Configuring Oauth 2.0 for TIBCO JasperReports® Server v6.1

Code and Implementations

Oauth 2.0 implementations using apache oltu are available at the following github:

https://github.com/kmeadows1980/jasperserver

The current implementation uses the Authorization Grant Code Flow.

Oauth 2.0 Primer

A primer on the Oauth 2.0 specificiation and Authorization Grant Code Flow is recommended. 

Please see the following links for more information:

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

http://tutorials.jenkov.com/oauth2/index.html

https://en.wikipedia.org/wiki/OAuth#OAuth_2.0


Oauth External Authentication Setup

  1. Download the pre-compiled binaries located here

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/binaries

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/binaries/apacheoltu

  2. Copy them to webapps/jasperserver-pro/WEB-INF/lib

  3. Download the applicationContext file for the SSO setup at the following location:

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/WEB-INF

  4. Copy the applicationContext file to webapps/jasperserver-pro/WEB-INF

  5. Configure the applicationContext file as follows:

    Once you have an Oauth 2.0 authorization server setup you will register Jasperserver as a client and have the following information:

    • authorization location   (ex:  http://myoauthserver:8080/oauth2/authorize)
    • client_id (name with which you register jasperserver as a client    ex: jasperserver61)
    • client_secret (secret you specify or that gets generated when your register jasperserver as a client with your authorization server)
    • token location (endpoint exposed by authorization server for exchanging grant codes for access or refresh tokens  ex:  http://myoauthserver:8080/oauth2/token)
    • redirect url (location that authorization server will redirect back to with a grant code and this will be your jasperserver url plus /oauth on the end  ex:  http://localhost:8080/jasperserver-pro/oauth)
    • scope (optional scope if you defined a scope for client access)

    You will need to take these values and configure the following bean in the applicationContext file with them:

     <bean id="proxyPreAuthenticatedProcessingFilter" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthPreAuthenticationFilter">
    <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
      <property name="authenticationManager" ref="oAuthAuthenticationManager"/>
     
      <property name="authenticationFailureUrl">
                <value>/oauth</value>
            </property>
            <property name="defaultTargetUrl">
                <value>/loginsuccess.html</value>
            </property>
            <property name="filterProcessesUrl">
                <value>/oauth</value>
            </property>
     
            <property name="authorization_location" >
                <value>http://localhost:8080/oauth2/authorize</value>
            </property>
            <property name="client_id" >
                <value>js61</value>
            </property>
            <property name="redirecturl" >
                <value>http://localhost:8061/jasperserver-pro/oauth</value>
            </property>
            <property name="token_location" >
                <value>http://localhost:8080/oauth2/token</value>
            </property>
            <property name="clientsecret" >
                <value>9700fc55-85fc-4682-807d-a881054fa665</value>
            </property>
      <property name="scopes">
       <value>uri:JaspersoftReportingServer</value>
       </property>
          </bean>
     

Once you have setup a Resource server that returns user detail information (see section below on response type for this endpoint) and registering it with the authorization server you will have the following:

  • user detail location (url to your resource server endpoint for user detail information ex: http://myresourceserver:8080/v1/tokeninfo)
  • user detail key (entered or generated when registering the user detail service as a resource server with the authorization server)
  • user detail secret (entered or generated when registering the user detail service as a resource server with the authorization server)

You will need to take these values and configure the following bean in the applicationContext file with them:

<bean id="OAuthAccessTokenValidator" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthAccessTokenValidator">
       <property name="userdetails_location">
    <value>http://localhost:8080/v1/tokeninfo</value>
    </property>
    <property name="userdetails_key">
    <value>27c88aca-11dc-4022-9753-53f96a1fefc6</value>
    </property>
    <property name="userdetails_secret">
    <value>0ebdb578-d571-43f0-91f7-ce0e656a35f0</value>
    </property>
    </bean>


User Detail Resource Server Service

The current and compiled code expects a JSON response from your user detail information service endpoint on your Resource Server with the following fields:

Mandatory:

  • name (username)

Optional:

  • organization (id and name of the user's organization--if not present defaults to jasperserver default organization)
  • roles (comma separated string of role names)

Possible Customization

If you require a different response type or user detail information parsing from your user detail information service you will need to potentially modify/customize the following classes:

You will then need to add your compiled libraries to WEB-INF/lib and inject your new classes into the bean definitions in the applicationContext file.

Feedback