Token Based Authentication
If there is any application or portal we want to use with jasperreport server, but no single sign on environment one can go for token based authentication.
In token Token Based Authentication following steps are there:
1. The user is authenticated according to standards of application
2. Construction and encryption of token based on authenticated user values in your application.
3. Sending token in HTTP request to Jasperreport Server
For Token Based Authentication one needs to make some changes in the configuration of file. The steps for configuring are as follows:
- Go to C:\Jaspersoft\jasperreports-server-5.6\samples\externalAuth-sample-config and copy sample-applicationContext-externalAuth-preAuth-mt.
- Go to C:\Jaspersoft\jasperreports-server-5.6\apache-tomcat\webapps\jasperserver-pro\WEB-INF and paste the xml file there as applicationContext-externalAuth-preAuth-mt
One needs to understand the different beans present in sample-applicationContext-externalAuth-preAuth-mt.xml.Some of the beans and there properties are mentioned below.
The proxyPreAuthenticatedProcessingFilter bean has three main properties which are used in token configuration:
- principalParameter: reffered as pp it must be present in the request.Its a fixed string at the start of the token.
- tokenInRequestParam : Boolean that specifies location of principalParameter. If it is True then Jasperreport server looks of pp in request url only.
- tokenDecryptor: Specifies the class to use to decrypt the token. This property contains the refernce to the jar file which has implementation of cipherI. One needs to
- also place the jar file in the lib of jaspersoft.
The preAuthenticatedUserDetailsService specifies the token properties.In tokenFormat Mapping Property we map username, role, organization and exxpire time.
The externalUserSetupProcessor or mtExternalUserSetupProcessor bean contains the organizationRoleMap property which contains key/value pairs that maps external to internal roles.
The url is passed as follows:http://localhost:8080/jasperserver-pro?pp=u%3DTest_user|o%3Dorg2
If the user and organization is not present it gets created.
The url which is passed should be encrypted so that it it is not tampered.