Jump to content
We've recently updated our Privacy Statement, available here ×

riteshkumar_c

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Profiles

Forum

Events

Featured Visualizations

Knowledge Base

Documentation (PDF Downloads)

Blog

Documentation (Test Area)

Documentation

Dr. Jaspersoft Webinar Series

Downloads

Everything posted by riteshkumar_c

  1. riteshkumar_c
    We are currently using Jasper Server Pro 3.1 and wish to upgrade it to the higher version 3.5 or 3.7. Please pass on some pointers about the specific functionalities enhancements for the said versions. Primarily we are targetting more robust ad-hoc reporting, thus any pormising feature from the higher versions in terms of ad-hoc reporting willl support our case. Thanks in advance.
  2. riteshkumar_c
    We are using Jasper Server Pro 3.1 and siteminder authentication for single sign on. I understand that user should be created automatically in case some request comes from an authenticated user from request originator and the same doesnt exist on reporting server. But this is not working and users need to be pre-created in Jasper Repository, Please help us on this. Please let us know if there is a tactical solution some one has implemented.
  3. riteshkumar_c
    We are expecting an upgrade activity for our existing setup of Jasper Server Pro 3.1 to Jasper Server Pro 3.5 I understand that JRXMLs can br transported without much difficulty, but need some help about the UI changes. Please let me know in case someone has an insight about it.
  4. riteshkumar_c
    We are trying to implement single sign on configuration using siteminder. But we are being directed to login.html every time. please help, i have added applicationSecurity.xml for reference. the log that is show is as below 13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,226 WARN JILicenseFilter,http-8080-Processor25:104 - License OK. JasperAnalysis Professional Commercial license with no expiration date. 13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,303 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: x.x.x.x; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,392 WARN UserAuthorityServiceImpl,http-8080-Processor24:618 - Added following external roles to: anonymousUser ROLE_ANONYMOUS 13:49:47,403 WARN UserAuthorityServiceImpl,http-8080-Processor24:654 - Updated user: anonymousUser. Roles are now: ROLE_ANONYMOUS ROLE_USER 13:49:47,417 WARN UserAuthorityServiceImpl,http-8080-Processor24:660 - Updated user: anonymousUser. Roles are now: ROLE_ANONYMOUS ROLE_USER Code:--<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd"> <!-- ======================== FILTER CHAIN ======================= ACLs later: requestMethodsFilter Not in 1.0-RC1: exceptionTranslationFilter, Later: ,rememberMeProcessingFilter Web services currently can't use the filter chain because Axis instantiates the web service handler classes, not Spring. However, we can do the context integration filter, which associates a security context with the http session, and call into the Acegi beans from the service handler --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /xmla=httpSessionContextIntegrationFilter,basicProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /services/**=httpSessionContextIntegrationFilter,portletAuthenticationProcessingFilter,basicProcessingFilter,passwordExpirationProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /**=httpSessionContextIntegrationFilter,userPreferencesFilter,authenticationProcessingFilter,userPreferencesFilter,basicProcessingFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter </value> </property> </bean> <!-- updater bean to insert a filter --> <bean id="insertFilter" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterChainProxy"/> <property name="propertyName" value="filterInvocationDefinitionSource"/> <property name="operation" value="insert"/> </bean> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> <property name="siteminderUsernameHeaderKey"><value>sm_user</value></property> <property name="siteminderPasswordHeaderKey"><value>sm_user</value></property> <property name="formUsernameParameterKey"><value>j_username</value></property></bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <!-- not on by default <ref local="ldapAuthenticationProvider"/> --> <ref local="siteminderAuthenticationProvider"/> <ref local="daoAuthenticationProvider"/> <!--<ref local="anonymousAuthenticationProvider"/>--> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> <bean id="siteminderAuthenticationProvider" class="org.acegisecurity.providers.siteminder.SiteminderAuthenticationProvider"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <!-- jdbcDaoImpl --> <!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> --> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <!-- <property name="passwordEncoder"><ref local="passwordEncoder"/></property> --> </bean> <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer"> <property name="allowEncoding"><value>false</value></property> <property name="keyInPlainText"><value>false</value></property> <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C 0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property> <property name="secretKeyAlgorithm"><value>DESede</value></property> <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property> </bean> <!