Configuring Oauth 2.0 for TIBCO JasperReports® Server v6.1

Code and Implementations

Oauth 2.0 implementations using apache oltu are available at the following github:

https://github.com/kmeadows1980/jasperserver

The current implementation uses the Authorization Grant Code Flow.

Oauth 2.0 Primer

A primer on the Oauth 2.0 specificiation and Authorization Grant Code Flow is recommended. 

Please see the following links for more information:

https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

http://tutorials.jenkov.com/oauth2/index.html

https://en.wikipedia.org/wiki/OAuth#OAuth_2.0


Oauth External Authentication Setup

  1. Download the pre-compiled binaries located here

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/binaries

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/binaries/apacheoltu

  2. Copy them to webapps/jasperserver-pro/WEB-INF/lib

  3. Download the applicationContext file for the SSO setup at the following location:

    https://github.com/kmeadows1980/jasperserver/tree/master/6.0/oauth/WEB-INF

  4. Copy the applicationContext file to webapps/jasperserver-pro/WEB-INF

  5. Configure the applicationContext file as follows:

    Once you have an Oauth 2.0 authorization server setup you will register Jasperserver as a client and have the following information:

    • authorization location   (ex:  http://myoauthserver:8080/oauth2/authorize)
    • client_id (name with which you register jasperserver as a client    ex: jasperserver61)
    • client_secret (secret you specify or that gets generated when your register jasperserver as a client with your authorization server)
    • token location (endpoint exposed by authorization server for exchanging grant codes for access or refresh tokens  ex:  http://myoauthserver:8080/oauth2/token)
    • redirect url (location that authorization server will redirect back to with a grant code and this will be your jasperserver url plus /oauth on the end  ex:  http://localhost:8080/jasperserver-pro/oauth)
    • scope (optional scope if you defined a scope for client access)

    You will need to take these values and configure the following bean in the applicationContext file with them:

     <bean id="proxyPreAuthenticatedProcessingFilter" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthPreAuthenticationFilter">
    <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
      <property name="authenticationManager" ref="oAuthAuthenticationManager"/>
     
      <property name="authenticationFailureUrl">
                <value>/oauth</value>
            </property>
            <property name="defaultTargetUrl">
                <value>/loginsuccess.html</value>
            </property>
            <property name="filterProcessesUrl">
                <value>/oauth</value>
            </property>
     
            <property name="authorization_location" >
                <value>http://localhost:8080/oauth2/authorize</value>
            </property>
            <property name="client_id" >
                <value>js61</value>
            </property>
            <property name="redirecturl" >
                <value>http://localhost:8061/jasperserver-pro/oauth</value>
            </property>
            <property name="token_location" >
                <value>http://localhost:8080/oauth2/token</value>
            </property>
            <property name="clientsecret" >
                <value>9700fc55-85fc-4682-807d-a881054fa665</value>
            </property>
      <property name="scopes">
       <value>uri:JaspersoftReportingServer</value>
       </property>
          </bean>
     

Once you have setup a Resource server that returns user detail information (see section below on response type for this endpoint) and registering it with the authorization server you will have the following:

  • user detail location (url to your resource server endpoint for user detail information ex: http://myresourceserver:8080/v1/tokeninfo)
  • user detail key (entered or generated when registering the user detail service as a resource server with the authorization server)
  • user detail secret (entered or generated when registering the user detail service as a resource server with the authorization server)

You will need to take these values and configure the following bean in the applicationContext file with them:

<bean id="OAuthAccessTokenValidator" class="com.jaspersoft.jasperserver.ps.OAuth.OAuthAccessTokenValidator">
       <property name="userdetails_location">
    <value>http://localhost:8080/v1/tokeninfo</value>
    </property>
    <property name="userdetails_key">
    <value>27c88aca-11dc-4022-9753-53f96a1fefc6</value>
    </property>
    <property name="userdetails_secret">
    <value>0ebdb578-d571-43f0-91f7-ce0e656a35f0</value>
    </property>
    </bean>


User Detail Resource Server Service

The current and compiled code expects a JSON response from your user detail information service endpoint on your Resource Server with the following fields:

Mandatory:

  • name (username)

Optional:

  • organization (id and name of the user's organization--if not present defaults to jasperserver default organization)
  • roles (comma separated string of role names)

Possible Customization

If you require a different response type or user detail information parsing from your user detail information service you will need to potentially modify/customize the following classes:

You will then need to add your compiled libraries to WEB-INF/lib and inject your new classes into the bean definitions in the applicationContext file.

Comments

Hi there,

this code available at the github repo is for version 5.6 and 6.0. Is the 6.0 code compatible with latest versions of Jaspersoft?

Best regards

Johannes

Can you help me on keycloak intigration with jasper. i am able to secure the jasper with keycloak but not able to go beyond that point

Hi Shreekrishna, this webinar could help with some ideas, have you reviewed it? https://www.youtube.com/watch?v=qb_2_iiwhmw&list=PL5NudtWaQ9l4hfowZRgxQt...

Were you able to crack it ? Can I know the steps for the same.

Can you please share the steps you followed till now.

Kaushik

Hi Johannes, the code will definitely need to be updated to work with 7.x and 8.x. Best

Feedback