How to switch off authentication in JasperIntel?

We don't want to use the JasperIntel UI (in general) as report scheduling etc will be performed via a WebService. But we do want users to be able to retrieve their reports without having to authenticate to the JasperIntel application as they will already have autheticated to another application.

Our plan is to generate a token for each report and use that token to create a path within the repository (or hopefully filesystem) at which the report results will be stored.

Is there some way I can switch off authentication requirements for "/fileview/*" Requests but not for anything else?


William
william_ferguson_au's picture
Joined: Jul 25 2006 - 9:14am
Last seen: 15 years 10 months ago

15 Answers:

All security configuration is in /WEB-INF/applicationContext-security.xml.

See the filterInvocationInterceptor bean definition in that configuration file and the line:

/fileview/**=ROLE_USER

Make that

/fileview/**=ROLE_ANONYMOUS,ROLE_USER

and move it higher in the list.



Sherman
JasperSoft
swood's picture
9632
Joined: Jun 21 2006 - 12:48pm
Last seen: 9 years 7 months ago
Thanks Sherman, that work nicely.

But I don't understand why you also suggested moving it higher in the list of URIs. It isn't maked by anything above it so it shouldn't matter right?

In any case, it worked fine by just adding in the ROLE_ANONYMOUS entry.

To keep the names of the generated results human comprehensible and to provide the token level security I mentioned above, we will be creating a new folder in the repository for each ReportJob based on the token. Each such folder would then contain one generated report output for each time that schedueld ReportJob is executed.

Are you aware of any limitations we might encounter by having so many folders created within the Repository?

William
william_ferguson_au's picture
Joined: Jul 25 2006 - 9:14am
Last seen: 15 years 10 months ago

Hi,

I am working on the similar requirement. I checked '/WEB-INF/applicationContext-security.xml', but i didnt find '/fileview/**=ROLE_USER' in that file. However i found '/fileview/**=ROLE_USER,ROLE_ADMINISTRATOR'. I am using JasperServer 3.0.
 

Could you please help me in doing this customization?

Thanks

Kiran

kadimulam's picture
163
Joined: Feb 5 2009 - 6:30am
Last seen: 13 years 3 months ago

I can't remember why I suggested moving it higher in the list. It will have worked fine just changing it.

 

We are seeing some issues related to performance with large numbers of resources in the repository. Our checking of permissions on resources and folders is not as efficient as it could be. This will slow down screens that show resources or folders from across the repository, like view reports or analysis views, or folders that have large numbers of resources in them (over 100 say). We are working to improve this in the next release. The release candidate is out in a week or so, but we are still working on the performance in this area.

 

Sherman

Jaspersoft

swood's picture
9632
Joined: Jun 21 2006 - 12:48pm
Last seen: 9 years 7 months ago

Just add ROLE_ANONYMOUS to the fileview entry.

 

Sherman

Jaspersoft

swood's picture
9632
Joined: Jun 21 2006 - 12:48pm
Last seen: 9 years 7 months ago


Post Edited by theodan at 05/31/2009 23:19
theodan's picture
78
Joined: May 29 2009 - 12:34pm
Last seen: 13 years 7 hours ago

We want to allow anonymous access to reports online. Which property should we change to ROLE_ANONYMOUS?

I've changed flow.html, fileview, and jrpxml but get the message below. (It does not take me to the login page as before)

Error Message:  Access denied: You do not have permission to take the requested action.

gshukert's picture
Joined: Mar 17 2010 - 2:45pm
Last seen: 12 years 2 months ago

gshukert
Wrote:

We want to allow anonymous access to reports online. Which property should we change to ROLE_ANONYMOUS?

I've changed flow.html, fileview, and jrpxml but get the message below. (It does not take me to the login page as before)

Error Message:  Access denied: You do not have permission to take the requested action.

I'm not sure what exactly you changed (what's that jrpxml?), but you'll need to also add viewReportFlow=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS to the list of flow permissions configured in the flowVoter bean.  And then make sure that ROLE_ANONYMOUS has read permissions to all resources used by the reports (data suorces, images, etc).

Regards,

Lucian

lucianc's picture
37504
Joined: Jul 17 2006 - 1:10am
Last seen: 12 hours 44 min ago

I'm also trying to switch off authentication, in Jasper 3.7.0 CE. I want to provide single sign on through an Apache proxy, so when the request reaches the jasperserver, I want it to act as if a ROLE_USER is logged in.

