Friendly User

Scenario: After upgrading to version 7.9.2 or higher from 7.5.1 or lower you noticed that jobs that were previously paused are now resumed and running. JasperServer jobs are all running successfully but some older jobs changed their status to Running when they shouldn't Solution: The issue may appear when you run upgrade-samedb from previous version to the newer one. Check the records qrtz_simple_trigger and qrtz_trigger in your repository database for Instance Name field. You should see same jobs repeating under different instance names quartzScheduler and JasperServerScheduler. If that's the case, you can try to rename the: org.quartz.scheduler.instanceName=JasperServerScheduler to org.quartz.scheduler.instanceName=quartzScheduler in js.quartz.base.properties file. This will switch the scheduler to run all jobs as defined under quartzScheduler triggers and not create new JasperServerScheduler-owned triggers. Since you already have all the original quartzScheduler triggers in place this would ensure that all the old job configs will be used. The only issue is that some old jobs will be considered misfired and they will handle misfiring accordingly to the misfire policy set. This approach won't require you to modify any existing records in the DB, too.

Scenario: You're writing a domain security file and want one of the multiple access grant expressions to be true rather than all of them at the same time. This is achieved by using an OR operator between the access grant rather than default AND. How to achieve this? Solution: You can use orMultipleExpressions property of the access grant to signify that these grants are to be evaluated with an OR operation rather than AND. Here is how it looks: With orMultipleExpressions these two grants combined with a logial OR rather than logical AND letting you write security schemas with grants that will apply all together but not necessarily at the same time. See chapter 8.6.3.1 of JasperServer Data Management Using Domains guide: https://community.jaspersoft.com/documentation/v8-v80-v800/tibco-jasperreports-server-data-management-using-domains

Situation: You're performing an upgrade from version 7.1.0 to 8.0.0 using upgrade-samedb Same Database upgrade script and your historic upgrade path has been the following: 7.1.0 -> 7.2.0 -> 7.5.0 -> 7.8.0 -> 7.9.0 -> 8.0.0 On the last step you're getting a similar error: [advanced-sql] Executing resource: /opt/jasperreportsserver/buildomatic/install_resources/sql/mysql/upgrade-mysql-7.9.0-8.0.0-pro.sql [advanced-sql] Failed to execute: ALTER TABLE JIAccessEvent DROP FOREIGN KEY FK7caj87u72rymu6805gtek03y8 [advanced-sql] java.sql.SQLSyntaxErrorException: (conn=17) Can't DROP 'FK7caj87u72rymu6805gtek03y8'; check that column/key exists [advanced-sql] Failed to execute: ALTER TABLE JIAccessEvent DROP FOREIGN KEY FK8lqavxfshc29dnw97io0t6wbf [advanced-sql] java.sql.SQLSyntaxErrorException: (conn=17) Can't DROP 'FK8lqavxfshc29dnw97io0t6wbf'; check that column/key exists What to do in this situation? Solution: There is a hotfix available for this issue. Please download either the latest 8.0.2 hotfix and apply it to buildomatic by following the readme.txt instructions under js-install.zip or download the 8.0.2 WAR artifact which has this fixed baseline.

Scenario: You've configured your own docker image with a custom keystore. This keystore is now available in the environment files. However, during the docker build stages, the file is not copied into the container and the build fails. What could be wrong here? Solution: The keystore copying may be skipped when you have appServerType=skipAppServerCheck in the WAR file installer inside the downloaded distro for docker build. This needs to be set back to appServerType=tomcat after the keystore generation.

Situation: You have a requirement to export charts and dashboards using Chrome in headless browser mode. You've downloaded Chrome and verified it runs correctly but even after configuring it in js.config.properties file it's still not being picked up and the following error message is displayed consistently: You've verified that js.config.properties values are correct, for example: chrome.path=/usr/bin/chromium-browser Solution: The js.config.properties value may be not picked up or gets ignored during the instantiation of the rendering engine. We could force the value for the property without having to delve into js.config.properties file but instead define it on the bean level in applicationContext.xml: In your applicationContext.xml, locate the following part (lines 1430 in version 8.0.2): <property name="propertiesMap"> <props> <prop key="net.sf.jasperreports.chrome.enabled">#{!'${chrome.path:}'.trim().isEmpty()}</prop> <prop key="net.sf.jasperreports.chrome.executable.path">${chrome.path:}</prop> <prop key="net.sf.jasperreports.chrome.page.timeout">#{'${chrome.page.timeout:}'.trim().isEmpty() ? 150000 : (T(Integer).parseInt('${chrome.page.timeout:}'.trim()) * 1000)}</prop> <prop key="net.sf.jasperreports.chrome.argument.enable-logging">stderr</prop> </props> </property> Change these properties: <prop key="net.sf.jasperreports.chrome.enabled">#{!'${chrome.path:}'.trim().isEmpty()}</prop> <prop key="net.sf.jasperreports.chrome.executable.path">${chrome.path:}</prop> to: <prop key="net.sf.jasperreports.chrome.enabled">true</prop> <prop key="net.sf.jasperreports.chrome.executable.path">/usr/bin/chromium-browser</prop> Save and restart the tomcat. If your browser is still not instantiated after this, check the following: - user has access to the chromium browser binary - user has correct execute permission - user can run chromium-browser from the command line using a command such as this: chrome --headless --disable-gpu --print-to-pdf https://www.chromestatus.com/ If you start getting different errors than "Chrome and/or PhantomJS not properly configured for server side rendering " then your Chromium hsa been started by execution failed further and errors need to be troubleshot based on the new error message.

