Organization Security In Jaspersoft

Organization Security In Jaspersoft

Security implied on the report based on the organization details of the logged in user can be brought into reality through the use of parameter “’$P!{LoggedInUserAttribute_organization}’”. Here we have called this parameter in the Input control which controls the output of the report and sets security on the report as per the logged in user and his role. The following steps are performed to implement the organization level security on report:

1) Go to repository, there in folders look for input control folder. In input control select organization-> right click->edit. There in “define query” step check if the parameter “’$P!{LoggedInUserAttribute_organization}’” is present. This parameter filters the content of report as per the value in the profile attribute set for the logged in user. This parameter can be used anywhere in the query especially in the where clause of query which will help in data filtration.
E.g: Here the value we used for attribute organization = ‘Apollo hospital’ and the query being used in input control is going to filter the content of report for the organization: ‘Apollo hospital’ through the parameter:-
“’$P!{LoggedInUserAttribute_organization}’” .

2) The parameter ‘$P!{LoggedInUserAttribute_organization}’ can be called anywhere whether in report or in the query of input control as it implements the security on the report based on the value set in profile attribute of logged in user.

3) Stored procedure like below can be written in the query of input control where parameter ‘$P!{LoggedInUserAttribute_organization}’ is called :

storedprocedure

In similar fashion you can customise the query to call the parameter as per the requirement.

Thankyou
Nisha Sahu

JAVA POLICY FILE..

  

JAVA POLICY FILE                                   Apps-File-Java-icon

 

 

The Java™ 2 Platform, Enterprise Edition (J2EE) Version 1.3 and later specifications have a well-defined programming model of responsibilities between the container providers and the application code.

 
The java.policy file is a global default policy file that is shared by all of the Java programs that run in the Java virtual machine (JVM) on the node. A change to the java.policy file is local for the node.

 
The java.policy file is not a configuration file that is managed by the repository and the file replication service. Changes to this file are local and do not get replicated to the other machine.
By using this feature we can control the execution ,
To set the run-time permissions such that Java won’t grant the global permissions. Then you can specify only the permissions you want granted for your app. The key is to run your app with the options below.

java -Djava.security.manager -Djava.security.policy==policyFile.txt MyClass

Note the double equals -Djava.security.policy==policyFile.txt. The double equals == means to use only the permissions in the named file as opposed to the single equal sign -Djava.security.policy=policyFile.txt which means use these permissions in addition to the inherited global permissions.

 
Then create a policy file excluding the permissions you want to deny:

//policyFile.txt
grant codeBase “file:/C:/abc.jar” {
//list of permissions minus the ones you want to deny
//for example , the following give the application
//ONLY AudioPermission and AWTPermission. Other permission such as
//java.io.FilePermission would be denied.
permission javax.sound.sampled.AudioPermission;
permission java.awt.AWTPermission;
}

NOTE :  {app_server_root}/java/jre/lib/security/java.policy. Default permissions are granted to all classes. The policy of this file applies to all the processes launched by `Application Server.

 

 

Pushpraj Kumar

File encryption/decryption using AES Algorithm

In this article the reader will learn about plain text file encryption using AES(Advanced Encryption Standard) algorithm.

In modern day cryptography AES algorithm gained much popularity because of its strength.

The message to be encrypted is called the plain text or clear text. The encrypted message, which is not in human readable format is called as cipher text.

In cryptography systems there are two main types of encryption standards.

  1. Public Key Cryptography
  2. Private Key Cryptography

In public key cryptography, there will be two keys for each party. One is private key and the other one is public key. The public key of the recipient is used by the sender for enctyption and the private key is used by the recipient for decryption. This kind of cryptography is also called as Assymetric key cryptography.

In Private key cryptography, there will be only one shared key between the two parties for both encryption and decryption. In this mode of cryptography maintaining the secrecy of the secret key is very important. This kind of cryptography is also called as Symmetric key cryptography.

In general the Asymmetric key cryptography is used for short messages such as encrypting passwords. Symmetric key cryptography is used for encrypting relatively long messages. In cryptography systems like PGP(Pretty Good Privacy) both kinds of cryptography techniques are used.

AES(Advanced Encryption Standard)

The key size of AES is in general 128 bits. Where as 256 bits and 512 bits keys are also possible to use. The javax.crypto package of the Java language has the implementation of the AES algorithm. For 256 bit key encryption/decryption special policy files should be copied into the \jre\lib\security directory, which can be downloaded from Oracle’s web site.

