JasperReports Server Authentication and Internal Authentication

Jaspersoft Server authentication is required to do the following:

• Identify the user
• Authentication is applied to organizations, users, and roles in the JasperReports Server database
  • Passwords are encrypted by default

After a user supplies the correct information and authenticates successfully, a session is created and the user is presented their home page. The password is stored encrypted in the database table called jiuser.

Here is a screenshot for your reference:

Default Internal Authentication:

In step 1, an unauthenticated user requests any page in JasperReports Server. Often, users bookmark the login page and begin directly at step 3, but this step covers the general case and secures every possible access to JasperReports Server.

For example, this step applies when a user clicks the page of an expired session, or when a user enters the direct URL to a report within JasperReports Server.

At step 2, JasperReports Server detects that the user is not logged in and replies with a redirect to the login page. For convenience, JasperReports Server includes the original request in the login screen URL so that the user goes directly to the requested page after logging in.

At step 3 the user enters a username, password, and possibly an organization ID. JasperReports Server compares these credentials with the matching user account in the internal database, and, if they are valid, creates a principal object.

The user is now authenticated, and the principal object represents the user session, including any assigned roles found in the user database.