Scenario: You have a JasperServer deployed and you are trying to display report in our external application using visualize.js which is on different domain. You are facing a cookie blocked issue in Chrome browser. So whenever trying render report, a basic authentication popup will come in and the report loading will be failed. In Mozilla browser, the report will render but with a similar cookie blocked warning. Chrome Error Message: This Set-Cookie didn't specify a "SameSite" attribute and was defaulted to "SameSite=Lax," and was blocked because it came from a cross-site response which was not the response to a top-level navigation. The Set-Cookie had to have been set with "SameSite=None" to enable cross-site usage. Mozilla Warning Message: Some cookies are misusing the recommended “SameSite“ attribute 4 Cookie “JSESSIONID” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. Solution: Depending on whether JasperServer is accessed over HTTP or HTTPS, the appropriate attribute value will be set for cookies. JasperServer should automatically set the samesite=none;secure if the communication is happening over HTTPS. When dealing with cross-domain requests, running JasperServer on HTTPS is something to consider. See here: https://community.jaspersoft.com/wiki/chromium-80-update-february-2020-cross-site-cookie-blocking-jaspersoft

Scenario: You have two JasperServers in a cluster and you change the password for the user on one server. After changing the password for the user, the user sometimes cannot log in for some time with the new password and has to wait. Why does that happen and how can this be prevented? Solution: JasperServer uses ehcache to build repository, permissions and other caches. When you have two nodes running in a cluster you need to configure the cache to be distributed and synchronized, otherwise two nodes will build their own caches and they will eventually get desynced with the actual state of repository database. There are three ways to sync the caches: RMI - requires you to enable IP multicasting JMS - requires a queue server, like ActiveMQ or RabbitMQ Amazon SNS - requires purchasing service from Amazon You can pick any of the three methods and configure the cache config files accordingly. Please take a look at this chapter of documentation for more details about this: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-ultimate-guide/v790/sample-configurations This needs to be done on both nodes. You will need to configure the files ehcache.xml and ehcache_hibernate.xml.

Scenario:You have a jasperserver and visualize.js app using that jasperserver on two different. domains. When you try to connect to that server using your visualize.js application, you get CORS errors and specifically 403 on CORS-related OPTIONS requests for require.config.js and settings.html. domainWhitelist is configured and OPTIONS method is allowed in applicationcContext-security-pro-web.xml allowedMethods property. If you try to cURL the same request, you'll get the same response: curl -i -X OPTIONS "http://localhost:8080/jasperserver-pro/settings.html" -H 'Access-Control-Request-Method: GET' -H 'Access-Control-Request-Headers: Content-Type, Accept' -H 'Origin: "http://localhost:8080"'HTTP/1.1 403Cache-Control: privateExpires: Thu, 01 Jan 1970 00:00:00 GMTP3P: CP="ALL"Set-Cookie: JSESSIONID=ACE2B17125284871856A47448CCE25D9; Path=/jasperserver-pro; HttpOnlyX-XSS-Protection: 1; mode=blockSet-Cookie: userLocale=en;Expires=Sat, 20-Mar-2021 19:11:33 GMT;Path=/jasperserver-pro/;HttpOnlyVary: OriginVary: Access-Control-Request-MethodVary: Access-Control-Request-HeadersTransfer-Encoding: chunked[/code]What could be the reason for this 403 response on OPTIONS request? Solution:Most likely issue for 403 response on OPTIONS request is missing or disabled anonymousUser. Log in as superuser, go to manage -> users screen and check for anonymousUser existence. If you can't find it, create one on the root organization level, call it exactly anonymousUser and give it just ROLE_ANONYMOUS.

