TALK TO AN ENGINEER

To achieve different styles of embedding reports and dashboards into your application, JReport offers different options for security and user authentication: JReport Built-in SSO, 3rd-Party SSO – OAuth 2.0, or URL Direct. A brief explanation of each follows.

Option 1: JReport Built-in SSO

Option 1: JReport Built-in SSO

 

Pros Cons
  • More secure.
  • Full control over customization by the development team.
  • Need to setup a dedicated database.
  • Token maintenance (invalidation, expiration process, and so on).
  • Token generation and verification require development effort.
Overview of Setup Steps
  1. Create the Authentication Database. The Authentication Database must include the login user name logged by the user application along with an Authentication key (this can be a randomly generated code with time stamp).
  2. Write a java class CustomHttpExternalAuthorized which implements the interface jet.server.api.http.HttpExternalAuthorized. The method getExternalAuthorizedUser returns a JReport User ID associated with the currently logged in application user, so you will need to modify this method and get the logged in application user from Authentication Database.
  3. Add option -Djrs.httpExternalAuthorized=CustomHttpExternalAuthorized on your JReport java application (don’t forget to set options for integration environment variables on your web services startup script).

Notes:

  • You will need to maintain the Authentication Database for your application’s user logins and logouts.
  • The same user information needs to be maintained in JReport Server.

Option 2: 3rd-Party SSO w/ OAuth 2.0

Option 2: 3rd-Party SSO w/ OAuth 2.0

Pros Cons
  • More secure.
  • OAuth 2.0 is a widely accepted standard for SSO.
  • No need to maintain a token system.
  • Need to setup the OAuth platform.
  • Learning and coding curve based on the OAuth platform.
  • 3-rd party libraries are required.
Overview of Setup Steps
joauth2 Setup
  1. Deploy joauth2.war into your web service i.e. Tomcat.
  2. Install the PostgreSQL database and initialize the joauth2 database using the oauth2.sql file.
  3. Change the joauth2 configuration file application.properties. This mainly includes configuring the properties jreport.host and jreport.sso_url, and the data source information.
  4. If the value of jreport.host and oauth_db_host changes the local IP, Joauth2.reusserRefreshToken is true, and refresh_token will be used until the end of the loop; If the value is false, the access_token will be updated upon each refresh.
  5. Place Oauth2HttpExternalAuthorized.class and Oauth2HttpExternalAuthorized$Authentication.class into the classes folder which is local to the JReport web application.
  6. Put joauth_sso.jsp into JReport folder, and change authen_url and mix_erp.
  7. Add the option -Djrs.httpExternalAuthorized=Oauth2HttpExternalAuthorized to your JReport java application. Add integration ENV options to the web service startup script as needed.
.NET Application Setup
.NET applications need to integrate DotNetOpenAuth.OAuth2.Client.

DotNetOpenAuth.OAuth2.Client is the default SDK provided by DotNetOpenAuth to the C# client, and JReport’s integration uses the license code pattern (Authorization Code), which is now the most common mode of authorization for web apps. The client guides the user to enter credentials to obtain user authorization (AccessToken) in the authorization server, and then offers access to the user resources.

jOAuth2 Database Description
  • users: Data mode is username, password, enabled. User can be used when enabled is true.
  • authorities: Saves the spring security permission information.
  • oauth_client_details: Saves the Oauth2 register client information.
  • oauth_code: Saves the authorization code of the table; the authorization code is automatically deleted after the exchange.
  • oauth_access_token: Saves access_token table, automatically maintained by joauth2.
  • oauth_refresh_token: Saves refresh_token table, automatically maintained by joauth2.
Required jOAuth 3rd Party Libraries
  • Spring
  • Spring mvc
  • Spring security
  • Spring security config
  • Spring security-oauth2

Option 3: URL Direct

Option 3: URL Direct

Pros Cons
  • Simplest method.
  • No additional system are needed.
  • Cost friendly and minimal on-going maintenance.
  • Less secure.
  • Dependent on the strength of encryption algorithm selected by your company.
  • You have to address the coding effort for encryption and decryption.
Overview of Setup Steps
Directly invoke report or dashboard’s URL:

http://localhost:8888/jinfonet/tryView.jsp?
jrs.cmd=jrs.try_vw&jrs.report=%2fSampleReports%2fEmployeeInformation.cls
&jrs.catalog=%2fSampleReports%2fSampleReports.cat&jrs.result_type=8
&jrs.db_user=admin&jrs.db_pswd=admin

TALK TO AN ENGINEER