Jump to content
We've recently updated our Privacy Statement, available here ×

  • JasperReports Server Configuration File - ApplicationContext-security-web.xml

    djohnson53

    By djohnson53

      • Features: JasperReports Server Version: v5, v5.6, v5.6.2, v5.6.1, v5.6.0, v5.5, v5.5.2, v5.5.1, v5.5.0, v5.4, v5.4.1, v5.3, v5.3.0, v5.2, v5.2.0, v5.1, v5.1.2, v5.1.0, v5.0, v5.0.4, v5.0.3, v5.0.2, v5.0.1, v5.0.0 Product: JasperReports® Server
     Share

    These samples are no longer applicable to our latest version. Please review the links here and here (mostly chapters 2, 3 and 5) for versions 7.x and 8.x with the newer Spring Security library and the new samples for custom authentication including the new token-based authentication for embedding use cases.

    Warning

    These configuration files are essential to JasperReports Server's functioning.  Be very careful when editing them, remembering to have a backup in case you make a mistake.

    This particular file is from JasperReports Server, v5.1. Other versions may differ.

    		[toc on_off::hide=0 box::collapsed=1]
    <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

    Filter Chain

        <!-- ======================== FILTER CHAIN =======================
    ACLs later: requestMethodsFilter
    Not in 1.0-RC1: exceptionTranslationFilter,
    Later: ,rememberMeProcessingFilter

    Web services currently can't use the filter chain because Axis instantiates
    the web service handler classes, not Spring. However, we can do the context integration
    filter, which associates a security context with the http session, and call
    into the Acegi beans from the service handler
    -->
    <bean id="filterChainProxy"
          class="org.springframework.security.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /xmla=httpSessionContextIntegrationFilter,${bean.loggingFilter},${bean.basicProcessingFilter},JIAuthenticationSynchronizer,anonymousProcessingFilter,basicAuthExceptionTranslationFilter,filterInvocationInterceptor
                /services/**=httpSessionContextIntegrationFilter,${bean.loggingFilter},${bean.portletAuthenticationProcessingFilter}, delegatingBasicProcessingFilter,${bean.passwordExpirationProcessingFilter},anonymousProcessingFilter,wsBasicAuthExceptionTranslationFilter,filterInvocationInterceptor
                /rest/login=httpSessionContextIntegrationFilter,${bean.loggingFilter},delegatingAuthenticationRestProcessingFilter,anonymousProcessingFilter,filterInvocationInterceptor
                /rest/**=httpSessionContextIntegrationFilter,${bean.loggingFilter},${bean.portletAuthenticationProcessingFilter},delegatingBasicProcessingFilter,${bean.passwordExpirationProcessingFilter},anonymousProcessingFilter,wsBasicAuthExceptionTranslationFilter,filterInvocationInterceptor
                /rest_v2/**=httpSessionContextIntegrationFilter,encryptionFilter,textOnlyResponseWebAppSecurityFilter,jsCsrfGuardFilter,${bean.loggingFilter},${bean.userPreferencesFilter},${bean.authenticationProcessingFilter},${bean.userPreferencesFilter},${bean.basicProcessingFilter},requestParameterAuthenticationFilter,JIAuthenticationSynchronizer,anonymousProcessingFilter,restExceptionTranslationFilter,filterInvocationInterceptor
                /**=httpSessionContextIntegrationFilter,encryptionFilter,multipartRequestWrapperFilter,webAppSecurityFilter,jsCsrfGuardFilter,${bean.loggingFilter},${bean.userPreferencesFilter},delegatingAuthenticationProcessingFilter,${bean.userPreferencesFilter},${bean.basicProcessingFilter},requestParameterAuthenticationFilter,anonymousProcessingFilter,delegatingExceptionTranslationFilter,filterInvocationInterceptor,switchUserProcessingFilter,iPadSupportFilter
            </value>
        </property>
    </bean>

     

        <!-- updater bean to insert a filter -->
    <bean id="insertFilter"
          class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition">
        <property name="order" value="10"/>
        <property name="beanName" value="filterChainProxy"/>
        <property name="propertyName" value="filterInvocationDefinitionSource"/>
        <property name="operation" value="insert"/>
    </bean>

     

        <bean id="anonymousProcessingFilter"
          class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
        <property name="key">
            <value>foobar</value>
        </property>
        <property name="userAttribute">
            <value>anonymousUser,ROLE_ANONYMOUS</value>
        </property>
    </bean>

     

        <bean id="JIAuthenticationSynchronizer"
          class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.MetadataAuthenticationProcessingFilter">
        <property name="externalUserService">
            <ref bean="${bean.internalUserAuthorityService}"/>
        </property>
    </bean>

     

