Jasper server Dashboard showing in different application

[palashkaralit]

Dear ALL,

Currently i am trying to integrate Jasper dashboard to my portal application.How can i integrate the dashboard whih i have created in jasper server portal.

I did it using iframe from a jsp and called the dashboard using url and passing the authentication. 

It is resolving the issue but its not secure.

URL: http://localhost:8080/jasperserver-pro/flow.html?_flowId=dashboardRuntimeFlow&dashboardResource=%2Forganizations%2Forganization_1%2Fsupermart%2FSupermartDashboard30&viewAsDashboardFrame=true&j_username=superuser&j_password=superuser

How i need to do this without passing the authentication details through url.

Please help me.

Thanks in advance.

 

[mikewoinoski]

 I think the only secure solution is to configure your server for SSL/TLS and use https instead of http. You can get the credentials out of the URL by using Http Basic Authentication instead of the request parameters. That way a browser won't display the credentials in the address bar. But with Basic Auth, the Authorization header that holds the credentials is still passed as clear text. So if you use Basic Auth, you must still use SSL.

 

[sprilukin]

Other suggestion is to add permission for anonymous user to run this dashboard - in this case you do not need to put credentials in url or headers.

More details about how to setup such access you can read here

[mrcaffeine]

Another option would be to add a single sign on solution where either an external token server such as CAS is used. The External Authentication Cookbook and the Ultimate Guide provide further details. Also, in the wiki you find some more specific examples such as using JBoss SSO etc (see here for full list).

You could also consider to implement a custom SSO solution where you pass all relevant user information with each request to JasperReports Server. JasperReports Server translates it into a user object (that knows about roles, permission and tenant information) and allows you to utilize all security features  JasperReports Server provides.

[fran.serrano]

You can also use the password direclty on the iFrame URL, but first encrypting it.

You can enable having an encryption key available on the server, so that you can retrieve it every time you need to authenticate. With this encryption key encrypt the password and it should secure enough to use it on the url.

For getting the password encrypted using this encryption key you can also use the available java rest library to communicate with the jasper server:

https://github.com/Jaspersoft/jrs-rest-java-client/

Hope it helps.

Fran