jay_2

We have users/tenants created via SSO integration and I'd like to provide access to multiple tenants' data in a domain when the user has access to multiple tenants. In the application database, we use a client_id and this is mapped to JRS as the tentantId. Able to restrict on the logged in tenant using the following in the domain security file: <principalExpression>authentication.principal.tenantId != null</principalExpression> <filterExpression>public_item_cost_stage.client_id in (groovy('authentication.principal.getTenantId()'))</filterExpression>[/code]I see in the JIUser table it would be very simple to retrieve a list of tenantIds. SELECT tenantId FROM JIUser WHERE username = 'Bob'[/code]My challenge is I don't know how to achieve this using JRS/XML methods. I need row level security based on the client_id/tenantId. It might be accomplished if I could get a list or array of allowed tenantIds for my client_id to match against. A lot like using IN in postgres. Is there a method like authentication.principal.getTenantIds() ? EDIT: No, there is no method returning multiple tenantIds. Found the API and it clearly supports only a single value returned as the tenantId. (https://github.com/spigit-inc/jaspersoft-password-util/blob/master/com/jaspersoft/jasperserver/api/metadata/user/domain/impl/client/MetadataUserDetails.java) Any suggestions how I might achieve this result? TIA, Jay

Having the same trouble here. Running as root per the SO post is not an option and is an inappropriate solution for a production system. I would not even suggest this to our devops. The issue is with PhantomJS and its default log location being the file system root. There is an option for phantomjs '--webdriver-logfile' which might be used to set the logfile location, but this would need to be done in the JRS code calling it. Tried a couple ways to pass this: - adding the arg in applicationContext-pro-remote-services.xml: <property name="phantomExec" value="${phantomjs.binary:} --webdriver-logfile=/tmp/phantomjsdriver.log"/> - adding the option in js.config.properties: phantomjs.binary='/usr/bin/phatomjs --webdriver-logfile=/tmp/phantomjsdriver.log' EDIT: both tries above cause it to fail immediately as an invalid path to phantomjs Has anyone solved this without running tomcat as root? UPDATE: Able to work around this by creating the logfile at /phantomjsdriver.log and making tomcat owner. It now writes to the log. It is rather verbose and it is really a pain to not have this located in a proper logs directory. However, the export is empty when trying to export the dashboard. It works to export an individual chart. UPDATE: Solution to this is to set deploy.base.local.url in js.config.properties right below phantomjs.binary

I'm not sure if this would work for a domain, but I can pass parameters using a topic by adding to the query. SELECT *, ($P{date_start}::DATE) as start_date, ($P{date_end}::DATE) as end_date[/code]Hope this helps! Jay

Brilliant solution, Ankur. Thank you. Too bad it's so difficult to implement such an obvious thing. Jay

I wasn't careful about which stack trace I put here, my bad. Same result using LoggedInUserTenantId per docs. Reason for the variation (tried 8 or 10) is I had info suggesting it may be a case issue with the parameter. Jay

The issue is a defect in Jaspersoft Pro 6.0.1 where the parameter LoggedInUserTenantId does not initialize when the user is not associated with an organization. It works when a JRS user with an org uses it. It does not work when a user is in the application that embeds JRS via SSO. Waiting on an ETA for a patch. Jay

