In JasperReports Server 5.1 when CAS creates a user using roles from an external datasource it will create the roles in the default organization where the user is created. For security reasons ROLE_ADMINISTRATOR from an external datasource will not have have administrator permissions unless the following change is made in the security configuration.
In applicationContext-externalAuth-CAS-db-mt.xml in the organizationRoleMap propery of the mtExternalUserSetupProcessor bean change the key value "ROLE_ADMIN_EXTERNAL_ORGANIZATION" to "ROLE_ADMINISTRATOR" and remove the "|*" from entry value. The configuration will now look like the following snippet:
<property name="organizationRoleMap">
<map>
<!-- Example of mapping customer roles to JRS roles -->
<entry>
<key>
<value>ROLE_ADMINISTRATOR</value>
</key>
<!-- JRS role that the <key> external role is mapped to-->
<!--<value>ROLE_ADMINISTRATOR</value>-->
<value>ROLE_ADMINISTRATOR</value>
</entry>
</map>
</property>
The externally defined user with ROLE_ADMINISTRATOR will now be mapped to the internal ROLE_ADMINISTRATOR and will have full administrator permissions.
Recommended Comments
There are no comments to display.