you have another tab open in same browser instance where you are already sign into jasper your request will work. 
Try to sign out of jasperserver and then request again. 
I made use of my postman app and I simulated put request with same setup as yours and it failed. If sign into jasper in browser or not. 
If I use plug in, then it works. 
Same with R client.  

[Paul Jimenez]

Hello,

You are more than likely already logged in. More information on authentication can be found here:

https://community.jaspersoft.com/documentation/tibco-jasperreports-server-rest-api-reference/v710/authentication

Thanks,

Paul

[hozawa]

Sessions being shared along tabs are features of the web browsers and is not just with JasperReports Server.

FYI:

https://craftcms.stackexchange.com/questions/14809/session-related-question-opening-browser-with-multiple-tabs

[vvenkatkarthikk]

Hi,

Thank you all for the inputs.

Yes it was session related issue. As per the API doc I should get a session ID after successfull login. But, I'am not getting any session ID.

Thanks in advance.