You can also use the password direclty on the iFrame URL, but first encrypting it. You can enable having an encryption key available on the server, so that you can retrieve it every time you need to authenticate. With this encryption key encrypt the password and it should secure enough to use it on the url. For getting the password encrypted using this encryption key you can also use the available java rest library to communicate with the jasper server: https://github.com/Jaspersoft/jrs-rest-java-client/ Hope it helps. Fran