Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » BIRT » securing BIRT url(need suggestion for securing the BIRT url)
securing BIRT url [message #1002863] Sat, 19 January 2013 12:30 Go to next message
g g is currently offline g g
Messages: 17
Registered: August 2012
Junior Member
I have called the report viewer is by passing parameter variables in the URL. For instance I call my report via http://localhost:8080/WebViewerExample/frameset?__report=report1.rptdesign&param1=5000

The user can easily change the param1 value say @param1=10000 and view report for which he/she is unauthorized. I am looking for a way to prevent users from changing parameters and only allow them to come from the server.

I tried using tomcat role-based security but still problem persists at the same role level.

Is it possible that report viewer accepts the encrypted URL from the server and un-encrypt it to show the report content?

Is there any other way to resolve the problem?

Regards,
G
Re: securing BIRT url [message #1004227 is a reply to message #1002863] Tue, 22 January 2013 15:52 Go to previous messageGo to next message
Kristopher Clark is currently offline Kristopher Clark
Messages: 130
Registered: January 2013
Senior Member
You can encrypt parameter data and send that to the report. You would need to encrypt/decrypt the data in the beforeOpen. I've attach a simple example report to show how this can be done.
Re: securing BIRT url [message #1004500 is a reply to message #1004227] Wed, 23 January 2013 06:03 Go to previous message
g g is currently offline g g
Messages: 17
Registered: August 2012
Junior Member
Thanks a lot. It was very useful example. I was able to resolve the problem.
Previous Topic:How to get all Label controls using Designer API?
Next Topic:aggregation doesn't work
Goto Forum:
  


Current Time: Wed Aug 20 12:39:49 EDT 2014

Powered by FUDForum. Page generated in 0.01547 seconds