Issue Description
After upgrading to TIBCO JasperReports® Server 7.1.0 a customer was attempting rest request to the queryExecutor service, like: GET http://localhost:8080/jasperserver-pro/rest_v2/queryExecutor/Domains/Stuff?...
The user had read-only permissions, and this request was fine in previous versions, but in 7.1.0 they received a 403 Forbidden HTTP response. Using superuser worked fine, indicating a permission or role problem.
Resolution
A config file problem exists in 7.1.0, which will be resolved in a future version. The workaround is to edit WEB-INFapplicationContext-security-pro-web.xml config file to change which roles have permissions to call REST_v2 functions
Near line 45 in 7.1.0, accidentally, the pattern to allow ROLE_USER role access to call queryExecutor was removed from that bean:
<security:intercept-url pattern="/rest_v2/queryexecutor/**" access="ROLE_USER,ROLE_ADMINISTRATOR"/>
In order to make REST API for queryExecuter work for your role, you should manually add the above line to config file, for example after:
<security:intercept-url pattern="/rest_v2/domains/**" access="ROLE_USER,ROLE_ADMINISTRATOR" />
Ref. Case 01646519
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now