Updated from 5.6.1 -> 6.0.1 and query driven input controls throw the error: Parameter "LoggedInUserTenantId" does not exist" There is no reference of this in Tracker and the docs confirm the parameter should be correct. Have used this type of query as shown since 4.5.8. The query is: SELECT client_id, nameFROM cv_clientWHERE ( account_name ILIKE TRIM($P{LoggedInUsername}::VARCHAR) ) AND ( ( NULLIF($P{LoggedInUserTenantId}::VARCHAR,'')::INT IS NULL ) OR ( client_id = NULLIF($P{LoggedInUserTenantId}::VARCHAR,'')::INT ) ) AND client_id <> 0ORDER BY name[/code]Anyone else see this? JRS Pro on CentOS in AWS. TIA, Jay Wanted to attach full stack trace as a file, but cannot so here it is... Parameter "LoggedInUserTenantid" does not exist. net.sf.jasperreports.engine.JRRuntimeException: Parameter "LoggedInUserTenantid" does not exist. at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.checkParameter(JRAbstractQueryExecuter.java:824) at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.appendParameterChunk(JRAbstractQueryExecuter.java:405) at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.appendQueryChunk(JRAbstractQueryExecuter.java:378) at net.sf.jasperreports.engine.query.JRAbstractQueryExecuter.parseQuery(JRAbstractQueryExecuter.java:358) at net.sf.jasperreports.engine.query.JRJdbcQueryExecuter.<init>(JRJdbcQueryExecuter.java:139) at net.sf.jasperreports.engine.query.JRJdbcQueryExecuter.<init>(JRJdbcQueryExecuter.java:147) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRTimezoneJdbcQueryExecuter.<init>(JRTimezoneJdbcQueryExecuter.java:127) at com.jaspersoft.commons.util.JSControlledJdbcQueryExecuter.<init>(JSControlledJdbcQueryExecuter.java:65) at com.jaspersoft.commons.util.JSControlledJdbcQueryExecuterFactory.createQueryExecuter(JSControlledJdbcQueryExecuterFactory.java:26) at net.sf.jasperreports.engine.query.AbstractQueryExecuterFactory.createQueryExecuter(AbstractQueryExecuterFactory.java:49) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRQueryExecuterAdapter.executeQuery(JRQueryExecuterAdapter.java:106) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRQueryExecuterAdapter.executeQuery(JRQueryExecuterAdapter.java:83) at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.executeQuery(EngineServiceImpl.java:2154) at sun.reflect.GeneratedMethodAccessor502.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at com.sun.proxy.$Proxy62.executeQuery(Unknown Source) at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EhcacheEngineService.executeQuery(EhcacheEngineService.java:79) at com.jaspersoft.jasperserver.war.cascade.CachedEngineService.executeQuery(CachedEngineService.java:136) at com.jaspersoft.jasperserver.war.cascade.handlers.QueryValuesLoader.loadValues(QueryValuesLoader.java:90) at com.jaspersoft.jasperserver.war.cascade.handlers.SingleSelectListInputControlHandler.fillStateValue(SingleSelectListInputControlHandler.java:117) at com.jaspersoft.jasperserver.war.cascade.handlers.BasicInputControlHandler.getState(BasicInputControlHandler.java:128) at com.jaspersoft.jasperserver.war.cascade.GenericInputControlLogic.getValuesForInputControls(GenericInputControlLogic.java:205) at com.jaspersoft.jasperserver.war.cascade.GenericInputControlLogic.getValuesForInputControlsFromRawData(GenericInputControlLogic.java:244) at com.jaspersoft.jasperserver.war.cascade.InputControlsLogicServiceImpl$4.callByContainer(InputControlsLogicServiceImpl.java:196) at com.jaspersoft.jasperserver.war.cascade.InputControlsLogicServiceImpl$4.callByContainer(InputControlsLogicServiceImpl.java:188) at com.jaspersoft.jasperserver.war.cascade.InputControlsLogicServiceImpl.callControlLogic(InputControlsLogicServiceImpl.java:244) at com.jaspersoft.jasperserver.war.cascade.InputControlsLogicServiceImpl.getValuesForInputControls(InputControlsLogicServiceImpl.java:188) at com.jaspersoft.jasperserver.war.cascade.InputControlsLogicServiceImpl.getInputControlsWithValues(InputControlsLogicServiceImpl.java:129) at com.jaspersoft.jasperserver.jaxrs.report.InputControlsJaxrsService$1.call(InputControlsJaxrsService.java:113) at com.jaspersoft.jasperserver.jaxrs.report.InputControlsJaxrsService$1.call(InputControlsJaxrsService.java:105) at com.jaspersoft.jasperserver.jaxrs.report.ReportsServiceCallTemplate.callRemoteService(ReportsServiceCallTemplate.java:49) at com.jaspersoft.jasperserver.remote.common.RemoteServiceWrapper.callRemoteService(RemoteServiceWrapper.java:44) at com.jaspersoft.jasperserver.jaxrs.report.InputControlsJaxrsService.internalGetReportInputParameters(InputControlsJaxrsService.java:105) at com.jaspersoft.jasperserver.jaxrs.report.InputControlsJaxrsService.getReportInputParametersViaPost(InputControlsJaxrsService.java:94) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205) at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302) at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.jaspersoft.jasperserver.war.StaticFilesCacheControlFilter.doFilter(StaticFilesCacheControlFilter.java:163) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter.doFilter(MetadataAuthenticationProcessingFilter.java:98) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter.doFilter(RequestParameterAuthenticationFilter.java:99) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.multipleTenancy.MTBasicProcessingFilter.doFilter(MTBasicProcessingFilter.java:194) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:210) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.war.NullFilter.doFilter(NullFilter.java:43) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.war.UserPreferencesFilter.doFilter(UserPreferencesFilter.java:210) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.api.logging.filter.BasicLoggingFilter.doFilter(BasicLoggingFilter.java:53) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.api.security.JSCsrfGuardFilter.doFilter(JSCsrfGuardFilter.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter.doFilter(WebAppSecurityFilter.java:80) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.war.NullFilter.doFilter(NullFilter.java:43) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.jasperserver.api.security.encryption.EncryptionFilter.doFilter(EncryptionFilter.java:150) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at com.jaspersoft.ji.license.JILicenseFilter.doFilter(JILicenseFilter.java:86) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.jaspersoft.jasperserver.war.util.SessionDecoratorFilter.doFilter(SessionDecoratorFilter.java:63) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.jaspersoft.jasperserver.war.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:67) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.jaspersoft.jasperserver.war.P3PFilter.doFilter(P3PFilter.java:43) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)