        <bean id="userPreferencesFilter"
          class="com.jaspersoft.jasperserver.war.UserPreferencesFilter">
        <property name="cookieAge">
            <value type="int">86400</value>
        </property>
        <property name="userService">
            <ref bean="${bean.internalUserAuthorityService}"/>
        </property>
    </bean>

    Basic Authentication

        <!-- Basic Authentication -->
    <bean id="basicProcessingFilter"
          class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="authenticationEntryPoint">
            <ref local="basicProcessingFilterEntryPoint"/>
        </property>
    </bean>

    <bean id="portletAuthenticationProcessingFilter"
          class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.JIPortletAuthenticationProcessingFilter">
        <property name="trustedIpAddress">
            <list>
                <!-- uncomment this if both portal server and web server are running on the same machine -->
                <!--       <value>127.0.0.1</value>   -->
            </list>
        </property>
        <property name="userService">
            <ref bean="${bean.internalUserAuthorityService}"/>
        </property>
    </bean>

    <bean id="passwordExpirationProcessingFilter"
          class="com.jaspersoft.jasperserver.api.metadata.user.service.impl.PasswordExpirationProcessingFilter">
        <property name="userService">
            <ref bean="${bean.internalUserAuthorityService}"/>
        </property>
        <property name="passwordExpirationInDays" value="0"/>
    </bean>


    <!-- if there is no BASIC auth header, this filter will display a 401 error thanks to the entry point -->
    <bean id="basicAuthExceptionTranslationFilter"
          class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <ref bean="basicProcessingFilterEntryPoint"/>
        </property>
    </bean>

    <bean id="basicProcessingFilterEntryPoint"
          class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
        <property name="realmName">
            <value>Protected Area</value>
        </property>
    </bean>

    <bean id="wsBasicAuthExceptionTranslationFilter"
          class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <ref bean="basicProcessingFilterEntryPoint"/>
        </property>
    </bean>

    <bean id="restExceptionTranslationFilter"
          class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean class="com.jaspersoft.jasperserver.war.ForbiddenEntryPoint"/>
        </property>
    </bean>

     

        <!-- Form-based Authentication

   <bean id="exceptionTranslationFilter"
         class="org.springframework.security.ui.ExceptionTranslationFilter">
      <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
   </bean>

    -->
    <bean id="delegatingAuthenticationProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JSDelegatingFilterProxy">
        <property name="targetBeanName" value="proxyAuthenticationProcessingFilter"/>
        <property name="defaultFilter" ref="${bean.authenticationProcessingFilter}"/>
    </bean>

    <bean id="delegatingBasicProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JSDelegatingFilterProxy">
        <property name="targetBeanName" value="proxyBasicProcessingFilter"/>
        <property name="defaultFilter" ref="${bean.basicProcessingFilter}"/>
    </bean>

    <bean id="delegatingAuthenticationSoapProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JSDelegatingFilterProxy">
        <property name="targetBeanName" value="proxyAuthenticationSoapProcessingFilter"/>
        <property name="defaultFilter" ref="${bean.basicProcessingFilter}"/>
    </bean>

    <bean id="delegatingAuthenticationRestProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JSDelegatingFilterProxy">
        <property name="targetBeanName" value="proxyAuthenticationRestProcessingFilter"/>
        <property name="defaultFilter" ref="restLoginAuthenticationFilter"/>
    </bean>


    <bean id="authenticationProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.EncryptionAuthenticationProcessingFilter">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="sessionRegistry">
            <ref bean="sessionRegistry"/>
        </property>
        <property name="authenticationFailureUrl">
            <value>/login.html?error=1</value>
        </property>
        <property name="defaultTargetUrl">
            <value>/loginsuccess.html</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/j_spring_security_check</value>
        </property>
        <property name="invalidateSessionOnSuccessfulAuthentication">
            <value>true</value>
        </property>
        <property name="migrateInvalidatedSessionAttributes">
            <value>true</value>
        </property>
    </bean>

    <bean id="restLoginAuthenticationFilter"
          class="com.jaspersoft.jasperserver.rest.RESTLoginAuthenticationFilter">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
    </bean>

    <bean id="requestParameterAuthenticationFilter"
          class="com.jaspersoft.jasperserver.war.util.RequestParameterAuthenticationFilter">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="authenticationFailureUrl">
            <value>/login.html?error=1</value>
        </property>
        <property name="excludeUrls">
            <list>
                <value>/j_spring_switch_user</value>
            </list>
        </property>
    </bean>

    <bean id="authenticationProcessingFilterEntryPoint"
          class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl">
            <value>/login.html</value>
        </property>
        <property name="forceHttps">
            <value>false</value>
        </property>
    </bean>

     

