Configure HTTP Basic
With version 3.0 of the abiquo reporting package, it is possible to configure JasperServer to use HTTP basic authentication instead of the default form-based (i.e. login page) authentication.
HTTP Basic Authentication is enabled by making the following changes to the ‘/opt/jasperreports-server-cp-5.5.0/apache-tomcat/webapps/jasperserver/WEB-INF/applicationContext-security-web.xml’ file. Specifically, modifications are required to the ‘/**’ filter in the ‘filterChainProxy’ bean (typically located at the top of the file):
- To enable HTTP Basic Authentication handling, you need to add in its associated exception filter which is used to handle unauthenticated objects. Do this by adding ‘basicAuthExceptionTranslationFilter’ into the filter list AFTER the ‘anonymousProcessingFilter’ entry.
- Optionally, if you want to remove un-authenticated users from being automatically taken to the ‘Login’ page, then comment out (or remove) the ‘delegatingExceptionTranslationFilter’ entry from the filter.
Note: For security reasons, HTTP Basic Authentication should only be enabled is the JasperServer is properly configured to use HTTPS/SSL. This is because HTTP Basic Authentication passes the the username and password to the server using a simple base 64 character encoding. The section below discusses how to enable SSL within JasperServer.
Enable JasperServer HTTPS/SSL
JasperServer SSL is configured for SSL just like any other Tomcat server. This means there are two options for configuring JasperServer for HTTPS/SSL. Which one you choose depends upon the kind of SSL you wish to implement:
- JSSE SSL. This utilizes keystores constructed using the Java keytool utility. This is available by default with JasperServer.
- APR SSL. By default, and APR installation uses OpenSSL. Note that to use this option you will need to separately install the APR Tomcat native library.
Configuring JasperServer with JSSE SSL
The instructions below describe how to configure JasperServer to use of JSSE SSL, if you want to use OpenSSL then please see the Apache Tomcat SSL Configuration HOW-TO.
- Install Java (e.g. ‘yum install java-1.7.0-openjdk.x86_64’)
Run this command
‘%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA -keystore \path\to\my\keystore’
- After executing this command, you will first be prompted for the keystore password. The default password used by Tomcat is "changeit" (all lower case), although you can specify a custom password if you like. You will also need to specify the custom password in the server.xml configuration file, as described later.
- Next, you will be prompted for general information about this Certificate, such as company, contact name, and so on. This information will be displayed to users who attempt to access a secure page in your application, so make sure that the information provided here matches what they will expect.
- Finally, you will be prompted for the key password, which is the password specifically for this Certificate (as opposed to any other Certificates stored in the same keystore file). You MUST use the same password here as was used for the keystore password itself. This is a restriction of the Tomcat implementation. (Currently, the keytool prompt will tell you that pressing the ENTER key does this for you automatically.)
- If everything was successful, you now have a keystore file with a Certificate that can be used by your server.
Edit the JasperServer Tomcat server server.xml file (typically located at: <JasperServer Installation directory>/apache-tomcat/conf/server.xml). You will find an example (commented out) section similar to that below, either uncomment it or copy it, and modify the keystore details.
scheme="https" secure="true" SSLEnabled="true"
- Restart JasperServer and log in