That makes no sense at all. Why on earth would you have such a version compatibility setting when it isn't appropriate to use it?

Studio has the ability to set the Jasper Reports library version in a server connection. In Studio 6.0.1, the server library options are 6.0.0, then 5.5.2. If that is truly important, then what happened to 5.6.1 as an option?

I'm using 5.6.1 and find the same. It actually repeats the header in many formats and is appropriate only with the PDF version, at least in my configuration. This has to be a bug - it sure isn't a feature. Who ever heard of a csv file with repeating headers? Jay

That is worth a try, thank you. I'm hopeful to find a setting in a config file. I'll post here when I choose a solution.

I'm sure you're right since I'm connecting from Canada and my system is set to UK English. This hasn't happened before and we just deployed a new production system. I had really wanted to avoid opening the reports up and changing that format in the many fields it appears. I know one fix is to remove the space between the ¤ symbol, but I want the space there and this is a better solution. Thank you for your suggestion, it's a good one. Still hoping for a server-side answer for the moment. Jay

Have a strange issue where the currency symbol displays properly ($) when logged in direct to JRS, but when running same report embedded in our application, I get a 'British pound' sign. Running a scheduled report also produces the desired $ sign. The format (¤ #,##0) in the report does have a space, but that has not been a problem since I set the locale as en_US. Jaspersoft Pro 5.6.1 on CentOS embedded in iFrame with SSO. How can it vary between the embedded view vs. non-embedded view? tia, Jay

We have multitenancy with SSO enabled to embed into another application. A handful of our staff use direct login to JRS to support clients, but have only ever been able to make it work by making them root level users. Efforts to make org-specific users fail - you can't login to JRS. Have checked the user by using the Login as User button in user area and it works fine. The org is not one of the external clients, it is a special private organization. Would love to try this workaround, except for this problem with org-users.

We keep getting the exact same error working with the Domain Designer. Currently fighting it when trying to edit properties of sets in the Display tab. Jaspersoft-Pro 5.6 AWS AMI version