Domain using security file using tenantId

[patrick.dewitt]

Hi Guys,

I am using Jasperserver 5.5 on AWS with the multi-tenant option. I created 2 organizations, one data source, one domain with a security file. Through the security file I would like to filter the data for each organization. I have created the file and uploaded it on the domain tab.

When uploading and submitting the file gets checked. So far no problem. When I try to build a Ad Hoc View on top of the Domain I still see all data instead of the data from the organization I am logged in. As the superuser I enabled the debugging mode of several options and I found out that I am getting a null-response from the principal expression.

As I searched on the internet and the documentation I found two ways, which still didn't do the job, although I think both ways should work.

Option A.

     <principalExpression>authentication.principal.tenantId != null</principalExpression>
            <filterExpression>sender_cd in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>

Option B.

     <principalExpression>authentication.getPrincipal().tenantId != null</principalExpression>

            <filterExpression>sender_cd in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>

 

The thing is that the principal expression gets the null-response. That is what the log file showed me. 

So can there be anything else I could do to make the security file work? Please let me know. I am open to any suggestion.

Thanks,

Patrick

 

[patrick.dewitt]

For the ones who are interested I have found the solution myself. As usual it was simple but hard to find out. Put the tags of the principalExpression and the expression itself on one line. Do the same for the filterExpression and the authorization on the domain goes well.

In the original security file I didn't do this. In my original post I did.

Example:

<securityDefinition itemGroupDefaultAccess="granted" xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0">
<resourceAccessGrants>
<resourceAccessGrantList id="orldev_bv_tab_orders_and_rates_List" label="ListLabel" resourceId="orldev_bv_tab_orders_and_rates">
<resourceAccessGrants>
<resourceAccessGrant id="orldev_bv_tab_orders_and_rates_row_access_grant_1">
<principalExpression>authentication.principal.tenantId != null</principalExpression>
<filterExpression>sender_cd in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>
</resourceAccessGrant>
</resourceAccessGrants>
</resourceAccessGrantList>
</resourceAccessGrants>
</securityDefinition>

Kind regards,
Patrick

[patrick.dewitt]

Hi,

 

The security file in the example was based on 1 table. I got challenged when I had to include another table and joined them together. The security file doesn't match the items in the domain anymore and the row security is gone.

 

When you go back to the domain designer and go to the tab display, you can see the name of the join. If you have selected both tables completely, you will not see the join. In that case just remove the table from the selected ones and jou will see the join on the left pain.

 

Standard, creating from scratch, the name will be "JoinTree_1" which is important for the security file. Below you will find the solution based on the previous security file.

 

<securityDefinition itemGroupDefaultAccess="granted" xmlns="http://www.jaspersoft.com/2007/SL/XMLSchema" version="1.0">

    <resourceAccessGrants>

        <resourceAccessGrantList id="JoinTree_List" label="JoinTree_ListLabel" resourceId="JoinTree_1">

            <resourceAccessGrants>

                <resourceAccessGrant id="bv_tab_orders_and_rates_row_access_grant_1">

                    <principalExpression>authentication.principal.tenantId != null</principalExpression>

                    <filterExpression>orldev_bv_tab_orders_and_rates.sender_cd in (groovy('authentication.principal.tenantId.toUpperCase()'))</filterExpression>

                </resourceAccessGrant>

            </resourceAccessGrants>

        </resourceAccessGrantList>

    </resourceAccessGrants>

</securityDefinition>

 

Kind regards,

Patrick