I want to enable Single Sign On for JasperServer. I want to make sure this is not to be confused with the role_anonymous logon.
All of my users have windows XP PC, and they are logon on to the LDAP and active directory. Basically, I want they to browse to the Jasperserver without ever login in the Jasperserver's login.html page. I want to know if this is doable? What are the estimated time to implement it with one incident technical support call?
Thanks in advance
9 Answers:
Hi, I do not want to confuse LDAP with Single Sign On.
I already got LDAP authentication working. Single Sign On is a different beast as far as I know. I want to bypass the Jasper login screen totally once users are already login to the windows XP PC. Is this doable?
For JasperServer, the functionality would be handled by Acegi (Spring Security). Have a look at the Spring Security forums for help with this. Here is a post I think would be relevant to you forum.springframework.org/showthread.php
Sherman
Jaspersoft
We are trying to implement single sign on configuration using siteminder. But we are being directed to login.html every time.
please help, i have added applicationSecurity.xml for reference.
the log that is show is as below
13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:45,759 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:46,226 WARN JILicenseFilter,http-8080-Processor25:104 - License OK. JasperAnalysis Professional Commercial license with no expiration date.
13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:46,455 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:46,564 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,008 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,015 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,092 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,189 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,255 DEBUG AnonymousProcessingFilter,http-8080-Processor24:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,303 DEBUG AnonymousProcessingFilter,http-8080-Processor25:113 - Populated SecurityContextHolder with anonymous token: 'org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken@6fabe8e0: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffe9938: RemoteIpAddress: 192.168.237.37; SessionId: 93039DE120358C39DC847DDC21B52226; Granted Authorities: ROLE_ANONYMOUS'
13:49:47,392 WARN UserAuthorityServiceImpl,http-8080-Processor24:618 - Added following external roles to: anonymousUser
ROLE_ANONYMOUS
13:49:47,403 WARN UserAuthorityServiceImpl,http-8080-Processor24:654 - Updated user: anonymousUser. Roles are now:
ROLE_ANONYMOUS
ROLE_USER
13:49:47,417 WARN UserAuthorityServiceImpl,http-8080-Processor24:660 - Updated user: anonymousUser. Roles are now:
ROLE_ANONYMOUS
ROLE_USER
| Code: |
--
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans <a href="http://www.springframework.org/schema/beans/spring-beans-2.0.xsd" target="_blank">http://www.springframework.org/schema/beans/spring-beans-2.0.xsd</a>
<a href="http://www.springframework.org/schema/util" target="_blank">http://www.springframework.org/schema/util</a> <a href="http://www.springframework.org/schema/util/spring-util-2.0.xsd">" target="_blank">http://www.springframework.org/schema/util/spring-util-2.0.xsd"></a>
<!-- ======================== FILTER CHAIN =======================
ACLs later: requestMethodsFilter
Not in 1.0-RC1: exceptionTranslationFilter,
Later: ,rememberMeProcessingFilter
Web services currently can't use the filter chain because Axis instantiates
the web service handler classes, not Spring. However, we can do the context integration
filter, which associates a security context with the http session, and call
into the Acegi beans from the service handler
-->
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/xmla=httpSessionContextIntegrationFilter,basicProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor
/services/**=httpSessionContextIntegrationFilter,portletAuthenticationProcessingFilter,basicProcessingFilter,passwordExpirationProcessingFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor
/**=httpSessionContextIntegrationFilter,userPreferencesFilter,authenticationProcessingFilter,userPreferencesFilter,basicProcessingFilter,requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter
</value>
</property>
</bean>
<!-- updater bean to insert a filter -->
<bean id="insertFilter" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition">
<property name="order" value="10"/>
<property name="beanName" value="filterChainProxy"/>
<property name="propertyName" value="filterInvocationDefinitionSource"/>
<property name="operation" value="insert"/>
</bean>
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.SiteminderAuthenticationProcessingFilter">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/login.html?error=1</value></property>
<property name="defaultTargetUrl"><value>/loginsuccess.html</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
