iReport row level security

0

Re: row level security in iReport

I have seen an example of how to take the email address of the logged in user as a hidden parameter and pass it to the query, to achieve row level security on the report.

However, what if we have another parameter to the report, e.g. a drop down list of items, which is also to be filtered by the logged in user? Please can someone give me an example of how to achieve this, or let me know if it is possible?

Thanks,

Rich

rjback's picture
12
Joined: Jan 12 2010 - 7:56am
Last seen: 11 years 3 months ago

4 Answers:

0

Hi Rich!

Normally, only the LoggedInUsername parameter is available when using Single Select or Multi-Select Query input controls.  However, you can add additional parameters by writing a class that implements the com.jaspersoft.jasperserver.api.engine.common.service.IQueryManipulator interface.  Let's suppose you have a user with a sales_region profile attribute and your report has a state_province parameter and you only want to display states or provinces within that user's region in the input control.  You can use the following class:

import java.util.Map;
import org.acegisecurity.context.SecurityContextHolder;
import com.jaspersoft.jasperserver.api.engine.common.service.IQueryManipulator;
import com.jaspersoft.jasperserver.api.metadata.user.domain.ProfileAttribute;
import com.jaspersoft.jasperserver.api.metadata.user.domain.impl.client.MetadataUserDetails;

public class SimpleQueryManipulator implements IQueryManipulator {

    public final static String REGION = "$P{sales_region}";

    public String updateQuery(String query, Map parameters) {
        MetadataUserDetails mud = (MetadataUserDetails) SecurityContextHolder
                .getContext().getAuthentication().getPrincipal();
        ProfileAttribute regionAttr = (ProfileAttribute) mud.getAttributes().get(0);   // this assumes only one profile attribute set
        String region = regionAttr.getAttrValue();
        query = query.replace(REGION, region);
        return query;
    }
}

You would need to add this class to your classpath and add a spring bean definition for it in the WEB-INF/applictionContext.xml file.  You would need to inject this bean into the queryManipulator property of the engineService bean.  Then in the SIngle Select Query input control for the parameter, you could use the following query:

select state_province from states where region = $P{sales_region}

I hope that helps.

 

Steve Park's picture
4602
Joined: Dec 5 2012 - 8:39am
Last seen: 1 year 8 months ago
0

Thanks- that is very useful. Not sure we'd go down that path though. I think we'd probably make the users log in with their email address, to make it readily available.

A supplementary question then- we will be using a mix of iReports and Domain reporting. We'd like to make the domain reporting use the same security model as the iReports. With iReports, we'd use the logged in user name/email address as a hidden parameter to control the rows that came back.

Would this be possible in the row-level security model of Domains? I have seen how to do row level security in domains based on the user's role or a profile property.

For example, if the user's address is joe.bloggs, I want my filter to join through a couple of tables to find out what objects the user is allowed to see, and make sure the filter only brings back those.

rjback's picture
12
Joined: Jan 12 2010 - 7:56am
Last seen: 11 years 3 months ago
0

The user's email address is on the User object that is available for domain security, so you can filter on that.

 

You can create domain based reports in the version of iReport that comes with JasperServer Professional/Enterprise. You can't run them in iReport, though - you have to deploy these domain based JRXMLs to the server.

 

Sherman

Jaspersoft

swood's picture
2610
Joined: Jun 21 2006 - 12:48pm
Last seen: 8 years 6 months ago
0

In case anyone else comes across this, the answers on this thread are out of date.  We added new LoggedInUser parameters.  They are documented in section 4.4.2 of the Admin Guide, but I'll include them here as well.  NOTE: you will need to create the desired parameters in the JRXML template, but once the report is deployed to JasperReports Server, the parameter will be automatically populated with the logged in user information when the report is executed.

Parameter Name Type Notes
LoggedInUser User The user that is currently logged in. This parameter isn’t available in query input controls, but is used as a parameter to the report.
LoggedInUsername String The user name of the current user.
LoggedInUserFullName String The full name of the current user.
LoggedInUserEmail
Address
String The email address of the current user.
LoggedInUserEnabled Boolean Indicates whether the current user is enabled.
LoggedInUserExternally
Defined
Boolean Indicates whether the current user is authenticated externally.
LoggedInUserTenantId String In the commercial editions, the name of the organization of the current user.
LoggedInUserRoles Collection The roles assigned to the current user. This is helpful for parameters that use $X.
LoggedInUserAttributes Map,> The profile attributes of the logged-in user. This parameter isn’t usable in query input control, but it is used as parameter to the report. If the user has no attributes, the parameter is an empty map.
LoggedInUserAttribute
Names
Collection The names of the profile attributes of the logged-in user.  This is helpful for parameters that use $X. If the user has no attributes, the parameter is an empty map.
LoggedInUserAttribute
Values
Collection The values of the profile attributes of the logged-in user.  This is helpful for parameters that use $X. If the user has no attributes, the parameter is an empty map.
LoggedInUserAttribute_
String For the logged-in user, the value of the attribute matching the name passed as (like att1). If there is no match, the parameter is empty.  This parameter is only available if it is defined in a query or as a report parameter.

 

Steve Park's picture
4602
Joined: Dec 5 2012 - 8:39am
Last seen: 1 year 8 months ago
Feedback
randomness