JasperServer External Database Authentication

Jasper Report Server can be configured to perform authentication and authorization using external table.

Purpose
This kind of authentication can be used when an application is using any other database to store users, roles and organization data, and if it wants jasper server to sync-up data and create same users, roles and organization information what it has stored in database. It also can be used to set up environment for SSO.
We need to configure jasper server to use this authentication process.

Steps to configure Jasper server

STEP-1
Copy <JS_INSTALL>/samples/externalAuth-sample-config/sample-applicationContext-externalAuth-db.xml to /WEB-INF directory.

STEP-2
Rename copied file to applicationContext-externalAuth-db-mt.xml.
Now, edit and configure beans of applicationContext-externalAuth-db-mt.xml.

STEP-3
Find below mentioned bean tag and configure according to your requirement. This tag is used for database parameters. Here, I am using mysql for external database authentication.

<bean id=”externalDataSource” class=”org.springframework.jdbc.datasource.DriverManagerDataSource”>

        <property name=”driverClassName” value=”com.mysql.jdbc.Driver”/>

        <property name=”url” value=”jdbc:mysql://localhost:3306/jasper_external”/>

        <property name=”username” value=”user”/>

        <property name=”password” value=”****”/>

NOTE: For testing purpose, you can create same database structure as jasper server use for authentication.

STEP-4
Find “externalUserTenantDetailsService” bean tag and configure: E.g.

<bean id=”externalUserTenantDetailsService”    class=”com.jaspersoft.jasperserver.multipleTenancy.security.externalAuth.db.MTExternalJDBCUserDetailsService”>

        <property name=”dataSource” ref=”externalDataSource”/>

        <property name=”usersByUsernameAndTenantNameQuery” value=”SELECT u.username, u.password, t.org_name FROM h_users u LEFT JOIN organization t ON u.org_id = t.id WHERE username =?”/>

        <property name=”authoritiesByUsernameQuery” value=”SELECT u.username, r.role_name FROM h_users u, user_role ur, role r WHERE u.id = ur.user_id and ur.role_id=r.id and u.username = ?”/>

        <property name=”multiTenancyConfiguration”><ref bean=”multiTenancyConfiguration”/></property>

    </bean>

NOTE: You can change table name, column names but sequence of column should not be changed in written query. Here, you can see I am using h_users table (custom table) instead jiuser (which is used by jasperserver) and column names are also different e.g. role_name.
This bean is responsible for queries which will be executed by jasperserver to use authentication.

STEP-5
Retrieving roles from database:
Configure “mtExternalUserSetupProcessor” bean to map the external information to roles in jasperserver.
• defaultInternalRoles property – A list of internal roles assigned to the external user by default.
• organizationRoleMap property – A list of key/value pairs that maps external role names to internal ones.

For commercial JasperReports Server deployments, you need to choose the level at which the role is assigned:

• To map to an internal role at the organization level, append |* to the name of the internal role, for example, ROLE_EXTERNAL_USER|*. Roles mapped at the organization level do not have administrative privileges.
• To map to an internal role at the system (null) level, do not modify the internal role name, for example, ROLE_EXTERNAL_ADMINISTRATOR. Roles at the system level are usually reserved for special users such as the system administrator and allow access to the repository folder of all other organizations.

The following example shows how to configure organizationrolemap:


<property name=”organizationRoleMap”>
    <map>                <entry>                                <key>                                                <value>ROLE_ADMIN</value>

                                </key>

                                <value>ROLE_ADMINISTRATOR|*</value>

                </entry>

</map>

</property>

STEP-6
Restart Jasper server.

 

Thanks

Sharad

Leave a Reply