JasperReports Server Configuration File - sample-applicationContext-externalAuth-LDAP-mt.xml - v5.1

Warning

These configuration files are essential to JasperReports Server's functioning.  Be very careful when editting them, remembering to have a backup in case you make a mistake.

This particular file is from JasperReports Server, v5.1. Other versions may differ.

<!--
~ Copyright (C) 2005 - 2012 Jaspersoft Corporation. All rights reserved.
~ http://www.jaspersoft.com.
~ Licensed under commercial Jaspersoft Subscription License Agreement
  -->
 
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">

LDAP Authentication

    <!-- ############ LDAP authentication ############
      - Sample configuration of external authentication via an external LDAP server.
    -->
 
    <bean id="proxyAuthenticationProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.BaseAuthenticationProcessingFilter">
        <property name="authenticationManager">
            <ref local="ldapAuthenticationManager"/>
        </property>
        <property name="externalDataSynchronizer">
            <ref local="externalDataSynchronizer"/>
        </property>
 
        <property name="sessionRegistry">
            <ref bean="sessionRegistry"/>
        </property>
 
        <property name="internalAuthenticationFailureUrl" value="/login.html?error=1"/>
        <property name="defaultTargetUrl" value="/loginsuccess.html"/>
        <property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
        <property name="migrateInvalidatedSessionAttributes" value="true"/>
 
        <property name="authenticationDetailsSource">
            <bean class="org.springframework.security.ui.AuthenticationDetailsSourceImpl">
                <property name="clazz">
                    <value>com.jaspersoft.jasperserver.multipleTenancy.MTWebAuthenticationDetails</value>
                </property>
            </bean>
        </property>
    </bean>
 
    <bean id="proxyAuthenticationSoapProcessingFilter"
          class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTDefaultAuthenticationSoapProcessingFilter">
        <property name="authenticationManager" ref="ldapAuthenticationManager"/>
        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
 
        <property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
        <property name="migrateInvalidatedSessionAttributes" value="true"/>
        <property name="filterProcessesUrl" value="/services"/>
 
    </bean>
 
    <bean id="proxyBasicProcessingFilter"
          class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.MTExternalAuthBasicProcessingFilter">
        <property name="authenticationManager" ref="ldapAuthenticationManager"/>
        <property name="externalDataSynchronizer" ref="externalDataSynchronizer"/>
 
 
        <property name="authenticationEntryPoint">
            <ref local="basicProcessingFilterEntryPoint"/>
        </property>
        <property name="tenantService" ref="${bean.hibernateTenantService}"/>
        <property name="portletOrganizationId">
            <util:property-path path="mtPortletAuthenticationProcessingFilter.portletOrganizationId"/>
        </property>
    </bean>
 
    <bean id="proxyAuthenticationRestProcessingFilter" class="com.jaspersoft.jasperserver.api.security.externalAuth.DefaultAuthenticationRestProcessingFilter">
        <property name="authenticationManager">
            <ref local="ldapAuthenticationManager"/>
        </property>
        <property name="externalDataSynchronizer">
            <ref local="externalDataSynchronizer"/>
        </property>
 
        <property name="filterProcessesUrl" value="/rest/login"/>
        <property name="invalidateSessionOnSuccessfulAuthentication" value="true"/>
        <property name="migrateInvalidatedSessionAttributes" value="true"/>
    </bean>
 
    <bean id="ldapAuthenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="ldapAuthenticationProvider"/>
                <ref bean="${bean.daoAuthenticationProvider}"/>
                <!--anonymousAuthenticationProvider only needed if filterInvocationInterceptor.alwaysReauthenticate is set to true
                <ref bean="anonymousAuthenticationProvider"/>-->
            </list>
        </property>
    </bean>
 