<property name="siteminderUsernameHeaderKey"><value>sm_user</value></property>
<property name="siteminderPasswordHeaderKey"><value>sm_user</value></property>
<property name="formUsernameParameterKey"><value>j_username</value></property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<!-- not on by default <ref local="ldapAuthenticationProvider"/> -->
<ref local="siteminderAuthenticationProvider"/>
<ref local="daoAuthenticationProvider"/>
<!--<ref local="anonymousAuthenticationProvider"/>-->
<!--ref local="jaasAuthenticationProvider"/-->
</list>
</property>
</bean>
<bean id="siteminderAuthenticationProvider" class="org.acegisecurity.providers.siteminder.SiteminderAuthenticationProvider">
<property name="userDetailsService"><ref bean="userAuthorityService"/></property>
</bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<!-- jdbcDaoImpl -->
<!-- <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property> -->
<property name="userDetailsService"><ref bean="userAuthorityService"/></property>
<!-- <property name="passwordEncoder"><ref local="passwordEncoder"/></property> -->
</bean>
<bean id="passwordEncoder" class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.PasswordCipherer">
<property name="allowEncoding"><value>false</value></property>
<property name="keyInPlainText"><value>false</value></property>
<property name="secretKey"><value>0xC8 0x43 0x29 0x49 0xAE 0x25 0x2F 0xA1 0xC1 0xF2 0xC8 0xD9 0x31 0x01 0x2C 0x52 0x54 0x0B 0x5E 0xEA 0x9E 0x37 0xA8 0x61</value></property>
<property name="secretKeyAlgorithm"><value>DESede</value></property>
<property name="cipherTransformation"><value>DESede/CBC/PKCS5Padding</value></property>
</bean>
<!--
<bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
<property name="loginConfig">
<value>/WEB-INF/login.conf</value>
</property>
<property name="loginContextName">
<value>FileLogin</value>
</property>
<property name="callbackHandlers">
<list>
<bean class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
<bean class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean class="org.appfuse.web.JaasAuthorityGranter"/>
</list>
</property>
</bean>
-->
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property>
</bean>
<bean id="anonymousAuthenticationProvider" class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>
<!--
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
tomcat=536c0b339345616c1b33caf454454d8b8a190d6c,ROLE_USER
springlive=2a9152cff1d25b5bbaa3e5fbc7acdc6905c9f251,ROLE_USER
</value>
</property>
</bean>
-->
<!--
For LDAP authentication
<bean id="initialDirContextFactory" class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
<constructor-arg value="ldap://scopeserv1:389/dc=panscopic,dc=com"/>
-->
<!--
You may not need the next properties
<property name="managerDn"><value>cn=manager,dc=acegisecurity,dc=org</value></property>
<property name="managerPassword"><value>acegisecurity</value></property>
-->
<!--
</bean>
-->
<!--
For LDAP authentication
This bean is not used by default
<bean id="userSearch"
class="org.acegisecurity.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0">
<value></value>
</constructor-arg>
<constructor-arg index="1">
<value>(uid={0})</value>
</constructor-arg>
<constructor-arg index="2">
<ref local="initialDirContextFactory" />
</constructor-arg>
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
-->
<!--
For LDAP authentication
<bean id="ldapAuthenticationProvider" class="org.acegisecurity.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.acegisecurity.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
<property name="userDnPatterns"><list><value>uid={0}</value></list></property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.acegisecurity.providers.ldap.populator.DefaultLdapAuthoritiesPopulator">
<constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg>
<constructor-arg index="1"><value></value></constructor-arg>
<property name="groupRoleAttribute"><value>cn</value></property>
<property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property>
</bean>
</constructor-arg>
</bean>
-->
<bean id="JIAuthenticationSynchronizer" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter">
<property name="externalUserService"><ref bean="userAuthorityService"/></property>
</bean>
<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>
<bean id="userLocalesList" class="com.jaspersoft.jasperserver.war.common.LocalesListImpl">
<property name="locales">
<list>
<value type="java.util.Locale">en</value>
<value type="java.util.Locale">fr</value>
<value type="java.util.Locale">it</value>
<value type="java.util.Locale">es</value>
<value type="java.util.Locale">de</value>
<value type="java.util.Locale">ro</value>
<value type="java.util.Locale">ja</value>
<value type="java.util.Locale">zh_TW</value>
</list>
</property>
</bean>
<bean id="userPreferencesFilter" class="com.jaspersoft.jasperserver.war.UserPreferencesFilter">
<property name="cookieAge">
<value type="int">86400</value>
</property>
<property name="userService">
<ref bean="userAuthorityService"/>
