JasperServer Default Role Permissions

Question

After searching the net, this is my "last resort" ;-)

I have a JaserServer set up with users that are mapped to the ROLE_USER. The problem I have is that these users may do all sorts of things.

My set up: Virtualbox Windows XP SP3 with JasperServer 4.1 installed on it.

They need to be able to do all of things that you can do if you are logged on as an admin user and you right click on a folder and select Add Resource.

I can't find a page where you can alter the default folder permissions for certain roles. I already looked on the WEB-INF folder, but couldn't make out what to change and what to leave alone...

Any help is welcome!

Thanks all!

Answer 1

Here's the solution. Feel free to use it ;-)

The Problem

The problem I was confronted with was a huge one. On a project I was working on we were asked if we could alter the JasperServer default role permissions to such an extent that we could tell that certain customers on our JasperServer could add all of the resources that an administrator can. After searching the net endlessly we were at the point of giving up, but then out of blue we were given a hint. This hint was the succesfull one. Check the above post on Stackoverflow.

The Solution

The solution is one were the JasperServer XML files need to be altered/changed. I was already in the process of scouring all of the XML files, but to find the right one proved to be a challenge. The XML file you need to alter is located in the WEB-INF folder of the JasperServer installation directory. On my machine it was this one:

C:\Program Files\jasperreports-server-cp-4.5.0-2\apache-tomcat\webapps\jasperserver\WEB-INF

The file you need is this one: actionModel-search.xml

WARNING: don’t forget to first make a backup of the original file. You don’t want to start all over again if things go wong!

The Explanation

First things first, install the JasperServer. I have tested this only on a community version of JasperServer. So I guess if this works on a community version, it’ll also work on the paying supported version. After the installation go to your JasperReports homepage and login with the following credentials:

URL: http://localhost:8080/jasperserver
User: jasperadmin
Password: jasperadmin

Note that this is only a test setup on a virtual machine. If you intend to do this on a production server, change the password of the jasperadmin user for security reasons.

As soon as you are logged in go and create a new user. 1. Click on “Manage” 2. Click on “Users” 3. Click on “Add User” a. Give a user name b. Give a password 4. Click on “Add User”

Now that the user is made, you can go ahead and make a new role. To do this follow these steps:

1. Click on “Manage”
2. Click on “Roles”
3. Click on “Add Role”
4. Fill in the Role Name
5. Click on “Add Role”

Write down the newly created role name, because this is the role we are going to use to “hack” the XML to our needs.

To add users to the role do the following:

1. Click on the role you just created
2. Click on “Edit”
3. Select the users that need the new role.
4. Click on “Save”.

The next thing you need to do is to give the role read + write + delete permissions on the folder.

1. Right click on a folder
2. Click on “Permissions”
3. Select read + write + delete next to the role that needs this access

Now you’re all set and ready to go “hack” your way into the XML file.

Open up the actionModel-search.xml file. Don’t forget the take a copy of the file first!

At the start of the xml file look for a line of code that looks like the one below.

 <condition test="checkAuthenticationRoles" testArgs="ROLE_USER,ROLE_ADMINISTRATOR">

This is the first line you need to alter. Add your role to the testArgs section. Make sure that all of the roles are separated by a comma.

 <condition test="checkAuthenticationRoles"> testArgs="ROLE_USER,ROLE_ADMINISTRATOR**,USER_RESOURCES**">

On the next condition line make the same change. Save the file. For the changes to be made current, you need to restart the JasperServer. On windows systems you can go to

• To Stop: All Programs => JasperReports Server … => Start Or Stop Services => Stop Service
• To Start: All Programs => JasperReports Server … => Start Or Stop Services => Start Service

Now login with the user that you created and right click on the folder with the right permissions. Now you can add all of the resources that an administrator can add.

If you want you can play a little around with the XML file to further change the behavior. For example: you have a client that is prohibited to add images the jasper reports. In that case you can alter the XML like the following.

Place a condition test around this code:

<option labelKey="resourceTypes.image" action="invokeCreate" actionArgs="FileResource@@img" className="up"/>

To look like this code:

<condition test=checkAuthenticationRoles” testArgs=”ROLE_ADMINISTRATOR”>
<option labelKey="resourceTypes.image" action="invokeCreate" actionArgs="FileResource@@img" className="up"/></condition>

This way, only an administrator can add images to the folder. Voila, you are all set to go and play around with your copy of JasperReports Server.

Have Fun!

Answer 2

You will want to edit the file WEB-INF/actionModel-search.xml. Each menu item is represented by an <option /> tag and they are wrapped in <condition> tags to determine if you can see them or not. If the condition tag's test attribute is checkAuthenticationRoles, then the value of the testArgs attribute will determine what roles can see those options. If you want more than one role, separate them with commas.