    <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
        <constructor-arg>
            <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <constructor-arg><ref local="ldapContextSource"/></constructor-arg>
                <property name="userSearch" ref="userSearch"/>
            </bean>
        </constructor-arg>
        <constructor-arg>
            <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg>
                <constructor-arg index="1"><value></value></constructor-arg>
                <property name="groupRoleAttribute" value="title"/>
                <property name="groupSearchFilter" value="(uid={1})"/>
                <property name="searchSubtree" value="true"/>
                <!-- Can setup additional external default roles here  <property name="defaultRole" value="LDAP"/> -->
            </bean>
        </constructor-arg>
    </bean>
 
    <bean id="userSearch"
          class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <constructor-arg index="0">
            <value></value>
        </constructor-arg>
        <constructor-arg index="1">
            <value>(uid={0})</value>
        </constructor-arg>
        <constructor-arg index="2">
            <ref local="ldapContextSource" />
        </constructor-arg>
        <property name="searchSubtree">
            <value>true</value>
        </property>
    </bean>
 
    <bean id="ldapContextSource" class="com.jaspersoft.jasperserver.api.security.externalAuth.ldap.JSLdapContextSource">
        <constructor-arg value="ldap://localhost:389/o=LDAPExample"/>
        <!-- manager user name and password (may not be needed)  -->
        <property name="userDn" value="*** LDAP manager RDN. E.g. cn=Manager,o=Jaspersoft ***"/>
        <property name="password" value="***LDAP manager password***"/>
    </bean>
    <!-- ############ LDAP authentication ############ -->

JasperReports Server Synchronizer

    <!-- ############ JRS Synchronizer ############ -->
    <bean id="externalDataSynchronizer"
          class="com.jaspersoft.jasperserver.api.security.externalAuth.ExternalDataSynchronizerImpl">
        <property name="externalUserProcessors">
            <list>
                <ref local="ldapExternalTenantProcessor"/>
                <ref local="mtExternalUserSetupProcessor"/>
            </list>
        </property>
    </bean>
 
    <bean id="abstractExternalProcessor" class="com.jaspersoft.jasperserver.api.security.externalAuth.processors.AbstractExternalUserProcessor" abstract="true">
        <property name="repositoryService" ref="${bean.repositoryService}"/>
        <property name="userAuthorityService" ref="${bean.userAuthorityService}"/>
        <property name="tenantService" ref="${bean.tenantService}"/>
        <property name="profileAttributeService" ref="profileAttributeService"/>
        <property name="objectPermissionService" ref="${bean.objectPermissionService}"/>
    </bean>
 
    <bean id="ldapExternalTenantProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.ldap.LdapExternalTenantProcessor" parent="abstractExternalProcessor">
        <property name="ldapContextSource" ref="ldapContextSource"/>
        <property name="multiTenancyService"><ref bean="internalMultiTenancyService"/></property>
        <property name="excludeRootDn" value="false"/>
        <!--only following LDAP attributes will be used in creation of organization hierarchy.
                Eg. cn=Smith,ou=Developement,o=Jaspersoft will produce tanant Development as child of
                tenant Jaspersoft (if excludeRootDn=false) as child of default tenant organization_1-->
        <property name="organizationRDNs">
            <list>
                <value>dc</value>
                <value>c</value>
                <value>o</value>
                <value>ou</value>
                <value>st</value>
            </list>
        </property>
        <property name="rootOrganizationId" value="organization_1"/>
    </bean>
 
    <bean id="mtExternalUserSetupProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.processors.MTExternalUserSetupProcessor" parent="abstractExternalProcessor">
        <property name="userAuthorityService">
            <ref bean="${bean.internalUserAuthorityService}"/>
        </property>
        <property name="defaultInternalRoles">
            <list>
                <value>ROLE_USER</value>
            </list>
        </property>
 
        <property name="organizationRoleMap">
            <map>
                <!-- Example of mapping customer roles to JRS roles -->
                <entry>
                    <key>
                        <value>ROLE_ADMIN_EXTERNAL_ORGANIZATION</value>
                    </key>
                    <!-- JRS role that the <key> external role is mapped to-->
                    <value>ROLE_ADMINISTRATOR</value>
                </entry>
            </map>
        </property>
    </bean>
    <!-- ############ JRS Synchronizer ############ -->
</beans>
Feedback