-- <bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider"> <property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property> <property name="loginContextName"> <value>FileLogin</value> </property> <property name="callbackHandlers"> <list> <bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/> <bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/> </list> </property> <property name="authorityGranters"> <list> <bean class="org.appfuse.web.JaasAuthorityGranter"/> </list> </property> </bean> --> <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key"><value>foobar</value></property> <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property> </bean> <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key"><value>foobar</value></property> </bean> <!-- <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> tomcat=536c0b339345616c1b33caf454454d8b8a190d6c,ROLE_USER springlive=2a9152cff1d25b5bbaa3e5fbc7acdc6905c9f251,ROLE_USER </value> </property> </bean> --> <!-- For LDAP authentication <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://scopeserv1:389/dc=panscopic,dc=com"/> --> <!-- You may not need the next properties <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"><value>acegisecurity</value></property> --> <!-- </bean> --> <!-- For LDAP authentication This bean is not used by default <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="initialDirContextFactory" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> --> <!-- For LDAP authentication <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"><list><value>uid={0}</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg index="1"><value></value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property> </bean> </constructor-arg> </bean> --> <bean id="JIAuthenticationSynchronizer" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter"> <property name="externalUserService"><ref bean="userAuthorityService"/></property> </bean> <!-- Automatically receives AuthenticationEvent messages --> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> <bean id="userLocalesList" class="com.jaspersoft.jasperserver.war.common.LocalesListImpl"> <property name="locales"> <list> <value type="java.util.Locale">en</value> <value type="java.util.Locale">fr</value> <value type="java.util.Locale">it</value> <value type="java.util.Locale">es</value> <value type="java.util.Locale">de</value> <value type="java.util.Locale">ro</value> <value type="java.util.Locale">ja</value> <value type="java.util.Locale">zh_TW</value> </list> </property> </bean> <bean id="userPreferencesFilter" class="com.jaspersoft.jasperserver.war.UserPreferencesFilter"> <property name="cookieAge"> <value type="int">86400</value> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <!-- <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="rememberMeServices"><ref local="rememberMeServices"/></property> </bean> <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property> <property name="key"><value>springRocks</value></property> </bean> <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> <property name="key"><value>springRocks</value></property> </bean> --> <!-- Basic Authentication --> <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="portletAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.JIPortletAuthenticationProcessingFilter"> <property name="trustedIpAddress"> <list> <!-- uncomment this if both portal server and web server are running on the same machine --> <!-- <value>127.0.0.1</value> --> </list> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <bean id="passwordExpirationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter"> <property name="userService"> <ref bean="userAuthorityService"/> </property> <property name="passwordExpirationInDays" value="0" /> </bean> <!-- if there is no BASIC auth header, this filter will display a 401 error thanks to the entry point --> <bean id="basicAuthExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName"><value>Protected Area</value></property> </bean> <!-- Form-based Authentication <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> </bean> --> <!-- CWS <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean>--> <bean id="requestParameterAuthenticationFilter" class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginerror.html</value></property> <property name="excludeUrls"> <list> <value>/j_acegi_switch_user</value> </list> </property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.html</value></property> <property name="forceHttps"><value>false</value></property> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> <property name="context"><value>org.acegisecurity.context.security.SecureContextImpl</value></property> </bean> --> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/WEB-INF/jsp/AccessDeniedPage.jsp"/> </bean> </property> </bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> <!-- <bean id="runAsManager" class="org.acegisecurity.runas.RunAsImplAuthenticationProvider"> <property name="key"><value>my_run_as_password</value></property> </bean> --> <bean id="requestMethodsFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> <!-- Optionally, you can specify a "rolePrefix" property to change (or remove) the ROLE_ prefix for role names. --> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last ========= JasperServer Note ============== There are currently three roles: ROLE_ANONYMOUS (i.e. not logged in) ROLE_USER ROLE_ADMINISTRATOR Any page accessible by a non-admin user (or by someone not logged in) must be added explicitly. Any other pages are assumed to require the admin role --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <!