arnaudsimon091 Posted April 28, 2022 Share Posted April 28, 2022 Hello everyone,I have implemented a scriptlet which use the jasper REST_V2 API and the jasper credentials appear in clear text inside the java code :"jasper_rest_api_url?j_username=my_jasper_username&j_password=my_jasper_password" I can restrict the permisisons on the report which use the scriptlet but despite low permissions, the user is able to download the scriptlet inside jaspersoft studio (right click on the scriptlet inside the report files + download to file) : Is it possible to disable the download of a file from jasper server based on permissions ? Thanks for your attention.Arnaud simon Link to comment Share on other sites More sharing options...
Solution rmeadows Posted April 29, 2022 Solution Share Posted April 29, 2022 It would be better and more secure to configure the preauth sso for the product and use an encryption cipher class for it to accept encrypted tokens. You would then need to pass and encrypted token on the url in your scriptlet rather than the username and password in plain text.Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now