</property>
</bean>
<!--
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="rememberMeServices"><ref local="rememberMeServices"/></property>
</bean>
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService"><ref local="inMemoryDaoImpl"/></property>
<property name="key"><value>springRocks</value></property>
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key"><value>springRocks</value></property>
</bean>
-->
<!-- Basic Authentication -->
<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationEntryPoint"><ref local="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="portletAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.JIPortletAuthenticationProcessingFilter">
<property name="trustedIpAddress">
<list>
<!-- uncomment this if both portal server and web server are running on the same machine -->
<!-- <value>127.0.0.1</value> -->
</list>
</property>
<property name="userService">
<ref bean="userAuthorityService"/>
</property>
</bean>
<bean id="passwordExpirationProcessingFilter" class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter">
<property name="userService">
<ref bean="userAuthorityService"/>
</property>
<property name="passwordExpirationInDays" value="0" />
</bean>
<!-- if there is no BASIC auth header, this filter will display a 401 error thanks to the entry point -->
<bean id="basicAuthExceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"><ref bean="basicProcessingFilterEntryPoint"/></property>
</bean>
<bean id="basicProcessingFilterEntryPoint" class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName"><value>Protected Area</value></property>
</bean>
<!-- Form-based Authentication
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
</bean>
-->
<!-- CWS
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/login.html?error=1</value></property>
<property name="defaultTargetUrl"><value>/loginsuccess.html</value></property>
<property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
</bean>
-->
<bean id="requestParameterAuthenticationFilter" class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="authenticationFailureUrl"><value>/loginerror.html</value></property>
<property name="excludeUrls">
<list>
<value>/j_acegi_switch_user</value>
</list>
</property>
</bean>
<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl"><value>/login.html</value></property>
<property name="forceHttps"><value>false</value></property>
</bean>
<!-- ===================== HTTP REQUEST SECURITY ====================
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
<property name="context"><value>org.acegisecurity.context.security.SecureContextImpl</value></property>
</bean>
-->
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
<property name="accessDeniedHandler">
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/WEB-INF/jsp/AccessDeniedPage.jsp"/>
</bean>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>false</value></property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter"/>
<bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
<!--
<bean id="runAsManager" class="org.acegisecurity.runas.RunAsImplAuthenticationProvider">
<property name="key"><value>my_run_as_password</value></property>
</bean>
-->
<bean id="requestMethodsFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>
<!-- Optionally, you can specify a "rolePrefix" property to change
(or remove) the ROLE_ prefix for role names. -->
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"/>
<!--
Note the order that entries are placed against the objectDefinitionSource is critical.
The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last
========= JasperServer Note ==============
There are currently three roles:
ROLE_ANONYMOUS (i.e. not logged in)
ROLE_USER
ROLE_ADMINISTRATOR
Any page accessible by a non-admin user (or by someone not logged in)
must be added explicitly. Any other pages are assumed to require the admin role
-->
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<!-- <property name="runAsManager"><ref bean="runAsManager"/></property> -->
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
/logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
/loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
/exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
/home.html=ROLE_USER,ROLE_ADMINISTRATOR
/flow.html=ROLE_USER,ROLE_ADMINISTRATOR
/loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR
/listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR
/fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR
/j_acegi_switch_user*=ROLE_ADMINISTRATOR
/fileview/**=ROLE_USER,ROLE_ADMINISTRATOR
/olap/**=ROLE_USER,ROLE_ADMINISTRATOR
/xmla=ROLE_USER,ROLE_ADMINISTRATOR
/services/**=ROLE_USER,ROLE_ADMINISTRATOR
/reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR
/jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR
</value>
</property>
</bean>
<!-- updater bean to set the roles allowed to get to a URL -->
<bean id="setRolesForURL" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition">