AES uses a block size of 16 bytes. That means it will encrypt the data in block sizes of 16 bytes. So, the plain text should be in multiples of size 16 bytes. But, a file may consist of data of any length. So, in order to encrypt data of length which is not multiples of 16 bytes we can use the following class CipherInputStream. This class can be used to encrypt a stream of plaintext.

public class Encryptor {

	//The password, salt and initializationVector should be preserved for decryption
	private char[] password;
	private byte[] salt;
	private byte[] initializationVector;

	public Encryptor() {
		this.password = "Some string as password".toCharArray();
		try {
			this.salt = "Some string as salt".getBytes("UTF-8");
			//Note: initializationVector should be of length 16 bytes
			this.initializationVector = "Some string of length 16 bytes".getBytes("UTF-8");
		} catch (UnsupportedEncodingException e) {
			e.printStackTrace();
		}
	}

	public static void main(String[] args) {
		Encryptor aes = new Encryptor();
                //Pass the plaintext file and location of the encrypted file as command line arguments
		aes.encrypt(new File(args[0]), new File(args[1]));
	}

	public void encrypt(File plainTextFile, File encryptedLicenceFile) {

		if (encryptedLicenceFile.exists() == false) {
			try {
				encryptedLicenceFile.createNewFile();
			} catch (IOException e) {
				e.printStackTrace();
			}
		}

		
		// To read the file to be encrypted
		FileInputStream fileInputStream = null;

		// To write the encrypted file
		FileOutputStream fileOutputStream = null;

		// To read the file information and to encrypt
		CipherInputStream cipherInputStream = null;
		try {
			fileInputStream = new FileInputStream(plainTextFile);
			fileOutputStream = new FileOutputStream(encryptedLicenceFile);

			SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
			KeySpec keySpec = new PBEKeySpec(password, salt, 65536, 128);
			
			SecretKey secretKey = keyFactory.generateSecret(keySpec);
			SecretKey secret = new SecretKeySpec(secretKey.getEncoded(), "AES");

			Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
			IvParameterSpec ivParameterSpec = new IvParameterSpec(initializationVector);
			cipher.init(Cipher.ENCRYPT_MODE, secret, ivParameterSpec);

			cipherInputStream = new CipherInputStream(fileInputStream, cipher);

			int read;
			while ((read = cipherInputStream.read()) != -1) {
				fileOutputStream.write((char) read);
			}

			fileOutputStream.flush();

		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (NoSuchPaddingException e) {
			e.printStackTrace();
		} catch (InvalidKeySpecException e) {
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			e.printStackTrace();
		} catch (FileNotFoundException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		} catch (InvalidAlgorithmParameterException e) {
			e.printStackTrace();
		} finally {
			try {
				if (fileInputStream != null) {
					fileInputStream.close();
				}
				if (cipherInputStream != null) {
					cipherInputStream.close();
				}
				if (fileOutputStream != null) {
					fileOutputStream.close();
				}
			} catch (IOException e) {
				e.printStackTrace();
			}
		}
	}
}

This code uses one plainTextFile and produces the encryptedFile. For decrypting we need to follow similar steps. The following code demonstrates the decryption. In the decrypt method we can use the following lines of code.

		// To read the ecrypted file
		FileInputStream fileInputStream = null;

		// To write decrypted file
		FileOutputStream fileOutputStream = null;

		// To read encrypted file and decrypt it
		CipherOutputStream cipherOutputStream = null;
		ByteArrayOutputStream byteArrayOutputStream = null;
		try {
			fileInputStream = new FileInputStream(ecncrypedFile);
			byteArrayOutputStream = new ByteArrayOutputStream();

			SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
			KeySpec keySpec = new PBEKeySpec(password, salt, 65536, 128);

			SecretKey secretKey = factory.generateSecret(keySpec);
			SecretKey secret = new SecretKeySpec(secretKey.getEncoded(), "AES");

			Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

			IvParameterSpec ivParameterSpec = new IvParameterSpec(initializationVector);

			cipher.init(Cipher.DECRYPT_MODE, secret, ivParameterSpec);

			cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
			byte[] buffer = new byte[4096];

			int read;
			while ((read = fileInputStream.read(buffer)) != -1) {
				cipherOutputStream.write(buffer, 0, read);
			}

			if (cipherOutputStream != null) {
                                //Unless you close here you won't get complete plain text
				cipherOutputStream.close();
			}

			//The byte[] now can be used to obtain the cleartext
			byte[] plainText = byteArrayOutputStream.toByteArray();

The password, salt, and initializationVector must be the same while decrypting the cipher text. The decrypt method is left as reader’s exercise.

Thank you for reading.

Thanks and Regards,

Rajasekhar
Helical IT Solutions