[zszugyi]

I'm wondering if it's possible to access the servlet context from either a scripted event handler
or by a report when executed from the ActuateJavaComponent's information console.

We're deploying the web app on JBoss and we're authenticating using JAAS and a custom login module.
The reports need to somehow access the user principal from the request in order to determine what
data the user has access to.
One way could be if the user name can be passed to the data source as a report parameter. Is that
possible or is there some other way to accomplish this?

We're using Actuate 10sp1F4.

Thanks!

[averma]

Hi zszugyi,
You can pass username as a hidden parameter or you can also use reportContext.getAppContext() for reading and modifying the context within the scripts.

Ashwini

[zszugyi]

averma, on 21 July 2010 - 12:07 PM, said:

Hi zszugyi,
You can pass username as a hidden parameter or you can also use reportContext.getAppContext() for reading and modifying the context within the scripts.

Ashwini

Hi Ashwini,

Thanks for the reply.
I made a mistake in my original post, I did mean to write scripted data source instead of "event handler".
I'd guess your reply still applies: I can specify an event handler for the data source which would populate the hidden parameter from reportContext.getAppContext(). Is that correct?

Thanks,
Zoltan

[averma]

Yes you can take that approach. You should also be able to use this script directly in your expression builder for any filter condition etc.

Ashwini

[zszugyi]

I've tried to add a dataset parameter and setting the default value to

reportContext.getHttpServletRequest().getUserPrincipal().getName()

.

WHen opening the report, I get the error message saying that the result of

reportContext.getHttpServletRequest()

is null.

Searching online, it looks like other people have the same issue, for example:
https://jira.jboss.o...owse/JBIDE-4929

Is there a way to fix this in the actuate viewer servlet?

Thanks!

[zszugyi]

I have more information on this:
If I put the following code in the beforeOpen of a scripted data set is used in
cascading parameter group (where I would need it), the value of reportContext.getHttpServletRequest()
is null and the appContext doesn't have anything useful either.
Output:

17:37:56,661 INFO  [ProductDataSetHandler] org.eclipse.birt.report.engine.script.internal.ReportContextImpl@6e1b83aa
17:37:56,661 INFO  [ProductDataSetHandler] {org.eclipse.datatools.connectivity.oda.util_consumerResourceIds=org.eclipse.datatools.connectivity.oda.util.ResourceIdentifiers@5061465f, EXTENDED_ITEM_MAX_ROW=0, ServerUserName=anonymous, PARENT_CLASSLOADER=java.net.URLClassLoader@49e926fd, max_pool_size=10, AppRuntimeLocale=en_US, OdaConsumerId=com.actuate.data.oda.birt.propertyProvider, connection_time_out=3600, OdaConnPropertyContext={}, webapplication.projectclasspath=, org.eclipse.birt.data.query.ResultBufferSize=10,
birt.viewer.resource.path=C:\jboss-sw\server\scrumworks\.\deploy\ActuateJavaComponent.war\resources}
17:37:56,662 INFO  [ProductDataSetHandler] servlet request = null

If I put the the same code in the beforeOpen of the scripted dataset that provides the report data,
the request is available and I can get the user name.

17:48:11,283 INFO  [ReleaseBurnupReportDataSetEventHandler] {ReportParameters={product=-5.010744238007635986E18, username=administrator, forecast=false, release=-3.37001432750203367E17}, EXTENDED_ITEM_MAX_ROW=0, max_pool_size=10, ServerUserName=anonymous, AppRuntimeLocale=en_US, connection_time_out=3600, birt.viewer.resource.path=C:\jboss-sw\server\scrumworks\.\deploy\ActuateJavaComponent.war\resources, BIRT_VIEWER_HTTPSERVET_REQUEST=org.apache.catalina.connector.RequestFacade@276a0d23, org.eclipse.datatools.connectivity.oda.util_consumerResourceIds=org.eclipse.datatools.connectivity.oda.util.ResourceIdentifiers@76e88857, PARENT_CLASSLOADER=java.net.URLClassLoader@49e926fd, OdaConsumerId=com.actuate.data.oda.birt.propertyProvider, webapplication.projectclasspath=, OdaConnPropertyContext={}, org.eclipse.birt.data.query.ResultBufferSize=10}
17:48:11,283 INFO  [ReleaseBurnupReportDataSetEventHandler] servlet request = org.apache.catalina.connector.RequestFacade@276a0d23
17:48:11,284 INFO  [ReleaseBurnupReportDataSetEventHandler] username: xxx