Scenario:You have a JNDI connection that is using one driver but want to change the connection to another driver, how to do that? Solution:Driver changes need to be done on the JNDI definition level in META-INF/context.xml (or alternative for your application server). For example: <Resource name="jdbc/jasperserver" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="jasperdb" password="password" driverClassName="org.postgresql.Driver" accessToUnderlyingConnectionAllowed="true" validationQuery="SELECT 1" testOnBorrow="true" url="jdbc:postgresql://127.0.0.1:5432/jasperserver?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&amp;autoReconnectForPools=true" factory="com.jaspersoft.jasperserver.tomcat.jndi.JSCommonsBasicDataSourceFactory"/>[/code]Here you can see that the driver defined is driverClassName="org.postgresql.Driver". You will need to change it to the classname of your driver of choice. After you change the classname, you'll need not to forget to change the URL as well as many drivers have different JDBC connection string templates. You can re-use the URL and Port however the jdbc:{vendor}:// part will most likely be different and the parameters can differ. Once you've done the change, a restart of application server is in order to make sure all the values are picked up correctly

Scenario:Can you, please, suggest what setting needs to be adjusted in order to get a total show up on top of each Bar in a Stacked Bar Chart in TIBCO Jaspersoft® Studio. Solution:You can achieve this with the following combination of properties: plotOptions.column.dataLabels.enabled: true plotOptions.column.dataLabels.inside: false plotOptions.column.dataLabels.format: {point.total} plotOptions.column.dataLabels.zIndex: 2

Scenario:You have a cluster of TIBCO JasperReports® Servers and use profile attributes for users or organizations. You change the profile attribute value but the server keeps using the old one and the change is not reflected until much later. Sometimes you have to wait for hours before you see the changes. Solution:When you have a situation like this, most likely you don't have the ehcache distribution configured between the servers, or this configuration is incorrect. Please check the following documentation section for more info about this: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-ultimate-guide/v790/sample-configurations

Scenario: User has a report setup to use an HTML5 chart. When viewing it in JasperServer it works fine but as soon as you export it through email schedule or the export button on the report the bars disappear. Solution: You either need to configure PhantomJS (older version pre 7.8.0) or Chromium (post 7.8.0) to export Javascript based objects to formats that don't have Javascript capacity. See here for PhantomJS: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-administrator-guide/v750/configuring-jasperreports-library#Configuring_a_JavaScript_Engine See here for Chromium: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-administrator-guide/v790/configuring-jasperreports-library#Configuring_a_JavaScript_Engine

Scenario: You have upgraded JasperServer to 7.9.0 and trying to run reports that load resources such as images over HTTPS and getting the SSL Handshake error: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><errorDescriptor><errorCode>export.execution.rejected</errorCode><message>net.sf.jasperreports.engine.JRException: Error opening input stream from URL: https://someresource.xyz/image.png.</message><parameters><parameter>com.jaspersoft.jasperserver.remote.exception.ExportExecutionRejectedException: net.sf.jasperreports.engine.JRException: Error opening input stream from URL: https://someresource.xyz/image.png; at com.jaspersoft.jasperserver.remote.services.impl.ReportExecutorImpl.exportReport(ReportExecutorImpl.java:198) at com.jaspersoft.jasperserver.remote.services.impl.RunReportServiceImpl.generateReportOutput(RunReportServiceImpl.java:1138) at com.jaspersoft.jasperserver.remote.services.impl.RunReportServiceImpl.executeExport(RunReportServiceImpl.java:626) at com.jaspersoft.jasperserver.remote.services.impl.RunReportServiceImpl$2.run(RunReportServiceImpl.java:500) at com.jaspersoft.jasperserver.api.logging.util.LoggableExecutorService$1.run(LoggableExecutorService.java:84) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) </parameter></parameters></errorDescriptor> Solution: The Salesforce JDBC driver has an issue that downgrades the version of TLS handshake and lots of servers will reject such attempt at establishing a handshake. If you're not using Salesforce JDBC driver please try to delete {JRS WAR}/WEB-INF/lib/TIsforce-6.0.0.000724.jar or replace it with a driver from previous versions and restart afterwards.