-- <property name="runAsManager"><ref bean="runAsManager"/></property> --> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /home.html=ROLE_USER,ROLE_ADMINISTRATOR /flow.html=ROLE_USER,ROLE_ADMINISTRATOR /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR /j_acegi_switch_user*=ROLE_ADMINISTRATOR /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR /olap/**=ROLE_USER,ROLE_ADMINISTRATOR /xmla=ROLE_USER,ROLE_ADMINISTRATOR /services/**=ROLE_USER,ROLE_ADMINISTRATOR /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <!-- updater bean to set the roles allowed to get to a URL --> <bean id="setRolesForURL" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterInvocationInterceptor"/> <property name="propertyName" value="objectDefinitionSource"/> <property name="operation" value="append"/> </bean> <!-- get these done last --> <bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater"> <property name="definition" ref="setRolesForURL"/> <property name="order" value="1000000000"/> <property name="value"> <value> /*.html=ROLE_ADMINISTRATOR /*.jsp=ROLE_ADMINISTRATOR </value> </property> </bean> <!-- switchUserProcessingFilter for "login-as" feature --> <bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <property name="switchUserUrl"><value>/j_acegi_switch_user</value></property> <property name="exitUserUrl"><value>/j_acegi_exit_user</value></property> <property name="targetUrl"><value>/home.html</value></property> </bean> <!-- ===================== ACL-BASED SECURITY ==================== --> <!-- ACL permission masks used by this application --> <bean id="SimpleAclEntry.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value> </property> </bean> <bean id="SimpleAclEntry.READ_WRITE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ_WRITE</value> </property> </bean> <bean id="SimpleAclEntry.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ</value> </property> </bean> <bean id="SimpleAclEntry.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value> </property> </bean> <!-- An access decision voter that reads ACL_USER_ADMIN settings --> <bean id="aclUserAdminVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_ADMIN</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserReadVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_READ</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_UPDATE settings --> <bean id="aclUserUpdateVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_UPDATE</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserDeleteVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_DELETE</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <!-- An access decision manager used by the business objects --> <bean id="aclAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="roleVoter"/> <ref local="aclUserAdminVoter"/> <ref local="aclUserUpdateVoter"/> <!-- <ref local="aclUserCreateVoter"/> --> <ref local="aclUserDeleteVoter"/> <ref local="aclUserReadVoter"/> <ref local="aclUserMoveVoter"/> <ref local="aclUserCopyVoter"/> </list> </property> </bean> <!-- ========= ACCESS CONTROL LIST MANAGER DEFINITIONS ========= --> <bean id="aclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <!-- ===================== METHOD-LEVEL SECURITY ==================== Read methods: getResource getResourceData - Does not return a resource getContentResourceData - Does not return a resource getFolder getAllFolders getSubFolders findResource loadResourcesList* loadClientResources* getChildrenFolderName - Does not return a resource Write methods: saveFolder - Problems handling not existent objects... saveResource - Problems handling not existent objects... newResource - Not useful.... Delete methods: deleteResource deleteFolder delete - Not useful.... --> <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <bean id="repositoryServiceMethodSecurity" class="com.jaspersoft.jasperserver.api.common.util.spring.SimplePropertyFactoryBean"> <property name="objectType" value="org.acegisecurity.intercept.method.MethodDefinitionSource"/> <property name="value"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveFolder=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveResource=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyResource=ACL_USER_COPY com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyFolder=ACL_USER_COPY </value> </property> </bean> <!-- Not used <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.getRepoResource=ROLE_PermissionTestRoleAgain,AFTER_ACL_READ com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.loadResourcesList=ROLE_PermissionTestRole,ROLE_PermissionTestRoleAgain,AFTER_ACL_COLLECTION_READ </value> </property> </bean> <bean id="domainObjectInstanceSecurityAspect" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.ObjectSecurityAspect" factory-method="aspectOf"> <property name="securityInterceptor"><ref local="hibernateRepoServiceSecurity"/></property> </bean> --> <!-- ============== "AFTER INTERCEPTION" AUTHORIZATION =========== --> <bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> </list> </property> </bean> <bean id="afterInvocationManagerForUpdate" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> <ref local="afterAclCollectionUpdate"/> </list> </property> </bean> <!