        <!-- ===================== HTTP REQUEST SECURITY ====================
    <bean id="httpSessionContextIntegrationFilter"
          class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
        <property name="context"><value>org.springframework.security.context.security.SecureContextImpl</value></property>
    </bean>
     -->
    <bean id="httpSessionContextIntegrationFilter"
          class="org.springframework.security.context.HttpSessionContextIntegrationFilter"/>

    <bean id="multipartRequestWrapperFilter"
          class="com.jaspersoft.jasperserver.war.MultipartRequestWrapperFilter"/>

    <bean id="filterLocaleResolver"
          class="com.jaspersoft.jasperserver.war.JSSessionLocaleResolver"/>

    <bean id="webAppSecurityFilter"
          class="com.jaspersoft.jasperserver.api.security.WebAppSecurityFilter">
        <property name="messages" ref="messageSource"/>
        <property name="redirectUrl" value="/error.html"/>
        <property name="localeResolver" ref="filterLocaleResolver"/>
    </bean>

    <bean id="textOnlyResponseWebAppSecurityFilter"
          class="com.jaspersoft.jasperserver.api.security.TextOnlyResponseWebAppSecurityFilter" parent="webAppSecurityFilter"/>

    <bean id="jsCsrfGuardFilter"
          class="com.jaspersoft.jasperserver.api.security.JSCsrfGuardFilter"/>

    <bean id="encryptionFilter"
          class="com.jaspersoft.jasperserver.api.security.encryption.EncryptionFilter">
        <property name="messages" ref="messageSource"/>
    </bean>

    <bean id="validator"
          class="com.jaspersoft.jasperserver.api.security.validators.Validator">
        <property name="messages" ref="messageSource"/>
    </bean>

    <bean id="delegatingExceptionTranslationFilter"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.JSDelegatingFilterProxy">
        <property name="targetBeanName" value="proxyExceptionTranslationFilter"/>
        <property name="defaultFilter" ref="exceptionTranslationFilter"/>
    </bean>

    <bean id="exceptionTranslationFilter"
          class="org.springframework.security.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <ref local="authenticationProcessingFilterEntryPoint"/>

        </property>
        <property name="accessDeniedHandler">
            <bean class="com.jaspersoft.jasperserver.war.themes.ThemeAwareAccessDeniedHandlerImpl">
                <property name="errorPage" value="/WEB-INF/jsp/modules/system/AccessDeniedPage.jsp"/>
                <property name="themeResolver" ref="themeResolver"/>
                <property name="themeSource" ref="themeSource"/>
            </bean>
        </property>
    </bean>

    <bean id="httpRequestAccessDecisionManager"
          class="org.springframework.security.vote.AffirmativeBased">
        <property name="allowIfAllAbstainDecisions">
            <value>false</value>
        </property>
        <property name="decisionVoters">
            <list>
                <ref bean="roleVoter"/>
                <bean class="org.springframework.security.vote.AuthenticatedVoter"/>
            </list>
        </property>
    </bean>

     

        <!--
        Note the order that entries are placed against the objectDefinitionSource is critical.
        The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL.
        Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last

        =========  JasperServer Note ==============
        There are currently three roles:
            ROLE_ANONYMOUS (i.e. not logged in)
            ROLE_USER
            ROLE_ADMINISTRATOR
        Any page accessible by a non-admin user (or by someone not logged in)
        must be added explicitly. Any other pages are assumed to require the admin role

        Note: alwaysReauthenticate=true does not work when external authentication is on.  External authentication has its own
        authenticationManager with its own authenticationProvider's: JRS authenticationManager won't work.
     -->
    <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="accessDecisionManager">
            <ref bean="httpRequestAccessDecisionManager"/>
        </property>
        <!-- <property name="runAsManager"><ref bean="runAsManager"/></property>  -->
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /login.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /externallogin.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /logout.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
                /loginerror.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /error.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /exituser.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR,IS_AUTHENTICATED_FULLY
                /home.html=ROLE_USER,ROLE_ADMINISTRATOR
                /flow.html=ROLE_USER,ROLE_ADMINISTRATOR
                /loginsuccess.html=ROLE_USER,ROLE_ADMINISTRATOR
                /listolapviews.html=ROLE_USER,ROLE_ADMINISTRATOR
                /fillparams.html=ROLE_USER,ROLE_ADMINISTRATOR
                /j_spring_switch_user*=ROLE_ADMINISTRATOR
                /fileview/**=ROLE_USER,ROLE_ADMINISTRATOR
                /olap/**=ROLE_USER,ROLE_ADMINISTRATOR
                /xmla=ROLE_USER,ROLE_ADMINISTRATOR
                /services/**=ROLE_USER,ROLE_ADMINISTRATOR
                /reportimage/**=ROLE_USER,ROLE_ADMINISTRATOR
                /jrpxml/**=ROLE_USER,ROLE_ADMINISTRATOR
                /heartbeatinfo.html=ROLE_USER,ROLE_ADMINISTRATOR
                /rest/**=ROLE_USER,ROLE_ADMINISTRATOR
                /rest_v2/users/**=ROLE_ADMINISTRATOR
                /rest_v2/roles/**=ROLE_ADMINISTRATOR
                /rest_v2/organizations/**=ROLE_ADMINISTRATOR
                /rest_v2/permissions/**=ROLE_USER,ROLE_ADMINISTRATOR
                /rest_v2/resources/**=ROLE_USER,ROLE_ADMINISTRATOR
                /rest_v2/export/**=ROLE_SUPERUSER
                /rest_v2/import/**=ROLE_SUPERUSER
                /404.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /500.html=ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMINISTRATOR
                /reportgenerator.html=ROLE_USER,ROLE_ADMINISTRATOR
                /viewreportcancel.html=ROLE_USER,ROLE_ADMINISTRATOR
                /viewreportasynccancel.html=ROLE_USER,ROLE_ADMINISTRATOR
                /viewreportpageupdatecheck.html=ROLE_USER,ROLE_ADMINISTRATOR
            </value>
        </property>
    </bean>

