Use case
Customer embedded TIBCO JasperReports® Server into a custom application via HTTP API passing username and passsword in URL like
In order to encrypt password passed in the URL, they enabled static key encryption and encrypt the password as described in
TIBCO JasperReports® Server Security Guide.
To ensure more security, customer would like to encrypt username, passed in the URL, as well.
Resolution
In order to encrypt username in the URL, a parameter
encryption.param.uname=j_username
should be added to WEB-INF/classes/esapi/securtiy-config.properties configuration file.
Then, restart the server, login into JasperReports® Server and open URL
http://localhost:8080/jasperserver-pro/encrypt.html
Encrypt username in the same way it is done for password.
Please note if there is more than 1 organization created in the server, login should be specified like
joeuser|organization_1
and this entire string should be encrypted.
Solution tested with JasperReports Server v.7.1.0
Ref. Case 01642953
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now