-- Processes AFTER_ACL_COLLECTION_READ configuration settings --> <bean id="afterAclCollectionRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- Processes AFTER_ACL_READ configuration settings --> <bean id="afterAclRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!--Processes AFTER_ACL_COLLECTION_UPDATE configuration settings--> <bean id="afterAclCollectionUpdate" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"> <ref local="aclManager"/> </property> <property name="processConfigAttribute"> <value>AFTER_ACL_COLLECTION_UPDATE</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer"> <property name="customEditors"> <map> <entry key="com.jaspersoft.jasperserver.war.security.FlowDefinitionSource"> <bean class="com.jaspersoft.jasperserver.war.security.FlowDefinitionSourceEditor"/> </entry> <entry key="org.acegisecurity.ConfigAttribute"> <bean class="com.jaspersoft.jasperserver.api.metadata.security.ConfigAttributeEditor"/> </entry> </map> </property> </bean> <bean id="flowAclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter"> <property name="flowAccessAttribute" value="FLOW_ACCESS"/> <property name="flowDefinitionSource"> <value> repoAdminFlow=ROLE_ADMINISTRATOR userListFlow=ROLE_ADMINISTRATOR roleListFlow=ROLE_ADMINISTRATOR reportUnitFlow=ROLE_ADMINISTRATOR olapUnitFlow=ROLE_ADMINISTRATOR olapClientConnectionFlow=ROLE_ADMINISTRATOR mondrianXmlaSourceFlow=ROLE_ADMINISTRATOR editFolderFlow=ROLE_ADMINISTRATOR fileResourceFlow=ROLE_ADMINISTRATOR dataTypeFlow=ROLE_ADMINISTRATOR listOfValuesFlow=ROLE_ADMINISTRATOR queryFlow=ROLE_ADMINISTRATOR reportDataSourceFlow=ROLE_ADMINISTRATOR inputControlsFlow=ROLE_ADMINISTRATOR objectPermissionToRoleFlow=ROLE_ADMINISTRATOR userEditFlow=ROLE_ADMINISTRATOR roleEditFlow=ROLE_ADMINISTRATOR queryReferenceFlow=ROLE_ADMINISTRATOR objectPermissionToUserFlow=ROLE_ADMINISTRATOR repositoryExplorerFlow=ROLE_USER,ROLE_ADMINISTRATOR *=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <bean id="flowAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="flowVoter"/> </list> </property> </bean> <bean id="flowExecuterSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="flowAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> org.springframework.webflow.executor.FlowExecutor.launch=FLOW_ACCESS </value> </property> </bean> <bean id="checkAclUpdateInterceptor" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.CheckMethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <!-- Use for saveResource --> <bean id="securityCheckerForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="checkAclUpdateInterceptor"/> </list> </property> </bean> <!-- Utility class using securityCheckerForAclUpdate --> <bean id="repositoryServiceSecurityChecker" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.RepositoryServiceSecurityChecker"> <property name="securityChecker"> <ref local="securityCheckerForAclUpdate"/> </property> </bean> <!-- run other interceptors if the user has update access. --> <bean id="aclUpdateMethodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE </value> </property> </bean> <!-- Use for getAllFolders: will run repositoryService methods if the user has update access. --> <bean id="repositoryServiceForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="hibernateRepoServiceTransactionInterceptor" /> <idref bean="aclUpdateMethodSecurityInterceptor"/> <idref bean="hibernateRepositoryService"/> </list> </property> </bean> <bean id="aclUserMoveVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_MOVE"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> </list> </property> </bean> <bean id="aclUserCopyVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_COPY"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> <property name="argumentFunctor">
  5. riteshkumar_c
    We are trying to implement single sign on configuration using siteminder. But we are being directed to login.html every time. please help, i have added applicationSecurity.xml for reference. the log that is show is as below 13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,226 WARN JILicenseFilter,http-8080-Processor25:104 - License OK. JasperAnalysis Professional Commercial license with no expiration date. 13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,303 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS' 13:49:47,392 WARN UserAuthorityServiceImpl,http-8080-Processor24:618 - Added following external roles to: anonymousUser ROLE_ANONYMOUS 13:49:47,403 WARN UserAuthorityServiceImpl,http-8080-Processor24:654 - Updated user: anonymousUser. Roles are now: ROLE_ANONYMOUS ROLE_USER 13:49:47,417 WARN UserAuthorityServiceImpl,http-8080-Processor24:660 - Updated user: anonymousUser. Roles are now: ROLE_ANONYMOUS ROLE_USER Code:--<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd"> <!-- ======================== FILTER CHAIN ======================= ACLs later: requestMethodsFilter Not in 1.0-RC1: exceptionTranslationFilter, Later: ,rememberMeProcessingFilter Web services currently can't use the filter chain because Axis instantiates the web service handler classes, not Spring. However, we can do the context integration filter, which associates a security context with the http session, and call into the Acegi beans from the service handler --> <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /xmla=httpSessionContextIntegrationFilter,basicProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /services/**=httpSessionContextIntegrationFilter,portletAuthenticationProcessingFilter,basicProcessingFilter,passwordExpirationProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor /**=httpSessionContextIntegrationFilter,userPreferencesFilter,authenticationProcessingFilter,userPreferencesFilter,basicProcessingFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter </value> </property> </bean> <!