As of TIBCO JasperReports® Server 6.4, the REST v1 login service (rest/login) was deprecated and removed from the API. The August 2018 hot fix for commercial editions provides the REST v2 login service (rest_v2/login) to replace it. This article documents the use of the new rest_v2/login API.
Latest cumulative hotfix (as of 21 Sep 2018) is documented here: https://support.tibco.com/s/article/TIBCO-JasperReports-Server-v7-1-0-cumulative-hot-fix-20180905-0405-is-now-available A more recent one with more fixes might be available if you're reading this article at a later date.
The rest_v2/login service allows REST clients to submit authentication credentials in several ways and receive a server cookie that can be used to identify the user session in subsequent API operations. The supported authentication methods are:
- Login with username and password in the URL arguments.
- Login with username and password in the request body.
- Login with a ticket for servers configured for single sign-on (SSO).
Note that external authentication such as LDAP may be configured in the server, but clients are still required to submit the username and password in one of the first two methods above.
Sending passwords in plain text is strongly discouraged, therefore Tibco recommends that you configure your server and clients to use HTTPS, or that you use the login encryption feature. For more information, see Login Encryption in the Tibco JasperReports Server REST API Reference.
Method URL | |||
Argument | Type/Value | Description | |
Text | The user ID. In commercial editions of the server that implement multiple organizations, the argument must specify the organization ID or alias in the following format: j_username%7Corganization_id (%7C is the encoding for the | character). | ||
Text | The user’s password. The argument is optional but authentication will fail without the password. If the server has login encryption enabled, the password must be encrypted as explained in Login Encryption. | ||
Text | The user's ticket for your SSO mechanism. This argument is not valid when j_username and j_password are specified. For example: | ||
Content-Type | Content | ||
application/x-www-form-urlencoded | |||
Return Value on Success | Typical Return Values on Failure | ||
200 OK – Session ID in cookie, body of response is empty. | 400 Bad Request – Missing j_username or j_password. 401 Unauthorized – Login failed, body of response is empty. 403 Forbidden – License expired or otherwise not valid. |
Developers can test the login service and the user credentials from a browser, which uses the GET method by default. In this case, credentials must be passed as arguments in the URL, as shown in the following example:
http://<host>:<port>/jasperserver[-pro]/rest_v2/login?j_username=<userID>[%7C<orgID>]&j_password=<password>
Client applications typically use the POST method, and they gather the session cookie from the response to use in future requests. Credentials can be sent either in the URL arguments or in the content of the request, as shown in the following example:
POST /jasperserver/rest_v2/login HTTP/1.1User-Agent: Jakarta Commons-HttpClient/3.1Host: localhost:8080Content-Length: 45Content-Type: application/x-www-form-urlencodedj_username=jasperadmin%7Corganization_1&j_password=jasperadmin
The "200 OK" response indicates that the login was successful, and the response includes a cookie containing the session ID for the logged-in user:
HTTP/1.1 200 OKServer: Apache-Coyote/1.1Set-Cookie: JSESSIONID=52E79BCEE51381DF32637EC69AD698AE; Path=/jasperserverContent-Length: 0Date: Fri, 3 Aug 2018 01:52:48 GMT
For optimal performance, the session ID from the cookie should be used to keep the session open. To do this, include the cookie in future requests to the other RESTful services. For example, given the response to the POST request above, future requests to the repository services should include the following line in the header:
Cookie: $Version=0; JSESSIONID=52E79BCEE51381DF32637EC69AD698AE; $Path=/jasperserver
Maintaining a session with cookies is not mandatory, and your application can use any combination of session cookie, HTTP Basic Authentication, or both. However, if you use the session ID, it is good practice to close the session as described in Logout in the Tibco JasperReports Server REST API Reference. Closing the session frees up any associated resources in memory.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now