dlitvak

I don't believe external auth has changed in 6.3 or 6.4.x 6.4.2 is the latest Jasperserver version, not 6.4.3

It's not so bad as sessions expire. You can set the following properties in <bean id="proxyPreAuthenticatedProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.preauth.BasePreAuthenticatedProcessingFilter">[/code]<property name="checkForPrincipalChanges" value="true"/><property name="invalidateSessionOnPrincipalChange" value="true"/> These properties are coming from Spring class of which the bean class is a subclass.

Any errors?

There should be no difference between ce and pro in pwd encryption.

What link did you follow? Were there any javascript errors? F12 -> Console in Chrome What about log errors in jasperserver.log?

Note that unless you specifically use external authentication to authenticate users via rest or webservices, proxyBasicProcessingFilter can me completely removed from the sample file. As a result of this, delegatingPreAuthenticatedFilter in applicationContext-security-web.xml will fall back on the non-external basicProcessingFilter behaviour. Sample file is provided just as that. It includes more scenarios than you might need.

It is fixed in 5.6 according to defect 35935 records that I filed.

Please post jasper logs at debug level, version of the server, customization details, etc.

This is going to be fixed in 5.6 release. 5.6 has been scheduled for April.

sorry, d{5,} should not work as the encrypted passwords are hex. It's a bug anyways.

James, It's a definite bug which was introduced in 5.1. I opened an issue and linked it to the original bug, which I re-opened. So far, the engineer works to make it fixed in 5.6. Sorry for any inconvenience. Dmitriy

Sounds like a bug, logging it.

Try with a simpler regex first to see if it works. ^d{5,}$ for example. Most likely it won't, but still. Have you enable some js password encryption? encryption.on=true in security-config.properties?

Could you please post a stack trace? Some config excerpts could be helpful too.

Please note that password hashing has been broken. The part that is broken hashing-wise is user creation and user reading from db. We plan to fix it in 5.6 or 6.0. Sha-1/MD5 are deprecated for password encryption. They are considered as broken. Please use SHA-2 or better. I have only heard of other possibilities like scrypt, bcrypt.