Report URL with Secured Parameter

0

i have report url like below:

http://localhost:8090/jasperserver-pro/flow.html?_flowId=viewReportFlow

&standAlone=true&parentFolderUri=%2Freports%2FTest_Reports&reportUnit=%2Freports%2FTest_Reports%2FReport_V1

&j_username=jasperadmin&j_password=jasperadmin&userid=nithi

but the parameter userid  is used inside the report as a input control which is not visible..

we need the paramerter value nithi as secured one.. . where user cannot predict the userid.

the value of the parameter userid will be changed dynamically

Is there any encoding or encryting that jasper supports for url parameter or to handle encryted valued in ireport >

Please help.

 

 

nithyanand11's picture
Joined: Jul 19 2010 - 12:11am
Last seen: 5 years 8 months ago

2 Answers:

0

Have you found a solution? I am facing to the same problem

 

regards

paris11's picture
29
Joined: Oct 1 2008 - 8:09am
Last seen: 4 years 4 months ago
0

You should make the application that embeds the report generate a temporary token in your database, and then pass it in the url. Afterwards, the report could check that the security token exists in your database. After some time or when the user session ends, the token would be deleted.

Another easier but less secure option would be having your application "encrypt" the parameter using some algorithm, and then have your reports decode those encrypted parameters. The issue with this is that the encrypted parameter would always be the same, which is another potential security risk if the users learn how to exploit it.

ftama7's picture
15
Joined: Jun 26 2013 - 8:28am
Last seen: 4 years 5 months ago
Feedback
randomness