     

        <!-- updater bean to set the roles allowed to get to a URL -->
    <bean id="setRolesForURL" class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdaterDefinition">
        <property name="order" value="10"/>
        <property name="beanName" value="filterInvocationInterceptor"/>
        <property name="propertyName" value="objectDefinitionSource"/>
        <property name="operation" value="append"/>
    </bean>

    <!-- get these done last -->
    <bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater">
        <property name="definition" ref="setRolesForURL"/>
        <property name="order" value="1000000000"/>
        <property name="value">
            <value>
                /awsconfiguration.html=ROLE_SUPERUSER
                /*.html=ROLE_ADMINISTRATOR
                /*.jsp=ROLE_ADMINISTRATOR
            </value>
        </property>
        <property name="valueType" value="string"/>
    </bean>

    <!-- get these done last -->
    <bean class="com.jaspersoft.jasperserver.api.common.util.spring.GenericBeanUpdater">
        <property name="definition" ref="setRolesForURL"/>
        <property name="order" value="1000000000"/>
        <property name="value">
            <value>
                /*.html=ROLE_ADMINISTRATOR
                /*.jsp=ROLE_ADMINISTRATOR
            </value>
        </property>
        <property name="valueType" value="string"/>
    </bean>

    <!-- switchUserProcessingFilter for "login-as" feature -->

    <bean id="switchUserProcessingFilter"
          class="com.jaspersoft.jasperserver.api.security.JSSwitchUserProcessingFilter">
        <property name="userDetailsService">
            <ref bean="${bean.switchUserProcessingFilter.userDetailsService}"/>
        </property>
        <property name="switchUserUrl">
            <value>/j_spring_switch_user</value>
        </property>
        <property name="exitUserUrl">
            <value>/j_acegi_exit_user</value>
        </property>
        <property name="targetUrl">
            <value>/home.html</value>
        </property>
        <property name="exitTargetUrl">
            <value>/flow.html?_flowId=userListFlow&amp;curlnk=3</value>
        </property>
        <property name="auditContext" ref="${bean.auditContext}"/>
        <property name="themeResolver" ref="themeResolver"/>
    </bean>

     

        <!-- enable all features supported by iPad  -->

    <bean id="iPadSupportFilter"
          class="com.jaspersoft.jasperserver.api.security.IPadSupportFilter">
        <property name="redirectUrl">
            <value>/flow.html?_flowId=homeFlow</value>
        </property>
        <property name="notSupportedUrls">
            <list>
                <value>/flow.html?_flowId=tenantFlow</value>
                <value>/flow.html?_flowId=reportUnitFlow</value>
                <value>/flow.html?_flowId=adminHomeFlow</value>
                <value>/flow.html?_flowId=userListFlow</value>
                <value>/flow.html?_flowId=roleListFlow</value>
                <value>/flow.html?_flowId=mondrianPropertiesFlow</value>
                <value>/flow.html?_flowId=designerOptionsFlow</value>
                <value>/flow.html?_flowId=designerCacheFlow</value>
                <value>/flow.html?_flowId=awsSettingsFlow</value>
                <value>/flow.html?_flowId=reportSchedulingFlow</value>
                <value>/flow.html?_flowId=dashboardDesignerFlow</value>
                <value>/log_settings.html</value>
                <value>/flow.html?_flowId=createSLDatasourceFlow</value>
            </list>
        </property>
    </bean>

     

    </beans>
     Share
    Go to entries

    User Feedback

    Recommended Comments

    There are no comments to display.



    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...

© 2024 Cloud Software Group,
Inc. All rights reserved.

Products

Explore