Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Test

    Загружено:

    dokiberto de leon
    13 просмотров3 страницы

    Оригинальное название

    test.txt

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ

    Авторское право:

    © All Rights Reserved
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    13 просмотров3 страницы

    Test

    Загружено:

    dokiberto de leon

    Авторское право:

    © All Rights Reserved
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 3

    BalendraBlog

    Technical solution to common issues


    HomeAboutTechnical

    Adding Security to Birt reports.


    Problem –

    If Birt viewer is deployed in the application so there is no security while opening


    the reports. Authentication of user is also not done.

    We need to implement a security mechanism for the birt report so that if session
    is expired than we should not be able to run the report and user authentiction
    should also be done before opening the report.

    Solution –

    I have created a prameter jsp page for the Birt report as i have already mentioned
    in my previous post (How to build a custom Parameter Jsp Page for Birt Report Using
    Birt Viewer tags)

    From this jsp a report would be generated so we need to implement security for this
    report.

    * Pass the encrypted data (user name, report name and hour) and user name in jsp
    session.

    * Fetch this encrypted data and user name in report.

    * In the report, we have user name so here also create encrypted message for user
    name, report name and hour.

    * Compare these two encrypted data and if these two values are same then only show
    report content.

    Below are the detailed information of the implementation –

    Create encrypted(MD5) data in your application to set this in the jsp session.

    In your servelt-

    String data = “<user name>”+”<report name>”+new Date().getHours();


    request.setAttribute(“data”, encryptUsingMD5(data));
    request.setAttribute(“user”, “<user name>”);
    private static String encryptUsingMD5(String message)
    {
    MessageDigest mdEnc = null;
    String md5 = null;
    try {
    mdEnc = MessageDigest.getInstance(“MD5”);
    mdEnc.update(message.getBytes(), 0, message.length());
    md5 = new BigInteger(1, mdEnc.digest()).toString(16); // Encrypted string
    if (md5.length() % 2 != 0) {
    md5 = “0” + md5;
    }
    return md5;
    } catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
    }
    return md5;
    }
    In your Parameter Page-

    <%
    session.setAttribute(“data”, request.getAttribute(“data”));
    session.setAttribute(“user”, request.getAttribute(“user”));
    %>

    In the report –

    Now We need to fetch these session data in the report.

    beforeFactory method of your report use the following script – In this scripts we
    are fetching data from the session of HTTP request and creating md5 encryption of
    the data. Then these values are bsing set in the Global Variables of the report to
    access in the generation and presentation phase of the Birt report.

    importPackage( Packages.javax.servlet.http );importPackage( Packages.java.io );


    var request = reportContext.getHttpServletRequest();
    var data = request.getSession().getAttribute(“data”)+””;
    var user = request.getSession().getAttribute(“user”)+””;
    d = new Date();
    var mad5value = md5(user+”<report name>”+d.getHours()); // md5() is a java script
    function. You can use any script for md5 calculation.
    reportContext.setPersistentGlobalVariable(‘localKey’, mad5value);
    reportContext.setPersistentGlobalVariable(‘serverKey’, data);

    In the report, Now you can hide any element by adding the following script in the
    visibility property of the element.

    (reportContext.getPersistentGlobalVariable(“serverKey”) !=
    reportContext.getPersistentGlobalVariable(“localKey”))

    Advertisements

    REPORT THIS AD
    Advertisements

    REPORT THIS AD
    Share this:
    TwitterFacebook

    This entry was posted on Thursday, May 19th, 2011 at 10:16 am and is filed under
    Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed.
    You can leave a response, or trackback from your own site.

    Post navigation« Previous Post


    3 Responses to Adding Security to Birt reports.
    ashwiniverma says:
    August 12, 2011 at 5:59 pm
    Great tip on adding security to BIRT. Can you also submit a link to your article on
    BIRT Exchange devshare (http://www.birt-exchange.org/org/devshare/) so more BIRT
    developers can benefit from it?

    Reply
    Todd Smith says:
    February 22, 2012 at 5:40 am
    I am not getting any session info in my beforeFactory method.

    Any ideas what I can try

    Reply
    Todd smith says:
    February 23, 2012 at 12:02 am
    Sees like the session are in diffrent contexts

    Reply
    Leave a Reply
    Enter your comment here...
    CATEGORIES
    Categories
    EMAIL SUBSCRIPTION
    Enter your email address to subscribe to this blog and receive notifications of new
    posts by email.

    Join 6 other followers

    Enter your email address

    Sign me up!

    balendra different context Dispatching to a Jsp servlet context


    Advertisements

    REPORT THIS AD

    Blog at WordPress.com.

    :)

    Вам также может понравиться