-- updater bean to insert a filter --> <bean id="insertFilter" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterChainProxy"/> <property name="propertyName" value="filterInvocationDefinitionSource"/> <property name="operation" value="insert"/> </bean> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> <property name="siteminderUsernameHeaderKey"><value>sm_user</value></property> <property name="siteminderPasswordHeaderKey"><value>sm_user</value></property> <property name="formUsernameParameterKey"><value>j_username</value></property></bean> <!-- ======================== AUTHENTICATION ======================= --> <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <!-- not on by default <ref local="ldapAuthenticationProvider"/> --> <ref local="siteminderAuthenticationProvider"/> <ref local="daoAuthenticationProvider"/> <!--<ref local="anonymousAuthenticationProvider"/>--> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> <bean id="siteminderAuthenticationProvider" class="org.acegisecurity.providers.siteminder.SiteminderAuthenticationProvider"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> </bean> <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider"> <!-- jdbcDaoImpl --> <!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> --> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <!-- <property name="passwordEncoder"><ref local="passwordEncoder"/></property> --> </bean> <bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer"> <property name="allowEncoding"><value>false</value></property> <property name="keyInPlainText"><value>false</value></property> <property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C 0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property> <property name="secretKeyAlgorithm"><value>DESede</value></property> <property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property> </bean> <!-- <bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider"> <property name="loginConfig"> <value>/WEB-INF/login.conf</value> </property> <property name="loginContextName"> <value>FileLogin</value> </property> <property name="callbackHandlers"> <list> <bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/> <bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/> </list> </property> <property name="authorityGranters"> <list> <bean class="org.appfuse.web.JaasAuthorityGranter"/> </list> </property> </bean> --> <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key"><value>foobar</value></property> <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property> </bean> <bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key"><value>foobar</value></property> </bean> <!-- <bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userMap"> <value> tomcat=536c0b339345616c1b33caf454454d8b8a190d6c,ROLE_USER springlive=2a9152cff1d25b5bbaa3e5fbc7acdc6905c9f251,ROLE_USER </value> </property> </bean> --> <!-- For LDAP authentication <bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory"> <constructor-arg value="ldap://scopeserv1:389/dc=panscopic,dc=com"/> --> <!-- You may not need the next properties <property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property> <property name="managerPassword"><value>acegisecurity</value></property> --> <!-- </bean> --> <!-- For LDAP authentication This bean is not used by default <bean id="userSearch" class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value></value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="initialDirContextFactory" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> --> <!-- For LDAP authentication <bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg> <property name="userDnPatterns"><list><value>uid={0}</value></list></property> </bean> </constructor-arg> <constructor-arg> <bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg> <constructor-arg index="1"><value></value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property> </bean> </constructor-arg> </bean> --> <bean id="JIAuthenticationSynchronizer" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter"> <property name="externalUserService"><ref bean="userAuthorityService"/></property> </bean> <!-- Automatically receives AuthenticationEvent messages --> <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/> <bean id="userLocalesList" class="com.jaspersoft.jasperserver.war.common.LocalesListImpl"> <property name="locales"> <list> <value type="java.util.Locale">en</value> <value type="java.util.Locale">fr</value> <value type="java.util.Locale">it</value> <value type="java.util.Locale">es</value> <value type="java.util.Locale">de</value> <value type="java.util.Locale">ro</value> <value type="java.util.Locale">ja</value> <value type="java.util.Locale">zh_TW</value> </list> </property> </bean> <bean id="userPreferencesFilter" class="com.jaspersoft.jasperserver.war.UserPreferencesFilter"> <property name="cookieAge"> <value type="int">86400</value> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <!-- <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="rememberMeServices"><ref local="rememberMeServices"/></property> </bean> <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"> <property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property> <property name="key"><value>springRocks</value></property> </bean> <bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"> <property name="key"><value>springRocks</value></property> </bean> --> <!-- Basic Authentication --> <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="portletAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.JIPortletAuthenticationProcessingFilter"> <property name="trustedIpAddress"> <list> <!-- uncomment this if both portal server and web server are running on the same machine --> <!-- <value>127.0.0.1</value> --> </list> </property> <property name="userService"> <ref bean="userAuthorityService"/> </property> </bean> <bean id="passwordExpirationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter"> <property name="userService"> <ref bean="userAuthorityService"/> </property> <property name="passwordExpirationInDays" value="0" /> </bean> <!-- if there is no BASIC auth header, this filter will display a 401 error thanks to the entry point --> <bean id="basicAuthExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property> </bean> <bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName"><value>Protected Area</value></property> </bean> <!-- Form-based Authentication <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> </bean> --> <!-- CWS <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.html?error=1</value></property> <property name="defaultTargetUrl"><value>/loginsuccess.html</value></property> <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property> </bean>--> <bean id="requestParameterAuthenticationFilter" class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/loginerror.html</value></property> <property name="excludeUrls"> <list> <value>/j_acegi_switch_user</value> </list> </property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.html</value></property> <property name="forceHttps"><value>false</value></property> </bean> <!-- ===================== HTTP REQUEST SECURITY ==================== <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"> <property name="context"><value>org.acegisecurity.context.security.SecureContextImpl</value></property> </bean> --> <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/WEB-INF/jsp/AccessDeniedPage.jsp"/> </bean> </property> </bean> <bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref bean="roleVoter"/> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> <!-- <bean id="runAsManager" class="org.acegisecurity.runas.RunAsImplAuthenticationProvider"> <property name="key"><value>my_run_as_password</value></property> </bean> --> <bean id="requestMethodsFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> <!-- Optionally, you can specify a "rolePrefix" property to change (or remove) the ROLE_ prefix for role names. --> <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/> <!-- Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last ========= JasperServer Note ============== There are currently three roles: ROLE_ANONYMOUS (i.e. not logged in) ROLE_USER ROLE_ADMINISTRATOR Any page accessible by a non-admin user (or by someone not logged in) must be added explicitly. Any other pages are assumed to require the admin role --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref bean="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <!-- <property name="runAsManager"><ref bean="runAsManager"/></property> --> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY /home.html=ROLE_USER,ROLE_ADMINISTRATOR /flow.html=ROLE_USER,ROLE_ADMINISTRATOR /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR /j_acegi_switch_user*=ROLE_ADMINISTRATOR /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR /olap/**=ROLE_USER,ROLE_ADMINISTRATOR /xmla=ROLE_USER,ROLE_ADMINISTRATOR /services/**=ROLE_USER,ROLE_ADMINISTRATOR /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <!-- updater bean to set the roles allowed to get to a URL --> <bean id="setRolesForURL" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition"> <property name="order" value="10"/> <property name="beanName" value="filterInvocationInterceptor"/> <property name="propertyName" value="objectDefinitionSource"/> <property name="operation" value="append"/> </bean> <!-- get these done last --> <bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater"> <property name="definition" ref="setRolesForURL"/> <property name="order" value="1000000000"/> <property name="value"> <value> /*.html=ROLE_ADMINISTRATOR /*.jsp=ROLE_ADMINISTRATOR </value> </property> </bean> <!-- switchUserProcessingFilter for "login-as" feature --> <bean id="switchUserProcessingFilter" class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter"> <property name="userDetailsService"><ref bean="userAuthorityService"/></property> <property name="switchUserUrl"><value>/j_acegi_switch_user</value></property> <property name="exitUserUrl"><value>/j_acegi_exit_user</value></property> <property name="targetUrl"><value>/home.html</value></property> </bean> <!-- ===================== ACL-BASED SECURITY ==================== --> <!-- ACL permission masks used by this application --> <bean id="SimpleAclEntry.