<property name="order" value="10"/>
<property name="beanName" value="filterInvocationInterceptor"/>
<property name="propertyName" value="objectDefinitionSource"/>
<property name="operation" value="append"/>
</bean>
<!-- get these done last -->
<bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater">
<property name="definition" ref="setRolesForURL"/>
<property name="order" value="1000000000"/>
<property name="value">
<value>
/*.html=ROLE_ADMINISTRATOR
/*.jsp=ROLE_ADMINISTRATOR
</value>
</property>
</bean>
<!-- switchUserProcessingFilter for "login-as" feature -->
<bean id="switchUserProcessingFilter"
class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter">
<property name="userDetailsService"><ref bean="userAuthorityService"/></property>
<property name="switchUserUrl"><value>/j_acegi_switch_user</value></property>
<property name="exitUserUrl"><value>/j_acegi_exit_user</value></property>
<property name="targetUrl"><value>/home.html</value></property>
</bean>
<!-- ===================== ACL-BASED SECURITY ==================== -->
<!-- ACL permission masks used by this application -->
<bean id="SimpleAclEntry.ADMINISTRATION" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField">
<value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value>
</property>
</bean>
<bean id="SimpleAclEntry.READ_WRITE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField">
<value>org.acegisecurity.acl.basic.SimpleAclEntry.READ_WRITE</value>
</property>
</bean>
<bean id="SimpleAclEntry.READ" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField">
<value>org.acegisecurity.acl.basic.SimpleAclEntry.READ</value>
</property>
</bean>
<bean id="SimpleAclEntry.DELETE" class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
<property name="staticField">
<value>org.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value>
</property>
</bean>
<!-- An access decision voter that reads ACL_USER_ADMIN settings -->
<bean id="aclUserAdminVoter" class="org.acegisecurity.vote.BasicAclEntryVoter">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="processConfigAttribute">
<value>ACL_USER_ADMIN</value>
</property>
<property name="processDomainObjectClass">
<value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value>
</property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
</list>
</property>
</bean>
<!-- An access decision voter that reads ACL_USER_READ settings -->
<bean id="aclUserReadVoter" class="org.acegisecurity.vote.BasicAclEntryVoter">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="processConfigAttribute">
<value>ACL_USER_READ</value>
</property>
<property name="processDomainObjectClass">
<value>java.lang.String</value>
</property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ"/>
</list>
</property>
</bean>
<!-- An access decision voter that reads ACL_USER_UPDATE settings -->
<bean id="aclUserUpdateVoter" class="org.acegisecurity.vote.BasicAclEntryVoter">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="processConfigAttribute">
<value>ACL_USER_UPDATE</value>
</property>
<property name="processDomainObjectClass">
<value>com.jaspersoft.jasperserver.api.metadata.common.domain.Resource</value>
</property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ_WRITE"/>
</list>
</property>
</bean>
<!-- An access decision voter that reads ACL_USER_READ settings -->
<bean id="aclUserDeleteVoter" class="org.acegisecurity.vote.BasicAclEntryVoter">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="processConfigAttribute">
<value>ACL_USER_DELETE</value>
</property>
<property name="processDomainObjectClass">
<value>java.lang.String</value>
</property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.DELETE"/>
</list>
</property>
</bean>
<!-- An access decision manager used by the business objects -->
<bean id="aclAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>true</value></property>
<property name="decisionVoters">
<list>
<ref local="roleVoter"/>
<ref local="aclUserAdminVoter"/>
<ref local="aclUserUpdateVoter"/>
<!-- <ref local="aclUserCreateVoter"/> -->
<ref local="aclUserDeleteVoter"/>
<ref local="aclUserReadVoter"/>
<ref local="aclUserMoveVoter"/>
<ref local="aclUserCopyVoter"/>
</list>
</property>
</bean>
<!-- ========= ACCESS CONTROL LIST MANAGER DEFINITIONS ========= -->
<bean id="aclManager" class="org.acegisecurity.acl.AclProviderManager">
<property name="providers">
<list>
<ref bean="objectPermissionService"/>
</list>
</property>
</bean>
<!-- ===================== METHOD-LEVEL SECURITY ====================
Read methods:
getResource
getResourceData - Does not return a resource
getContentResourceData - Does not return a resource
getFolder
getAllFolders
getSubFolders
findResource
loadResourcesList*
loadClientResources*
getChildrenFolderName - Does not return a resource
Write methods:
saveFolder - Problems handling not existent objects...
saveResource - Problems handling not existent objects...
newResource - Not useful....
Delete methods:
deleteResource
deleteFolder
delete - Not useful....
