FAQs – Security Overview
JReport employs a two-step process for delivering a secure reporting environment: authentication and authorization.
Authentication establishes that the user has permission to access the JReport Server. Authentication is accomplished directly through JReport or through an external system which can pass authentication data to JReport.
Authorization establishes the resources that can be accessed and the actions that can be performed by an authenticated user. Available resources include folders, report templates, and report results or versions. Available actions include viewing, modifying, deleting, scheduling, and deploying reports.
JReport offers three methods for implementing security:
1) Built-in Security
a) Built-in user/role and permission management system.
b) User/role, resource & action permission information can be stored in a built-in HSQL database or other database.
2) Synchronization with external source
a) LDAP, MS Active Directory, Lotus Domino, and Novell Directory Server supported for user/role authentication.
b) JReport Server will grant or deny access based on external server identification of user name and password.
c) JReport Server can synchronize with external server manually or automatically.
3) Security API
a) Management of users/roles and permissions outside of the JReport Server.
b) Used if users/groups are not stored in LDAP or Active Directory (ex: database or web service) OR customers wants to maintain all security settings within one security center.
c) Allows for seamless integration of JReport Security within existing security system.