ProblemYou have an Ad Hoc report that stopped loading and times out due to data volumes increasing. Ad Hoc report still works fine. You want to edit the Ad Hoc View and would want to change it to Sample or No Data mode to enable that editing, but opening it in Ad Hoc Editor is not possible. What can be done about this? SolutionYou can change the data mode by exporting the Ad Hoc Data view using Right Click -> Export (as superuser or an admin user), unzip the archive, locate and edit the state.xml or stateXML.data file and change the data mode in the first line: <unifiedState dataSize="full" [...] ignoreMaxRows="true" [...]> Change to: dataSize="sample" or dataSize="nodata", AND ignoreMaxRows="false", do not change anything else, archive it back, then import with update flag (Manage > Server Settings > Import). Make sure that the resulting zip folder structure is the same as it was, i.e. the index.xml should be on the root level. When you re-zipped the archive, you probably have the folder on the top level. When opened, the zip should look like: zip: --resources --index.xml If you have: zip: --somefolder: ----resources ----index.xml ... it will complain. When you import, you point at the zip file, not just XML file. NotesYou can export the View without dependencies, but it will give you a warning on exporting and on importing, when importing choose "Include" and it should work.

Scenario: You had a jasperserver instance deployed on a machine that was connecting to a repository database but you've decided to deinstall JasperServer and keep the repository database. During reinstalling JasperServer using js-install.sh and pointing it to existing repository DB you didn't replace the existing data. After JasperServer was deployed, you cannot login with previous password. What could be the reason? Solution: Previous server was most likely using a different keystore than what it is using now. You either need to replace the new keystore (.jrsks and .jrsksp files) with backup files or point them to previous location if a new pair was generated. To point them to a different location edit the {JRS WAR}/WEB-INF/classes/keystore.init.properties file. See here for more info: https://community.jaspersoft.com/wiki/encryption-jasperreports-server-75

Scenario: You've created a cluster of two servers which are connecting to the same repository DB. When going to one node directly you can login as superuser/superuser account but not on the other. What is the reason for this? Solution: this most likely means you've set up two nodes with two different keystores. When buildomatic or bundled installer runs the installation scripts, it generates a keystore in the user's home folder - .jrsks and .jrsksp. These two files contain the keys to encrypt and decrypt passwords. During each installation a unique key is created if none is found already in the expected location. To amend the situation what you can do, assuming the two users on two nodes are identically named and have same home folder location, is to copy and replace the keystore files from one node to another node. If you have encrypted passwords in config files (context.xml, externalAuth files, quartz scheduler, etc.), then you'll need to re-encrypt them. See here for more explanation on this feature: https://community.jaspersoft.com/wiki/encryption-jasperreports-server-75#Installing_across_Multiple_Servers

Scenario: After upgrading you're getting java.lang.IllegalStateException: No valid key alias or key present for jwtSecret configuration on server startup: (ServerService Thread Pool -- 206) 2021-08-03T13:31:40,204 ERROR ContextLoader,ServerService Thread Pool -- 206:313 - Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jrioForwardingFilter' defined in ServletContext resource [/WEB-INF/applicationContext-jrio-web.xml]: Cannot resolve reference to bean 'jwtTokenProvider' while setting bean property 'tokenProvider'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jwtTokenProvider' defined in ServletContext resource [/WEB-INF/applicationContext-security-jwt.xml]: Cannot create inner bean 'com.jaspersoft.ji.security.jwt.KeystoreJwtKeyFactory#4f93b4ef' of type [com.jaspersoft.ji.security.jwt.KeystoreJwtKeyFactory] while setting bean property 'key'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.jaspersoft.ji.security.jwt.KeystoreJwtKeyFactory#4f93b4ef': FactoryBean threw exception on object creation; nested exception is java.lang.IllegalStateException: No valid key alias or key present for jwtSecret configuration.[/code]How to avoid this error? Solution: It's not entirely clear why this error happens, it's a very rare one. Should you get it, if you're not using integration with JRIO you can comment 'tokenProvider' property in applicationContext-jrio-web.xml and 'key' property for bean 'jwtTokenProvider' in applicationContext-security-jwt.xml file and restart. The impact of commenting these out is zero unless you're planning to integrate with JRIO.

