REST v2 login Service

As of TIBCO JasperReports^® Server 6.4, the REST v1 login service (rest/login) was deprecated and removed from the API. The August 2018 hot fix for commercial editions provides the REST v2 login service (rest_v2/login) to replace it. This article documents the use of the new rest_v2/login API.

Latest cumulative hotfix (as of 21 Sep 2018) is documented here: https://support.tibco.com/s/article/TIBCO-JasperReports-Server-v7-1-0-cumulative-hot-fix-20180905-0405-is-now-available A more recent one with more fixes might be available if you're reading this article at a later date.

The rest_v2/login service allows REST clients to submit authentication credentials in several ways and receive a server cookie that can be used to identify the user session in subsequent API operations. The supported authentication methods are:

• Login with username and password in the URL arguments.
• Login with username and password in the request body.
• Login with a ticket for servers configured for single sign-on (SSO).

Note that external authentication such as LDAP may be configured in the server, but clients are still required to submit the username and password in one of the first two methods above.

Sending passwords in plain text is strongly discouraged, therefore Tibco recommends that you configure your server and clients to use HTTPS, or that you use the login encryption feature. For more information, see Login Encryption in the Tibco JasperReports Server REST API Reference.

Developers can test the login service and the user credentials from a browser, which uses the GET method by default. In this case, credentials must be passed as arguments in the URL, as shown in the following example:

http://<host>:<port>/jasperserver[-pro]/rest_v2/login?j_username=<userID>[%7C<orgID>]&j_password=<password>

Client applications typically use the POST method, and they gather the session cookie from the response to use in future requests. Credentials can be sent either in the URL arguments or in the content of the request, as shown in the following example:

POST /jasperserver/rest_v2/login HTTP/1.1User-Agent: Jakarta Commons-HttpClient/3.1Host: localhost:8080Content-Length: 45Content-Type: application/x-www-form-urlencodedj_username=jasperadmin%7Corganization_1&j_password=jasperadmin

The "200 OK" response indicates that the login was successful, and the response includes a cookie containing the session ID for the logged-in user:

HTTP/1.1 200 OKServer: Apache-Coyote/1.1Set-Cookie: JSESSIONID=52E79BCEE51381DF32637EC69AD698AE; Path=/jasperserverContent-Length: 0Date: Fri, 3 Aug 2018 01:52:48 GMT

For optimal performance, the session ID from the cookie should be used to keep the session open. To do this, include the cookie in future requests to the other RESTful services. For example, given the response to the POST request above, future requests to the repository services should include the following line in the header:

Cookie: $Version=0; JSESSIONID=52E79BCEE51381DF32637EC69AD698AE; $Path=/jasperserver

Maintaining a session with cookies is not mandatory, and your application can use any combination of session cookie, HTTP Basic Authentication, or both. However, if you use the session ID, it is good practice to close the session as described in Logout in the Tibco JasperReports Server REST API Reference. Closing the session frees up any associated resources in memory.