In JasperReports Server 5.1 when CAS creates a user using roles from an external datasource it will create the roles in the default organization where the user is created. For security reasons ROLE_ADMINISTRATOR from an external datasource will not have have administrator permissions unless the following change is made in the security configuration.
In applicationContext-externalAuth-CAS-db-mt.xml in the organizationRoleMap propery of the mtExternalUserSetupProcessor bean change the key value "ROLE_ADMIN_EXTERNAL_ORGANIZATION" to "ROLE_ADMINISTRATOR" and remove the "|*" from entry value. The configuration will now look like the following snippet:
<property name="organizationRoleMap"> <map> <!-- Example of mapping customer roles to JRS roles --> <entry> <key> <value>ROLE_ADMINISTRATOR</value> </key> <!-- JRS role that the <key> external role is mapped to--> <!--<value>ROLE_ADMINISTRATOR</value>--> <value>ROLE_ADMINISTRATOR</value> </entry> </map> </property>
The externally defined user with ROLE_ADMINISTRATOR will now be mapped to the internal ROLE_ADMINISTRATOR and will have full administrator permissions.
Recommended Comments
There are no comments to display.