Direct url access to reports with no auth.

0

Hello,

I have searched the forum on help for the above problem and despite coming across many posts with different suggestions, I still cannot by-pass the authentication so seeking help.

I am using jasperserver 3.0.0 with the ireport plugin v 3.0.0.

 

We have reports that generate pdf's and stored in a repository called:  ContentFiles

The url to access an example report is:

http://myserver:8080/jasperserver/fileview/fileview/ContentFiles/pdf/uk4...

 

I wish to bypass the login authentication for viewing reports and have made the following changes with no sucess:

 

1. Assigned ROLE_ANONYMOUS read permissions in the folder ContentFiles and pdf from the gui

2. Edited applicationContent-security.xml as follows:

 

   edit 1:

     <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
                      .......

                      .......
                /flow.html=ROLE_USER,ROLE_ANONYMOUS
                /viewreport.html=ROLE_USER,ROLE_ANONYMOUS
                /fillparams.html=ROLE_USER,ROLE_ANONYMOUS
                /fileview/**=ROLE_USER,ROLE_ANONYMOUS
                /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR

 

  edit 2:

 

   <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key"><value>foobar</value></property>
          <!--  <property name="userAttribute"><value>anonymousUser,ROLE_ANONYMOUS</value></property> -->
        <property name="userAttribute"><value>anonymousUser,ROLE_USER</value></property>
    </bean>
 

edit 3:

 

<bean id="flowVoter" class="com.jaspersoft.jasperserver.war.security.FlowRoleAccessVoter">
        <property name="flowAccessAttribute" value="FLOW_ACCESS"/>
        <property name="flowDefinitionSource">
                <value>
                       
                      
                        *=ROLE_USER,ROLE_ADMINISTRATOR,ROLE_ANONYMOUS
                </value>

 

 

Is there anything that I am missing?

Can anyone offer any suggestions?

Thanks.

Tam
 

 

 

 

tammclaughlin's picture
Joined: May 21 2007 - 5:03pm
Last seen: 12 years 6 months ago

6 Answers:

0

I have not used the internals of JasperServer in this way, so can't offer direct advice on that. But I've used the SOAP API a fair bit and it works very well indeed. If you get stuck on this question, you could always implement an interface in a web language of your choice, which will of course generate your reports with as much or as little authentication as you want.

halfer's picture
54
Joined: Apr 25 2008 - 12:51am
Last seen: 11 years 7 months ago
0

Hopefully this will work for you. All I did was:

 

(1) Login as admin. Assign "read only" privileges to ROLE_ANONYMOUS to the appropriate files/folders.

 

(2) Edit applicationContent-security.xml:

Add following line to <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> section:

/fileview/personalfolders/demo/**=ROLE_ANONYMOUS

 

(3) Restart JasperServer.

 

(4) Try the url. In my case, it was: http://localhost:8080/jasperserver-pro/fileview/fileview/PersonalFolders....

 

Good luck!

Mary

mmflynn's picture
1766
Joined: Sep 19 2006 - 5:43am
Last seen: 6 years 4 months ago
0

mmflynn
Wrote:

(1) Login as admin. Assign "read only" privileges to ROLE_ANONYMOUS to the appropriate files/folders.

(2) Edit applicationContent-security.xml:

Add following line to <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> section:

/fileview/personalfolders/demo/**=ROLE_ANONYMOUS

(4) Try the url. In my case, it was: http://localhost:8080/jasperserver-pro/fileview/fileview/PersonalFolders....

 

Thanks for your reply.

However, this did not work and jasper filed to start.

(1) I can see from the admin view that I have the following folders:  root -> content files -> pdf.

      I am not sure if content files existed by default or created by the admin user

(2) You have PersonalFolders in your URL but personalfolders in your xml file.

      Is this just a typo?  I am sure I tried it with both anyway.

(3) I have the read only permissions on the folder.

(4) I tried editing the xml file above with keeping   /fileview/**=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR

        and adding /fileview/ContentFiles/pdf/**=ROLE_ANONYMOUS   and just the /fileview/ContentFiles/pdf/**=ROLE_ANONYMOUS line on it's own, both with no sucess. Jasper does not start for some reason and the logs do not seem to give much away.

 

 

tammclaughlin's picture
Joined: May 21 2007 - 5:03pm
Last seen: 12 years 6 months ago
0
Ok, just checked all the logs and I can see an error relating to converting to lower case. This now makes sense so I may be onto the problem!
tammclaughlin's picture
Joined: May 21 2007 - 5:03pm
Last seen: 12 years 6 months ago
0

Thanks!  This helped a lot. 

I was trying to get direct anonymous access to a Dashboard web page (scheduled refreshing 15 minutes).

I am using JasperServer Communtity Edition version 3.5.0 (with 3.5.3 jasperreports.jar).

lasinir's picture
Joined: Aug 23 2009 - 5:51pm
Last seen: 10 years 3 months ago
0

No longer valid for latest jasper report..

This one works though : https://community.jaspersoft.com/wiki/allow-anonymous-access-reports

 

tamtomo_2's picture
Joined: Jan 1 2019 - 8:29pm
Last seen: 4 days 9 hours ago
Feedback
randomness