-->
<bean id="hibernateRepoServiceSecurity"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property>
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property>
</bean>
<bean id="repositoryServiceMethodSecurity" class="com.jaspersoft.jasperserver.api.common.util.spring.SimplePropertyFactoryBean">
<property name="objectType" value="org.acegisecurity.intercept.method.MethodDefinitionSource"/>
<property name="value">
<value>
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_READ
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_ADMIN,ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_ADMIN,ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveFolder=ACL_USER_MOVE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.moveResource=ACL_USER_MOVE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyResource=ACL_USER_COPY
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.copyFolder=ACL_USER_COPY
</value>
</property>
</bean>
<!--
Not used
<bean id="hibernateRepoServiceSecurity"
class="org.acegisecurity.intercept.method.aspectj.AspectJSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="aclAccessDecisionManager"/></property>
<property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
<property name="objectDefinitionSource">
<value>
com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.getRepoResource=ROLE_PermissionTestRoleAgain,AFTER_ACL_READ
com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService.loadResourcesList=ROLE_PermissionTestRole,ROLE_PermissionTestRoleAgain,AFTER_ACL_COLLECTION_READ
</value>
</property>
</bean>
<bean id="domainObjectInstanceSecurityAspect"
class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.ObjectSecurityAspect"
factory-method="aspectOf">
<property name="securityInterceptor"><ref local="hibernateRepoServiceSecurity"/></property>
</bean>
-->
<!-- ============== "AFTER INTERCEPTION" AUTHORIZATION =========== -->
<bean id="afterInvocationManager" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
<property name="providers">
<list>
<ref local="afterAclRead"/>
<ref local="afterAclCollectionRead"/>
</list>
</property>
</bean>
<bean id="afterInvocationManagerForUpdate" class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
<property name="providers">
<list>
<ref local="afterAclRead"/>
<ref local="afterAclCollectionRead"/>
<ref local="afterAclCollectionUpdate"/>
</list>
</property>
</bean>
<!-- Processes AFTER_ACL_COLLECTION_READ configuration settings -->
<bean id="afterAclCollectionRead"
class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ"/>
</list>
</property>
</bean>
<!-- Processes AFTER_ACL_READ configuration settings -->
<bean id="afterAclRead" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider">
<property name="aclManager"><ref local="aclManager"/></property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ"/>
</list>
</property>
</bean>
<!--Processes AFTER_ACL_COLLECTION_UPDATE configuration settings-->
<bean id="afterAclCollectionUpdate" class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
<property name="aclManager">
<ref local="aclManager"/>
</property>
<property name="processConfigAttribute">
<value>AFTER_ACL_COLLECTION_UPDATE</value>
</property>
<property name="requirePermission">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ_WRITE"/>
</list>
</property>
</bean>
<bean id="customEditorConfigurer" class="org.springframework.beans.factory.config.CustomEditorConfigurer">
<property name="customEditors">
<map>
<entry key="com.jaspersoft.jasperserver.war.security.FlowDefinitionSource">
<bean class="com.jaspersoft.jasperserver.war.security.FlowDefinitionSourceEditor"/>
</entry>
<entry key="org.acegisecurity.ConfigAttribute">
<bean class="com.jaspersoft.jasperserver.api.metadata.security.ConfigAttributeEditor"/>
</entry>
</map>
</property>
</bean>
<bean id="flowAclManager" class="org.acegisecurity.acl.AclProviderManager">
<property name="providers">
<list>
<ref bean="objectPermissionService"/>
</list>
</property>
</bean>
<bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter">
<property name="flowAccessAttribute" value="FLOW_ACCESS"/>
<property name="flowDefinitionSource">
<value>
repoAdminFlow=ROLE_ADMINISTRATOR
userListFlow=ROLE_ADMINISTRATOR
roleListFlow=ROLE_ADMINISTRATOR
reportUnitFlow=ROLE_ADMINISTRATOR
olapUnitFlow=ROLE_ADMINISTRATOR
olapClientConnectionFlow=ROLE_ADMINISTRATOR
mondrianXmlaSourceFlow=ROLE_ADMINISTRATOR
editFolderFlow=ROLE_ADMINISTRATOR
fileResourceFlow=ROLE_ADMINISTRATOR
dataTypeFlow=ROLE_ADMINISTRATOR
listOfValuesFlow=ROLE_ADMINISTRATOR
queryFlow=ROLE_ADMINISTRATOR
reportDataSourceFlow=ROLE_ADMINISTRATOR
inputControlsFlow=ROLE_ADMINISTRATOR
objectPermissionToRoleFlow=ROLE_ADMINISTRATOR
userEditFlow=ROLE_ADMINISTRATOR
roleEditFlow=ROLE_ADMINISTRATOR
queryReferenceFlow=ROLE_ADMINISTRATOR
objectPermissionToUserFlow=ROLE_ADMINISTRATOR
repositoryExplorerFlow=ROLE_USER,ROLE_ADMINISTRATOR
*=ROLE_USER,ROLE_ADMINISTRATOR
</value>
</property>
</bean>
<bean id="flowAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"><value>true</value></property>
<property name="decisionVoters">
<list>
<ref local="flowVoter"/>
</list>
</property>
</bean>
<bean id="flowExecuterSecurity" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="flowAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
org.springframework.webflow.executor.FlowExecutor.launch=FLOW_ACCESS
</value>
</property>
</bean>
<bean id="checkAclUpdateInterceptor"
class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.CheckMethodSecurityInterceptor">
<property name="authenticationManager">
<ref local="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref local="aclAccessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref local="afterInvocationManagerForUpdate"/>
</property>
<property name="objectDefinitionSource"><ref local="repositoryServiceMethodSecurity"/></property>
</bean>
<!-- Use for saveResource -->
<bean id="securityCheckerForAclUpdate"
class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>
com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService
</value>
</property>
<property name="interceptorNames">
<list>
<idref bean="checkAclUpdateInterceptor"/>
</list>
</property>
</bean>
<!-- Utility class using securityCheckerForAclUpdate -->
<bean id="repositoryServiceSecurityChecker"
class="com.jaspersoft.jasperserver.api.metadata.common.service.impl.RepositoryServiceSecurityChecker">
<property name="securityChecker">
<ref local="securityCheckerForAclUpdate"/>
</property>
</bean>
<!-- run other interceptors if the user has update access. -->
<bean id="aclUpdateMethodSecurityInterceptor"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref local="authenticationManager"/>
</property>
<property name="accessDecisionManager">
<ref local="aclAccessDecisionManager"/>
</property>
<property name="afterInvocationManager">
<ref local="afterInvocationManagerForUpdate"/>
</property>
<property name="objectDefinitionSource">
<value>
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getResource=ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getFolder=ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadResourcesList=AFTER_ACL_COLLECTION_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.loadClientResources=AFTER_ACL_COLLECTION_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getAllFolders=AFTER_ACL_COLLECTION_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.getSubFolders=AFTER_ACL_COLLECTION_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveFolder=ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.saveResource=ACL_USER_UPDATE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteResource=ACL_USER_DELETE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.deleteFolder=ACL_USER_DELETE
com.jaspersoft.jasperserver.api.metadata.common.service.RepositoryService.delete=ACL_USER_DELETE
</value>
</property>
</bean>
<!-- Use for getAllFolders: will run repositoryService methods if the user has update access. -->
<bean id="repositoryServiceForAclUpdate"
class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="proxyInterfaces">
<value>
com.jaspersoft.jasperserver.api.metadata.common.service.impl.hibernate.HibernateRepositoryService
</value>
</property>
<property name="interceptorNames">
<list>
<idref bean="hibernateRepoServiceTransactionInterceptor" />
<idref bean="aclUpdateMethodSecurityInterceptor"/>
<idref bean="hibernateRepositoryService"/>
</list>
</property>
</bean>
<bean id="aclUserMoveVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter">
<property name="configAttribute" value="ACL_USER_MOVE"/>
<property name="aclManager" ref="aclManager"/>
<property name="argumentVoters">
<list>
<bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter">
<property name="argumentType" value="java.lang.String"/>
<property name="argumentIndex" value="1"/>
<property name="accessPermissions">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.DELETE"/>
</list>
</property>
</bean>
<bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter">
<property name="argumentType" value="java.lang.String"/>
<property name="argumentIndex" value="2"/>
<property name="accessPermissions">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ_WRITE"/>
</list>
</property>
</bean>
</list>
</property>
</bean>
<bean id="aclUserCopyVoter" class="com.jaspersoft.jasperserver.api.metadata.security.MultiAclEntryVoter">
<property name="configAttribute" value="ACL_USER_COPY"/>
<property name="aclManager" ref="aclManager"/>
<property name="argumentVoters">
<list>
<bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter">
<property name="argumentType" value="java.lang.String"/>
<property name="argumentIndex" value="1"/>
<property name="accessPermissions">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ"/>
</list>
</property>
</bean>
<bean class="com.jaspersoft.jasperserver.api.metadata.security.BasicMethodArgumentVoter">
<property name="argumentType" value="java.lang.String"/>
<property name="argumentIndex" value="2"/>
<property name="accessPermissions">
<list>
<ref local="SimpleAclEntry.ADMINISTRATION"/>
<ref local="SimpleAclEntry.READ_WRITE"/>
</list>
</prope |
Jaspersoft does a lot of custom single sign on work. There are many vendors and custom solutions people have used over the years. As you said IWA has not been done yet.
Acegi Security (now Spring Security) gives JasperServer an authentication and authorization framework.
I responded to this post http://jasperforge.org/plugins/espforum/view.php?group_id=112&forumid=102&topicid=56429 about SS0. There is also a discussion here http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux
Sherman
Jaspersoft
