Security of scriptlets (disable download from jasper studio)

Hello everyone,

I have implemented a scriptlet which use the jasper REST_V2 API and the jasper credentials appear in clear text inside the java code :



I can restrict the permisisons on the report which use the scriptlet but despite low permissions, the user is able to download the scriptlet inside jaspersoft studio 

(right click on the scriptlet inside the report files + download to file) : 

Is it possible to disable the download of a file from jasper server based on permissions ?


Thanks for your attention.

Arnaud simon



arnaudsimon091's picture
Joined: Nov 26 2018 - 12:25pm
Last seen: 1 month 9 hours ago

1 Answer:

It would be better and more secure to configure the preauth sso for the product and use an encryption cipher class for it to accept encrypted tokens.  

You would then need to pass and encrypted token on the url in your scriptlet rather than the username and password in plain text.


rmeadows's picture
Joined: Feb 10 2016 - 8:00am
Last seen: 1 year 5 days ago