When I make the changes to applicationContext-security.xml suggested in this thread or related threads, I get this error:

2010-06-17 12:24:19,556 ERROR SearchAction,http-8080-Processor25:270 - SEARCH_ERROR: Can't load search result.
java.lang.ClassCastException: java.lang.String
    at com.jaspersoft.jasperserver.search.filter.FolderFilter.hasRole(FolderFilter.java:101)
    at com.jaspersoft.jasperserver.search.filter.FolderFilter.addRoleAccessUrlsRestrictions(FolderFilter.java:81)
    at com.jaspersoft.jasperserver.search.filter.FolderFilter.applyRestrictions(FolderFilter.java:75)
...

I made these changes:

1. gave access to ROLE_ANONYMOUS to the repository root.

2. modified the filterInvocationInterceptor bean to add ROLE_ANONYMOUS to URLs (I tried several combinations).

e.g. /flow.html=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS

3. modified the flowVoter bean to add ROLE_ANONYMOUS to the * row (I also tried adding to other rows)

e.g. *=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS

4. restarted jasperserver

I also tried editing the anonymousProcessingFilter but just got errors.

Does anyone know if the process is different in 3.7 from previous versions, and what the settings are?

Thank you,
Jason

jconkey's picture
-2
Joined: Jun 2 2010 - 10:26am
Last seen: 11 years 12 months ago

jconkey
Wrote:

When I make the changes to applicationContext-security.xml suggested in this thread or related threads, I get this error:

2010-06-17 12:24:19,556 ERROR SearchAction,http-8080-Processor25:270 - SEARCH_ERROR: Can't load search result.
java.lang.ClassCastException: java.lang.String
    at com.jaspersoft.jasperserver.search.filter.FolderFilter.hasRole(FolderFilter.java:101)

Indeed, anonymousProcessingFilter is not compatible with some JasperServer screens.  That's because several places in the code assume that the current authenticated principal is a user object (com.jaspersoft.jasperserver.api.metadata.user.domain.impl.client.MetadataUserDetails), and anonymousProcessingFilter sets a String as auth principal.

The only solution is to extend the anonymous filter so that it uses a user object as principal.

Regards,

Lucian

lucianc's picture
37504
Joined: Jul 17 2006 - 1:10am
Last seen: 12 hours 44 min ago

 Hi, 

I'm also trying to remove authentication from my JasperServer.

I've edited the file:

C:\\Program Files\\jasperserver-pro-3.7\\apache-tomcat\\webapps\\jasperserver-pro\\WEB-INF\\applicationContext-security.xml

added the ROLE_ANONYMOUS to all URLs and restarted the server.

 

when i entered all kind of urls, all of them redirected me the login page...

 

 

any ideas??

Thanks

Roey

roeycohen's picture
Joined: Jul 28 2010 - 1:10am
Last seen: 11 years 10 months ago


Post Edited by roeycohen at 07/28/2010 08:58
roeycohen's picture
Joined: Jul 28 2010 - 1:10am
Last seen: 11 years 10 months ago

lucianc
Wrote:

jconkey
Wrote:

...

The only solution is to extend the anonymous filter so that it uses a user object as principal.

Regards,

Lucian

 

 

how do i extended the anonymous filter?

roeycohen's picture
Joined: Jul 28 2010 - 1:10am
Last seen: 11 years 10 months ago

Okay.  I know we had this working under 3.5. but I recently upgraded to JS 3.7 CE (and my working version of 3.5 is formated ;).

I have tried all the solutions presented in this posting, (and still have the flowVoter bean change to add ROLE_ANONYMOUS  and /fileview/**=ROLE_ANONYMOUS,ROLE_USER setting) but none of these worked.

But then after gonig back almost 20 pages in forum post's I came across this obscure thread.

http://jasperforge.org/plugins/espforum/view.php?group_id=112&forumid=102&topicid=71124

And then after I made the change mentioned (adding the line in bold):

Change the entry in applicationContext-evetns-lgging.xml Exactly what sherman told me to.

<bean id="accessContext"
          class="com.jaspersoft.jasperserver.api.logging.access.context.impl.AccessContextImpl">
        <property name="clientClassFactory" ref="mappingResourceFactory"/>
        <property name="loggingContextProvider" ref="${bean.loggingContextProvider}"/>
        <property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
    </bean>

Then a restart of the services and bingo!.  anonymous access started working again.

Hope this helps some one. or more than one.

lasinir's picture
16
Joined: Aug 23 2009 - 5:51pm
Last seen: 12 years 9 months ago
Thanks, this last point really helped.

--Uzi
usmansaleem's picture
Joined: Aug 9 2010 - 11:19am
Last seen: 11 years 9 months ago
Feedback