Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » BIRT » Controlling user access to web reports
Controlling user access to web reports [message #987868] Wed, 28 November 2012 08:00 Go to next message
Sapphie Missing name is currently offline Sapphie Missing name
Messages: 21
Registered: October 2010
Junior Member
I need to make sure that only certain users are able to view our BIRT reports via the web viewer. I have successfully implemented NTLM authentication against our domain as described in

https://sites.google.com/site/dynamicdatamining/birt/birt-viewer-security

That will allow anyone on our domain to access the reports. I want to restrict it to just a few.

Ideally I would furnish Tomcat with a set of usernames *and* then authenticate via NTLM but i don't think I can do that.

I do not want to add a new AD group for BIRT, so am thinking of performing the restriction within the report itself. The above link suggests a way to get the logged in username via an Initialize function but how do I make use of that?

I am thinking that I should put some code in beforeFactory that checks the passed username value against a list and either goes on to display the report OR outputs a message saying the user is not authorised.

However, I am clueless on how to achieve this or even if there is a better was of doing this?

Any help would be appreciated.
Thanks

Lee
Re: Controlling user access to web reports [message #988455 is a reply to message #987868] Thu, 29 November 2012 18:48 Go to previous messageGo to next message
Michael Williams is currently offline Michael Williams
Messages: 1546
Registered: July 2009
Senior Member

If you could grab the username and had access to a list to cross check if they should be able to view the report, you could drop all elements, in your beforeFactory script except for a label stating that the user doesn't have access to the report.

Michael

Add interactivity, scheduling, sharing, live Excel export, and JS integration to your BIRT app with the new, free BIRT server, BIRT iHub F-Type.
Re: Controlling user access to web reports [message #989765 is a reply to message #987868] Fri, 07 December 2012 11:12 Go to previous messageGo to next message
Sapphie Missing name is currently offline Sapphie Missing name
Messages: 21
Registered: October 2010
Junior Member
Hi Michael

Thanks for this idea. I came across the show/hide elements elsewhere. At the moment I have a global JS function isValidUsername() that just checks against a hard-coded list. If it's not on the list it hides the main table and shows a pop-up message.

What I really would like to do is look up the passed login name in some database table and if it exists as a record there then it is valid. So my isValidUsername() function needs to perform a database query to check if a particular record exists and get the result.

So I am stuck again, if anyone knows how to achieve this, I would be grateful.

Thanks
Lee
Re: Controlling user access to web reports [message #989816 is a reply to message #989765] Fri, 07 December 2012 19:43 Go to previous messageGo to next message
Michael Williams is currently offline Michael Williams
Messages: 1546
Registered: July 2009
Senior Member

Not show/hide. Actually drop the elements. You should be able to create a dataSet in your report that checks your user. Then, you could use the data engine api to check the results of the dataSet, in your beforeFactory. If the user doesn't check out, you can drop all of the tables in the report so that none of the datasets even run and show an error label. You could also just connect to your db in script and check for the username without the data engine api.

Michael

Add interactivity, scheduling, sharing, live Excel export, and JS integration to your BIRT app with the new, free BIRT server, BIRT iHub F-Type.
Re: Controlling user access to web reports [message #990042 is a reply to message #987868] Mon, 10 December 2012 11:14 Go to previous messageGo to next message
Sapphie Missing name is currently offline Sapphie Missing name
Messages: 21
Registered: October 2010
Junior Member
Thanks Michael. The following example supplied basically what I need:

http://www.birt-exchange.org/org/devshare/designing-birt-reports/1542-data-engine-api-to-check-data-set-values/

I modified this to basically create a function that refers to my data source (which will always be the same) and create my own query text, get the result, iterate through etc.

Lee
Re: Controlling user access to web reports [message #990095 is a reply to message #990042] Mon, 10 December 2012 15:52 Go to previous messageGo to next message
Michael Williams is currently offline Michael Williams
Messages: 1546
Registered: July 2009
Senior Member

That's the exact one I was thinking of when I posted what I did. Sorry for making you look for it. Smile Glad you got it going!

Michael

Add interactivity, scheduling, sharing, live Excel export, and JS integration to your BIRT app with the new, free BIRT server, BIRT iHub F-Type.
Re: Controlling user access to web reports [message #990196 is a reply to message #990042] Tue, 11 December 2012 06:16 Go to previous messageGo to next message
Sapphie Missing name is currently offline Sapphie Missing name
Messages: 21
Registered: October 2010
Junior Member
No probs, googling is good for me!

I have a follow up question, though, and could start a new thread but you may know.

Is there a way, within the script, to tell if the report is currently being run locally via the report designer rather than via the web viewer? When testing the report, I don't have access to the LDAP authentication username, so would want the option to bypass that check.

Thanks
Lee
Re: Controlling user access to web reports [message #990254 is a reply to message #987868] Tue, 11 December 2012 10:44 Go to previous messageGo to next message
Sapphie Missing name is currently offline Sapphie Missing name
Messages: 21
Registered: October 2010
Junior Member
This seems to work but I wondered if there was a more generic way?

    var request = reportContext.getHttpServletRequest();
    if (request!=null) {
       if (request.getServerName() == '127.0.0.1')
       {
       // This is running locally so can we assume from the report designer?
       // Do valid stuff when run locally
       }
       else
       {
       // do stuff when run remotely
       }
    }


Though, of course, the above could also apply when running the report via the web viewer when logged in to the server.

Lee

[Updated on: Tue, 11 December 2012 10:53]

Report message to a moderator

Re: Controlling user access to web reports [message #990324 is a reply to message #990254] Tue, 11 December 2012 15:56 Go to previous message
Michael Williams is currently offline Michael Williams
Messages: 1546
Registered: July 2009
Senior Member

Does running on the server pose a problem to your solution? If not, it seems as good as any I can think of.

Michael

Add interactivity, scheduling, sharing, live Excel export, and JS integration to your BIRT app with the new, free BIRT server, BIRT iHub F-Type.
Previous Topic:Installing the Tririga Plug-In for Birt Reports
Next Topic:Image DPI
Goto Forum:
  


Current Time: Thu Jul 24 16:09:32 EDT 2014

Powered by FUDForum. Page generated in 0.02880 seconds