Report URL with Secured Parameter

[nithyanand11]

i have report url like below:

http://localhost:8090/jasperserver-pro/flow.html?_flowId=viewReportFlow

&standAlone=true&parentFolderUri=%2Freports%2FTest_Reports&reportUnit=%2Freports%2FTest_Reports%2FReport_V1

&j_username=jasperadmin&j_password=jasperadmin&userid=nithi

but the parameter userid  is used inside the report as a input control which is not visible..

we need the paramerter value nithi as secured one.. . where user cannot predict the userid.

the value of the parameter userid will be changed dynamically

Is there any encoding or encryting that jasper supports for url parameter or to handle encryted valued in ireport >

Please help.

 

 

[paris11]

Have you found a solution? I am facing to the same problem

 

regards

[ftama7]

You should make the application that embeds the report generate a temporary token in your database, and then pass it in the url. Afterwards, the report could check that the security token exists in your database. After some time or when the user session ends, the token would be deleted.

Another easier but less secure option would be having your application "encrypt" the parameter using some algorithm, and then have your reports decode those encrypted parameters. The issue with this is that the encrypted parameter would always be the same, which is another potential security risk if the users learn how to exploit it.