| Category: | Bug report |
Priority: | Urgent |
Status: | New |
| Project: | Severity: | Block |
Resolution: | Open |
|
| Component: | Reproducibility: | Always |
Assigned to: |
On clean 4.7.0 installations under both Linux and Windows, the following is always thrown in the logs when a report is executed (and the report execution fails):
java.lang.ClassCastException: org.apache.log4j.Logger cannot be cast to org.owasp.esapi.Logger
at org.owasp.esapi.reference.Log4JLogFactory.getLogger(Log4JLogFactory.java:88)
at org.owasp.esapi.ESAPI.getLogger(ESAPI.java:154)
at org.owasp.esapi.errors.EnterpriseSecurityException.<init>(EnterpriseSecurityException.java:43)
at org.owasp.esapi.errors.ValidationException.<init>(ValidationException.java:76)
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:144)
at org.owasp.esapi.reference.validation.StringValidationRule.checkWhitelist(StringValidationRule.java:160)
at org.owasp.esapi.reference.validation.StringValidationRule.getValid(StringValidationRule.java:284)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:213)
at org.owasp.esapi.reference.DefaultValidator.getValidInput(DefaultValidator.java:185)
at com.jaspersoft.jasperserver.api.security.validators.Validator.validateSQL(Validator.java:492)
at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRTimezoneJdbcQueryExecuter.createDatasource(JRTimezoneJdbcQueryExecuter.java:166)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.createQueryDataSource(EngineServiceImpl.java:1511)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.fillQueryReport(EngineServiceImpl.java:1557)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.fillReport(EngineServiceImpl.java:1476)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$ReportFill.runReport(EngineServiceImpl.java:874)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$ReportRunnable.run(EngineServiceImpl.java:754)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
3 Comments:
Can you try disabling the SQL query validation and see if that results in the problem going away. The following covers the security settings: http://community.jaspersoft.com/wiki/jaspersoft-450-security-changes-and...
If it does, I would be interested to get a general idea of what the query looks like in your report that has this issue to understand if there is something unique about it.
Hi there thanks for the reply.
Yeah I managed to make it work by taking the nuclear approach and turning off all SQL checks, I neglected to update this ticket. The query (in Sybase) looks like this
execute dbo.my_awesome_sql_query $P{report_date}
Thanks.
Just ran into the same issue, nuking the security settings fixed it. Query is against Oracle 11g R2 64Bit, nothing special from what I can see, it feeds a crosstab. I don't think having security off in production is going to be allowable. Query below:-
with cnts as
(SELECT a.extract_month, s.family, s.service, s.operation_name, msg_count
FROM jas_ref_service_families s,
jas_hist_stats_oper a
where a.family(+) = s.family
and a.service (+) = s.service
and a.operation_name (+) = s.operation_name
and s.reported = 'X'
order by extract_month, lower(a.family), lower(a.service), lower(a.operation_name)
)
--comment
--comment
select fill_mnth as extract_month, fill.family || '.' || fill.service || '.' || fill.operation_name operation_name, nvl(msg_count, 0) msg_count
from cnts c,
(select r, last_day(add_months(mx_time, -1 * (r-1))) fill_mnth,
operation_name, family, service, mx_time
from (select rownum r
from dual
connect by rownum <= 12),
(select distinct family, service, operation_name,
max(extract_month) over() mx_time
from cnts)) fill
where extract_month (+) = fill_mnth
and c.family(+) = fill.family
and c.service (+) = fill.service
and c.operation_name (+) = fill.operation_name
order by fill_mnth, lower(fill.family), lower(fill.service), lower(fill.operation_name)