Scenario: While running js-upgrade-newdb.bat from C:jasperreports-server-pro-7.9.0-binbuildomatic, getting the error as below. "C:jasperreports-server-pro-7.9.0-binbuildomatic>js-upgrade-newdb.bat Invalid argument count Please enter one of the following options: 'EMPTY', with-samples, regen-config, test "Also enter import file option(<path-to-file-and-filename>). If <path-to-file-an d-filename> contains spaces then need to enclose <path-to-file-and-filename> to double quotes."" Solution: You need to specify the path to your repository export archive for this command. If you don't want to specify the export location, run the "js-install.bat minimal" instead. For example: js-upgrade-newdb.bat export.zip

Scenario: You have some fields containing ampersand symbol (&). The field value needs to be displayed in a styled text markup text field. When ampersand is present, the field styling disappears. How to avoid it? Solution: ampersands need to be escaped in this case since it's an XML and it doesn't process them properly. Try to replace the ampersand symbol with XML escape code & For example: "_{"+$F{fieldname}.replace("&", "&")+"}

Scenario: You want to have some ad hoc reports to have a strict page limit, for example no more than 100 pages total. Other ad hoc reports don't need to be limited like this or should have different limit than set for the server globally. How to achieve this? Solution: For this we can use the Max Page Governor configuration property: http://jasperreports.sourceforge.net/config.reference.html#net.sf.jasperreports.governor.max.pages You can enable the governor globally on the server in {JRS WAR}/WEB-INF/classes/jasperreports.properties by appending the properties: net.sf.jasperreports.governor.max.pages.enabled=true net.sf.jasperreports.governor.max.pages={arbitrary number} This will enable the limit for all reports on the server. Now you can create an ad hoc template with the following properties added in the template JRXML: <property name="net.sf.jasperreports.governor.max.pages" value="{different number than in the config}"/> And deploy the JRXML to ad hoc templates folder to create a new template. The ad hoc reports will need to be re-saved using this template for it to take effect. This will set a new hard limit for the number you've set for these reports. You can also not turn on the global setting and only turn on the limit for the reports using the template by adding property: <property name="net.sf.jasperreports.governor.max.pages.enabled" value="true"/> <property name="net.sf.jasperreports.governor.max.pages" value="{arbitrary number}"/> Whenever you're doing the changes to the ad hoc template, remember to re-generate the reports as these changes are not propagated into existing reports that are using this template.

Scenario: Created a new Topic - myTestTopic - created using Jasperstudio using SQL and creating a jrxml file. The topic was then published to the JasperReports server. User then tried to create a new Adhoc View to make use of this topic but topic is not available in list of sources and also cannot be selected via the Tree View either. Solution: The ad hoc topics need to be put in /adhoc/topics folder. If they are put in any other location, the engine won't pick them up.

Scenario: You've configured your server to connect to LDAPS. You have imported the required LDAPS certificate into your tomcat JVM keystore. Upon opening JRS login page or doing a login attempt on the server side you get an error where {DOMAIN_NAME} is your LDAPS domain and {PORT} is port: Message nested exception is javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: simple bind failed: {DOMAIN_NAME}:{PORT} [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching {DOMAIN_NAME} found.]]Description The server encountered an unexpected condition that prevented it from fulfilling the request.[/code]What can be done about this issue? Solution: The issue is caused by a certificate. This may be related to your Java version since newer versions of Java have stricter verification process. There are some suggestions with regards to how to avoid this problem: https://www.ibm.com/support/pages/how-resolve-ldap-error-javasecuritycertcertificateexception-no-subject-alternative-dns-name-matching-ip-address-found https://medium.com/@sajithekanayaka/solved-java-security-cert-certificateexception-no-subject-alternative-names-present-eec1669faf0d One of the suggestions is to regenerate the certificate so that subject alternate name or certificate's subject name matches the hostname of the LDAP server. Another option would be to try to add this to our tomcat's JVM options: -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

Scenario: When running a security scanner against JasperServer app, a report indicates that JasperServer is vulnerable to clickjacking. What can be done to avoid this issue? Solution: By default clickjacking protection is not enabled but you can enable it in applicationContext-security-web.xml, find the bean: <bean id="webAppSecurityFilter" class="com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter"> <property name="antiClickJackingEnabled" value="false"/> <property name="antiClickJackingOption" value="SAMEORIGIN"/> Switch the antiClickJackingEnabled to true and restart. The information about possible options is contained in the bean comments.

Scenario: You have developed reports in older versions of JasperServer (<7.2.0) which have subreports that connect to different data sources using property <property name="com.jaspersoft.jrs.data.source" value="/organizations/organization_1/datasources/somedatasource"/> Now it's not displaying any data. What could be the problem? Solution: In 7.2.0 and higher the resources belonging to organization need to be referenced from the organizational root instead of repository root. The users that belong to organization and develop reports for organization are not supposed to know there's something above the organization in the repository structure. So for users from organization_1 to run this properly the correct repository path would be the following: <property name="com.jaspersoft.jrs.data.source" value="/datasources/somedatasource"/> Notice the /organizations/organization_1 removed. Same thing applies to any other resource reference such as image, subreport, etc.