Posts posted by ae3

  1. It's an older question, but in case someone else is looking for it ...

    The documentation at Hiding Stack Trace Messages describes how error messages should be issued based on user roles. In the example given here, the error is likely to have been caused by a standard user who, according to the configuration, does not have permission to see the error contents, e.g.


        <bean name="exceptionOutputManager"           class="com.jaspersoft.jasperserver.api.common.error.handling.ExceptionOutputManagerImpl">        <property name="outputControlMap">            <map>                <entry key="ERROR_UID">                    <list>                        <value>ROLE_USER</value>                    </list>                </entry>                <entry key="STACKTRACE">                    <list>                        <value>ROLE_SUPERUSER</value>                    </list>                </entry>                <entry key="MESSAGE">                    <list>                        <value>ROLE_SUPERUSER</value>                    </list>                </entry>            </map>        </property>    </bean>[/code]

    In our case, an error occurred while running a report. The cause was a faulty template that caused an "Input controls validation failure". However, this error message was not written to the log file but only the error UID. We determined the cause by debugging.

    So I wonder how an administrator in this case should analyze the problem using log files. Probably it would be helpful, the output of an error message (without stacktrace):


    <bean name="exceptionOutputManager"       class="com.jaspersoft.jasperserver.api.common.error.handling.ExceptionOutputManagerImpl">        <property name="outputControlMap">            <map>                <entry key="ERROR_UID">                    <list>                        <!--<value>ROLE_USER</value>-->                    </list>                </entry>                <entry key="STACKTRACE">                    <list>                        <value>ROLE_SUPERUSER</value>                    </list>                </entry>                <entry key="MESSAGE">                    <list>                        <value>ROLE_USER</value>                        <value>ROLE_SUPERUSER</value>                    </list>                </entry>            </map>        </property>    </bean>[/code]

    We had similiar problems and found a solution that works for our deployment:
    Apache2 with mod_proxy and SSL. Configuration in httpd.conf (SLES11):
    Listen 443
    NameVirtualHost *:443
    <Virtual Host *:443>
       SSLEngine On
       SSLCertificateFile /path/to/cert
       SSLCertificateKeyFile /path/to/key
       ProxyRequests Off
       ProxyPreserveHost On
       ProxyVia On
       <Proxy *>
         Order deny,allow
         Deny from all
         Allow from all
       ProxyPass /jasperserver http://192.168.xxx.xxx:8080/jasperserver
       ProxyPassReverse /jasperserver http://192.168.xxx.xxx:8080/jasperserver
    JasperServer 4.5.1, Tomcat server.xml configuration:
    The solution was to add "scheme" and "proxyPort" attributes
     <Connector port="8888" protocol="HTTP/1.1"
      URIEncoding="UTF-8" scheme="https" proxyPort="443"/>


  3. I've tried to set up an example security xml for the supermart domain as described in the tutorials. It does only work if  I use static values in the filter expression. If I try to use groovy expressions for dynamic filtering I get following exception:

    java.lang.ClassCastException: com.jaspersoft.commons.dataset.expr.GenericFunction        at com.jaspersoft.commons.groovy.GroovyGenerator.outputList(GroovyGenerator.java:392)        at com.jaspersoft.commons.groovy.GroovyGenerator.in(GroovyGenerator.java:334)        at com.jaspersoft.commons.dataset.expr.ExpressionWalker.operator(ExpressionWalker.java:111)        at com.jaspersoft.commons.groovy.GroovyGenerator.operator(GroovyGenerator.java:499)        at com.jaspersoft.commons.dataset.expr.ExpressionWalker.walk(ExpressionWalker.java:50)        at com.jaspersoft.commons.groovy.GroovyGenerator.getColumn(GroovyGenerator.java:110)        at com.jaspersoft.commons.datarator.WorkingDataSet.getGroovyColumn(WorkingDataSet.java:166)        at com.jaspersoft.commons.datarator.WorkingDataSet.applyFilterSortMax(WorkingDataSet.java:317)        at com.jaspersoft.commons.datarator.WorkingDataSet.getIterator(WorkingDataSet.java:254)        at com.jaspersoft.commons.datarator.jr.DataratorJRDataSource.<init>(DataratorJRDataSource.java:20)

    The principalExpression works:

    2010-02-03 09:37:45,506 DEBUG SemanticLayerSecurityResolverImpl,http-8888-6:521 - Evaluating JoinTree_1_List for resourceId: JoinTree_12010-02-03 09:37:45,553 DEBUG SemanticLayerSecurityResolverImpl,http-8888-6:528 - Evaluating authentication.getPrincipal().getAttributes().any{ it.getAttrName() in ['StoreNr'] }. got: true2010-02-03 09:37:45,553 DEBUG SemanticLayerSecurityResolverImpl,http-8888-6:534 - For new Created base grant list for : JoinTree_1_List - JoinTree_12010-02-03 09:37:45,553 DEBUG SemanticLayerSecurityResolverImpl,http-8888-6:536 - Adding grant: Jointree_1_row_access_grant_12010-02-03 09:37:45,553 DEBUG SemanticLayerSecurityResolverImpl,http-8888-6:542 - Setting grants for resourceId: JoinTree_1

    Below is a snippet of the security xml file. 


     Any suggestions to solve this problem? Do I anything wrong or is it a bug?




    Post Edited by ae3 at 02/03/2010 08:43
  4. We're using an evaluation copy of JasperServer 3.0.

    Though the ad-hoc menu item is visable, if an user with the ROLE_USER is logged in, it is not usable ! Clicking on it throws an org.acegisecurity.AccessDeniedException. This happened also with the demo user joeuser. I've tried to figure out the problem in applicationContext-security.xml but I was not successful.

    Did anyone have a similar problem and ideas how to solve it?

    Thanks in advance