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value> </property> </bean> <bean id="SimpleAclEntry.READ_WRITE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ_WRITE</value> </property> </bean> <bean id="SimpleAclEntry.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.READ</value> </property> </bean> <bean id="SimpleAclEntry.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean"> <property name="staticField"> <value>org.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value> </property> </bean> <!-- An access decision voter that reads ACL_USER_ADMIN settings --> <bean id="aclUserAdminVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_ADMIN</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserReadVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_READ</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_UPDATE settings --> <bean id="aclUserUpdateVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_UPDATE</value> </property> <property name="processDomainObjectClass"> <value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <!-- An access decision voter that reads ACL_USER_READ settings --> <bean id="aclUserDeleteVoter" class="org.acegisecurity.vote.BasicAclEntryVoter"> <property name="aclManager"><ref local="aclManager"/></property> <property name="processConfigAttribute"> <value>ACL_USER_DELETE</value> </property> <property name="processDomainObjectClass"> <value>java.lang.String</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <!-- An access decision manager used by the business objects --> <bean id="aclAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="roleVoter"/> <ref local="aclUserAdminVoter"/> <ref local="aclUserUpdateVoter"/> <!-- <ref local="aclUserCreateVoter"/> --> <ref local="aclUserDeleteVoter"/> <ref local="aclUserReadVoter"/> <ref local="aclUserMoveVoter"/> <ref local="aclUserCopyVoter"/> </list> </property> </bean> <!-- ========= ACCESS CONTROL LIST MANAGER DEFINITIONS ========= --> <bean id="aclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <!-- ===================== METHOD-LEVEL SECURITY ==================== Read methods: getResource getResourceData - Does not return a resource getContentResourceData - Does not return a resource getFolder getAllFolders getSubFolders findResource loadResourcesList* loadClientResources* getChildrenFolderName - Does not return a resource Write methods: saveFolder - Problems handling not existent objects... saveResource - Problems handling not existent objects... newResource - Not useful.... Delete methods: deleteResource deleteFolder delete - Not useful.... --> <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <bean id="repositoryServiceMethodSecurity" class="com.jaspersoft.jasperserver.api.common.util.spring.SimplePropertyFactoryBean"> <property name="objectType" value="org.acegisecurity.intercept.method.MethodDefinitionSource"/> <property name="value"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_READ com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_ADMIN,ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveFolder=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveResource=ACL_USER_MOVE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyResource=ACL_USER_COPY com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyFolder=ACL_USER_COPY </value> </property> </bean> <!-- Not used <bean id="hibernateRepoServiceSecurity" class="org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property> <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.getRepoResource=ROLE_PermissionTestRoleAgain,AFTER_ACL_READ com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.loadResourcesList=ROLE_PermissionTestRole,ROLE_PermissionTestRoleAgain,AFTER_ACL_COLLECTION_READ </value> </property> </bean> <bean id="domainObjectInstanceSecurityAspect" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.ObjectSecurityAspect" factory-method="aspectOf"> <property name="securityInterceptor"><ref local="hibernateRepoServiceSecurity"/></property> </bean> --> <!-- ============== "AFTER INTERCEPTION" AUTHORIZATION =========== --> <bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> </list> </property> </bean> <bean id="afterInvocationManagerForUpdate" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager"> <property name="providers"> <list> <ref local="afterAclRead"/> <ref local="afterAclCollectionRead"/> <ref local="afterAclCollectionUpdate"/> </list> </property> </bean> <!-- Processes AFTER_ACL_COLLECTION_READ configuration settings --> <bean id="afterAclCollectionRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!-- Processes AFTER_ACL_READ configuration settings --> <bean id="afterAclRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider"> <property name="aclManager"><ref local="aclManager"/></property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <!--Processes AFTER_ACL_COLLECTION_UPDATE configuration settings--> <bean id="afterAclCollectionUpdate" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider"> <property name="aclManager"> <ref local="aclManager"/> </property> <property name="processConfigAttribute"> <value>AFTER_ACL_COLLECTION_UPDATE</value> </property> <property name="requirePermission"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> <bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer"> <property name="customEditors"> <map> <entry key="com.jaspersoft.jasperserver.war.security.FlowDefinitionSource"> <bean class="com.jaspersoft.jasperserver.war.security.FlowDefinitionSourceEditor"/> </entry> <entry key="org.acegisecurity.ConfigAttribute"> <bean class="com.jaspersoft.jasperserver.api.metadata.security.ConfigAttributeEditor"/> </entry> </map> </property> </bean> <bean id="flowAclManager" class="org.acegisecurity.acl.AclProviderManager"> <property name="providers"> <list> <ref bean="objectPermissionService"/> </list> </property> </bean> <bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter"> <property name="flowAccessAttribute" value="FLOW_ACCESS"/> <property name="flowDefinitionSource"> <value> repoAdminFlow=ROLE_ADMINISTRATOR userListFlow=ROLE_ADMINISTRATOR roleListFlow=ROLE_ADMINISTRATOR reportUnitFlow=ROLE_ADMINISTRATOR olapUnitFlow=ROLE_ADMINISTRATOR olapClientConnectionFlow=ROLE_ADMINISTRATOR mondrianXmlaSourceFlow=ROLE_ADMINISTRATOR editFolderFlow=ROLE_ADMINISTRATOR fileResourceFlow=ROLE_ADMINISTRATOR dataTypeFlow=ROLE_ADMINISTRATOR listOfValuesFlow=ROLE_ADMINISTRATOR queryFlow=ROLE_ADMINISTRATOR reportDataSourceFlow=ROLE_ADMINISTRATOR inputControlsFlow=ROLE_ADMINISTRATOR objectPermissionToRoleFlow=ROLE_ADMINISTRATOR userEditFlow=ROLE_ADMINISTRATOR roleEditFlow=ROLE_ADMINISTRATOR queryReferenceFlow=ROLE_ADMINISTRATOR objectPermissionToUserFlow=ROLE_ADMINISTRATOR repositoryExplorerFlow=ROLE_USER,ROLE_ADMINISTRATOR *=ROLE_USER,ROLE_ADMINISTRATOR </value> </property> </bean> <bean id="flowAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>true</value></property> <property name="decisionVoters"> <list> <ref local="flowVoter"/> </list> </property> </bean> <bean id="flowExecuterSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="flowAccessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> org.springframework.webflow.executor.FlowExecutor.launch=FLOW_ACCESS </value> </property> </bean> <bean id="checkAclUpdateInterceptor" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.CheckMethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property> </bean> <!-- Use for saveResource --> <bean id="securityCheckerForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="checkAclUpdateInterceptor"/> </list> </property> </bean> <!-- Utility class using securityCheckerForAclUpdate --> <bean id="repositoryServiceSecurityChecker" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.RepositoryServiceSecurityChecker"> <property name="securityChecker"> <ref local="securityCheckerForAclUpdate"/> </property> </bean> <!-- run other interceptors if the user has update access. --> <bean id="aclUpdateMethodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor"> <property name="authenticationManager"> <ref local="authenticationManager"/> </property> <property name="accessDecisionManager"> <ref local="aclAccessDecisionManager"/> </property> <property name="afterInvocationManager"> <ref local="afterInvocationManagerForUpdate"/> </property> <property name="objectDefinitionSource"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_UPDATE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE </value> </property> </bean> <!-- Use for getAllFolders: will run repositoryService methods if the user has update access. --> <bean id="repositoryServiceForAclUpdate" class="org.springframework.aop.framework.ProxyFactoryBean"> <property name="proxyInterfaces"> <value> com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService </value> </property> <property name="interceptorNames"> <list> <idref bean="hibernateRepoServiceTransactionInterceptor" /> <idref bean="aclUpdateMethodSecurityInterceptor"/> <idref bean="hibernateRepositoryService"/> </list> </property> </bean> <bean id="aclUserMoveVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_MOVE"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.DELETE"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </property> </bean> </list> </property> </bean> <bean id="aclUserCopyVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter"> <property name="configAttribute" value="ACL_USER_COPY"/> <property name="aclManager" ref="aclManager"/> <property name="argumentVoters"> <list> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="1"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ"/> </list> </property> </bean> <bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter"> <property name="argumentType" value="java.lang.String"/> <property name="argumentIndex" value="2"/> <property name="accessPermissions"> <list> <ref local="SimpleAclEntry.ADMINISTRATION"/> <ref local="SimpleAclEntry.READ_WRITE"/> </list> </prope
  6. riteshkumar_c
    I am new to Jasper Server. Can some body please confirm if Jasper Server Pro 3.1 filter while creating domains? I have read some documentation which says that it is supported in Jasper Server Pro 3.5. Any help would be much appriciated. cheers, Ritesh
  7. riteshkumar_c
    Thanks, it worked. ./js-import.sh --input-dir export_dir --update /my_reports Do you have any idea how we can export backup of the old ones before replacing them. Thanks in advance.
  8. riteshkumar_c
    Can you please help me with the exact command? Currently i am using the below mentioned ./js-import.sh --input-dir export_dir --prepend-path /my_reports
  9. riteshkumar_c
    Can some body help me with replacing existing resources in bulk? I understand that the js-import utility prompts an error when you try to replace an existing report, is there any way to overwrite it?
×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore