BIRT‎ > ‎

BIRT-viewer-security

By default the free BIRT-viewer does not comes with integrated security.

But you can simply add SingleSignOn via NTLM1 (LDAP / Active Directory) by configuring an NTLM-HTTP filter (JCIFS) on your BIRT-viewer web-app.

A. Application server configuration (e.g. Tomcat)

  1. Add the jcifs-x.jar to the '<BIRT_VIEWER_HOME>\WEB-INF\lib' directory
  2. Configure the BIRT-viewer application to authenticate via NTLM by adding the NTLM-filter to the web.xml:
    <filter>
            <filter-name>NtlmHttpFilter</filter-name>
            <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

            <init-param>
                <param-name>jcifs.smb.client.domain</param-name>
                <param-value>your.domain</param-value>
            </init-param>
            <init-param>
                <param-name>jcifs.netbios.wins</param-name>
                <param-value>domain-controller.
    your.domain</param-value>
            </init-param>

            <init-param>
                <param-name>jcifs.util.loglevel</param-name>
                <param-value>2</param-value>
            </init-param>
        </filter>

        <filter-mapping>
            <filter-name>NtlmHttpFilter</filter-name>
            <servlet-name>ViewerServlet</
    servlet-name>
        </filter-mapping>
        <filter-mapping>
            <filter-name>NtlmHttpFilter</filter-name>
            <
    servlet-name>EngineServlet</servlet-name>
        </filter-mapping>

    </filter>
  3. Restart your Tomcat application server 
  4. Test if your BIRT-application is secured:
    open any report, e.g.: http://localhost:8080/BIRT/frameset?__report=test.rptdesign&sample=my+parameter
    --> You should now be prompted for your username & password
    NTLM Authentication

B. BIRT Report design

Once authenticated, you can check authorization via your Report using the BIRT Rhino Javascript.
On your dataset you can add a parameter using a default scripted value like:
var myLoginName = null;
var request = reportContext.getHttpServletRequest();
if (request!=null) {
    if (request.getRemoteUser()!=null) {
        myLoginName = request.getRemoteUser();
    }
}
myLoginName;
BIRT authentication: scripted parameter
This parameter you can use in your query / stored procedure to filter data matching the logged-in username.
Download report-authentication example

When you run this example report on your NTLM-enabled application server (see A.), you get prompted for username & password and will see a list of products (our example query simply checks if the username is not null)


optional: you can also embed this into a global getLoggedInUsername()-function, so you can simply call getLoggedInUsername() to get the logged-in user (*).
function getLoggedInUsername() {
    var myLoginName = null;
    var request = reportContext.getHttpServletRequest();
    if (request!=null) {
        if (request.getRemoteUser()!=null) {
            myLoginName = request.getRemoteUser();
        }
    }
    return myLoginName;
}

* remark: calling external functions before report rendering should only work from BIRT 6.2.2 on (http://www.birt-exchange.org/org/forum/index.php/topic/21662-help-on-this-report/page__p__76923)
So if you need the logged-in username in your parameter-selection, you should get it directly (without using your function)

C. Single Sign On configuration

To enable this NTLM-security on your corporate network as SingleSignOn, you can add your site to the "trusted sites" or "intranet zone" in your client browers.
When a user is logged-in to your corporate network domain, the NTLM-login screen will be passed-by (no user/password request if the user was logged-in to the Windows-domain)



ċ
authenticationTest.rptdesign
(18k)
Dyna Miner,
27 Sep 2011, 01:31
Comments