JasperReports Server Authentication with JBoss SSO

Configuring JasperReports Server Authentication with JBoss SSO

This page describes how to configure the J2eePreAuthenticationProvider that comes with Spring Security to allow JasperReports Server to use tokens generated by the JBoss SSO cluster.

These instructions are for versions of JasperReports Server 5.0 and earlier. They will not work for 5.1 and higher.

These instructions are for JBoss 5.1.0 GA, the latest supported version of JBoss for JasperReports Server.  For brevity, we assume you've already installed and configured JBoss SSO.  We also assume that the JasperReports Server WAR file has been deployed to the JBoss default configuration (<jboss-home>/server/default/deploy/jasperserver-pro.war/).

If you're using a different configuration, please adjust the paths below accordingly.  Once JBoss SSO has been configured, the next steps to configure JasperReports Server are:

  1. Create a Tomcat Valve to enable SSO:

    <jboss-home>/server/default/deploy/jbossweb.sar/server.xml

    <valve className="org.apache.catalina.authenticator.SingleSignOn" />

  2. Override the default security domain by adding the following code after the <context-root> tag:

    <jboss-home>/server/default/deploy/jasperserver-pro.war/WEB-INF/jboss-web.xml

    <security-domain>java:jaas/portal</security-domain>

  3. Add a security role to the end of the JasperReports Server web.xml file right before the closing <web-app> tag:

    <jboss-home>/server/default/deploy/jasperserver-pro.war/WEB-INF/web.xml

    <security-role>
    <role-name>User</role-name>
</security-role>
<security-role>
    <role-name>Admin</role-name>
</security-role>
<security-role>
    <role-name>Authenticated</role-name>
</security-role>

  4. Add the J2EE preauthentication filter beans:

    <jboss-home>/server/default/deploy/jasperserver-pro.war/WEB-INF/applicationContext-security.xml

    <bean id="j2eePreAuthFilter" 
      class="org.springframework.security.ui.preauth.j2ee.J2eePreAuthenticatedProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="authenticationDetailsSource" ref="authenticationDetailsSource" />
</bean>
 
<bean id="preAuthenticatedAuthenticationProvider" 
      class="org.springframework.security.providers.preauth.PreAuthenticatedAuthenticationProvider">
    <property name="preAuthenticatedUserDetailsService" ref="preAuthenticatedUserDetailsService" />
</bean>
 
<bean id="preAuthenticatedUserDetailsService"
      class="org.springframework.security.providers.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService" />
 
<bean id="authenticationDetailsSource"
      class="org.springframework.security.ui.preauth.j2ee.J2eeBasedPreAuthenticatedWebAuthenticationDetailsSource">
    <property name="mappableRolesRetriever" ref="j2eeMappableRolesRetriever" />
    <property name="userRoles2GrantedAuthoritiesMapper" ref="j2eeUserRoles2GrantedAuthoritiesMapper" />
</bean>
 
<bean id="j2eeUserRoles2GrantedAuthoritiesMapper"
      class="org.springframework.security.authoritymapping.SimpleAttributes2GrantedAuthoritiesMapper">
    <property name="convertAttributeToUpperCase" value="false" />
    <property name="attributePrefix" value="" />
</bean>
 
<bean id="j2eeMappableRolesRetriever"
      class="org.springframework.security.ui.preauth.j2ee.WebXmlMappableAttributesRetriever">
    <property name="webXmlInputStream">
        <bean factory-bean="webXmlResource" factory-method="getInputStream" />
    </property>
</bean>
 
<bean id="webXmlResource"
      class="org.springframework.web.context.support.ServletContextResource">
    <constructor-arg ref="servletContext" />
    <constructor-arg value="/WEB-INF/web.xml" />
</bean>
 
<bean id="servletContext"
      class="org.springframework.web.context.support.ServletContextFactoryBean" />

  5. Add the preAuthenticatedAuthenticationProvider bean to the authenticationManager bean (starts at line 11):

    <jboss-home>/server/default/deploy/jasperserver-pro.war/WEB-INF/applicationContext-security.xml

    <bean id="authenticationManager"
      class="org.springframework.security.providers.ProviderManager">
    <property name="providers">
        <list>
            <ref local="preAuthenticatedAuthenticationProvider"/>
            <!-- not on by default <ref local="ldapAuthenticationProvider"/>  -->
            <ref bean="${bean.daoAuthenticationProvider}"/>
            <ref bean="anonymousAuthenticationProvider"/>
            <!--ref local="jaasAuthenticationProvider"/-->
        </list>
    </property>
</bean>

  6. Add the following security constraint:

    <jboss-home>/server/default/deploy/jasperserver-pro.war/WEB-INF/web.xml

    <security-constraint>
    <web-resource-collection>
        <web-resource-name>Authenticated</web-resource-name>
        <description></description>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>Authenticated</role-name>
    </auth-constraint>
</security-constraint>
  7. Restart JBoss
Feedback
randomness