Can't access to a Jasperreport using URL (Infinite GET calls in tomcat access logs)

[danielsl9.dp]

Hello,

Got installed Jasper Report in a virtual machine (hosted in AWS with CentOS 7) and I'm trying now to access a report using the URL, like this:

http://x.x.x.x:<PORT>/jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no

The web application that accesses the reports is also hosted on a separate VM (both are part of a virtual private network).

I can successfully access the report using the public IP in my browser (my Machine), but if the web application tries to access the resource, the iFrame keeps loading indefinitely. Also if I check the access logs located in /usr/share/tomcat/logs/ I have something like this ....

x.x.x.x - - [15/Sep/2021:21:53:43 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:44 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:44 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:44 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:44 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:45 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:45 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:45 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912
x.x.x.x - - [15/Sep/2021:21:53:45 +0000] "GET /jasperserver/flow.html?_flowId=viewReportFlow&_flowId=viewReportFlow&ParentFolderUri=<PARENT>&reportUnit=<REPORT UNIT>&standAlone=false&j_username=<USERNAME>&j_password=<PASSWORD>&decorate=no HTTP/1.1" 200 73912

...... And keeps printing this .... until I close the browser.

It's seems like the request falls inside of a infinite loop... why, not sure why. In other question I saw that Infinite loops can be caused by a report design issue, but this is not the case since this was tested before in my local environment (I mean, is the same XML / Template file published in a different Jasper Server Report. It cannot be the issue.)

Can someone advice me please.

QUESTION UPDATE

I did some tests to discard if the fault was at server side or application side:

This was done in the web application that are hosted in AWS

1. I can access from the webapplication iFrame to the Jasperlogin webpage using the Public IP Address (cool), but if I try to login to access the repository, the website redirects again to the login page (suspicious).

2. From the web application iFrame, I switched to my local jasper report server and tried to login (Same behaviour like the previous step).

3. Tried to access to a report from my local jasper report server, and it's happening again... if I see the access logs of my local tomcat server I got infinite GET calls too.

This was done in the web application that are hosted locally in my machine (with also Jasper Report Server hosted in my local machine too)

1. I can access from the webapplication iFrame to the Jasperlogin page, and also can navigate through the report server.

2. If I put the Jasperreport Server URL that are hosted in AWS to be executed in the iFrame, the problems starts. I can see in the access logs the multiple GET calls again.

3. Tried to access to a report from my local jasper report server, and works perfect.

So what are the conclusions?

I have a feeling that this behavior could be something related to security. It reminds me a lot of CORS policies when you restrict access to domains to consume a REST service.

I feel that the Jasper server detects in the second case, that the service or resource that is calling it belongs to the same local domain, so it does absolutely nothing and loads everything well.

The question is, where would the file exist to configure these policies if they exist ??? How is Jasper doing to detect that the call is coming from a domain other than the local one and how can I control that?

[danielsl9.dp]

Did the following just for testing:

1. Created a dummy application with an iFrame that acts like a "visualizer" that runs inside the same domain where the Jasper Report Server is executed.

2. Deployed the war file of the dummy application in tomcat like Jasper (same local server).

3. When I call the dummy application directly in my browser... I can visualize the report perfectly.

4. When I call the dummy application from the other one that are inside of a separate domain, I got the following error message:

Blocked autofocusing on a <input> element in a cross-origin subframe.

Did the same test in my local machine. I changed the domain name of the web application from localhost to my private IP address and keep the same localhost for the Jasper Report Server. Started the webapplication and tried to call the jasper server from the iFrame... got the same results (the infinite calls).

So the answer to avoid this problem is to run the webapplication and the Jasper server inside the same domain.

[yama818]

I encountered a similar event today.

I used iFrame to embed the JRS report on Microsoft SharePoint.
In Firefox, it shows up fine, but in Chrome and Edge, it does not.
I monitored the network tab in the developer tools and saw accesses that looked like infinite loops.
From what I could tell, the behavior seemed to be specific to the Chromium browser, but I don't know the cause.
SharePoint and JRS are running on different servers and different domains.
It's impossible to run them on the same domain. I'm stuck.

[rmeadows]

I would say it could be chrome80 related..but the specific error in your last message is CORS Related. 

You will need to some CORS configuration.  Depending on what JRS version this can differ as newer version have some configuration in the JRS app for it...and older versions rely on the tomcat level cors servlet filter.    There is also a recent Dr. Japser on this item here:  

Of course you can bypass anything CORS related by having them on the same domain per your testing.

Thanks.