Security of scriptlets (disable download from jasper studio)

[arnaudsimon091]

Hello everyone,

I have implemented a scriptlet which use the jasper REST_V2 API and the jasper credentials appear in clear text inside the java code :

"jasper_rest_api_url?j_username=my_jasper_username&j_password=my_jasper_password"

 

I can restrict the permisisons on the report which use the scriptlet but despite low permissions, the user is able to download the scriptlet inside jaspersoft studio 

(right click on the scriptlet inside the report files + download to file) : 

Is it possible to disable the download of a file from jasper server based on permissions ?

 

Thanks for your attention.

Arnaud simon

 

 

[rmeadows]

It would be better and more secure to configure the preauth sso for the product and use an encryption cipher class for it to accept encrypted tokens.  

You would then need to pass and encrypted token on the url in your scriptlet rather than the username and password in plain text.

Thanks.