Here's the code:

      l.info("beforeOpen");
      l.info(reportContext);
      l.info(reportContext.getAppContext());
      l.info("servlet request = " + reportContext.getHttpServletRequest());
      String userName = ((HttpServletRequest) reportContext.getHttpServletRequest()).getUserPrincipal().getName();
      l.info("username: " + userName);

I get the same result if I do the same thing in a JS event handler in the report designer.

Is this a bug or is this the expected behavior? If so, does anyone know a workaround?

Thanks,
Zoltan

[averma]

Hi Zoltan,
Can you try binding your scripted data set to a table in the report? Make this table as the first report item in the design. You can set the visibility of the table to false to hide this table in the report output.

Ashwini

[zszugyi]

Hi Ashwini,

I've tried, it does not work. When the data set is first opened to populate a parameter list, the request is null.
When the data set is opened for the second time after clicking "Finish", the request is correctly populated.

Thanks,
Zoltan

averma, on 27 July 2010 - 10:09 AM, said:

Hi Zoltan,
Can you try binding your scripted data set to a table in the report? Make this table as the first report item in the design. You can set the visibility of the table to false to hide this table in the report output.

Ashwini

[zszugyi]

I'm wondering if it'd be possible subclassing AcGetFolderItemsAction or AcSubmitJobAction
to set "BIRT_VIEWER_HTTPSERVET_REQUEST" in the app context. If so, which methods in which classes
would have to do this?

Thanks,
Zoltan

[PuckPuck]

reportContext.getAppContext().get("ServerUserName")

This will return you the username of the currently logged in user running the report. Going down the road of modifying the HttpServletContext passed to the report, is not recommended.

[zszugyi]

PuckPuck, on 28 July 2010 - 08:16 AM, said:

reportContext.getAppContext().get("ServerUserName")

This will return you the username of the currently logged in user running the report. Going down the road of modifying the HttpServletContext passed to the report, is not recommended.

We're using JAAS to authenticate the user, so ServerUserName is not populated.
I'm not trying to modify the HttpServletRequest, I'm trying to figure out why it's not accessible from the
reportContext of AppContext when selecting the report parameters.

[PuckPuck]

zszugyi, on 28 July 2010 - 07:51 AM, said:

We're using JAAS to authenticate the user, so ServerUserName is not populated.
I'm not trying to modify the HttpServletRequest, I'm trying to figure out why it's not accessible from the
reportContext of AppContext when selecting the report parameters.

Actuate Java Components has a single sign-on extension module (called Security Adapter). This should be implemented to validate and accept the credentials from your web application. Once done, ServerUserName will have a value. This is how Actuate Java Component was intended to be used, as authentication needs to happen within the web application itself, not the application server context, which I assume is how you are using JAAS.

[zszugyi]

Thanks for the reply!

I've created a class which extends the LocalSecurityAdapter and deployed it as per the instructions
at http://www.birt-exch...e_BIRT_Viewers.

This is how it looks like:

public class SecurityAdapter extends LocalSecurityAdapter {

   Logger logger = Logger.getLogger("birt");
   
   private String userName;

   /** {@inheritDoc} */
   @Override
   public boolean authenticate(HttpServletRequest request) throws AuthenticationException {
      Principal userPrincipal = request.getUserPrincipal();
      if (userPrincipal == null) {
         logger.info("no user principal");
         logger.info(request);
         logger.info(request.getAuthType());
      }
      this.userName = userPrincipal.getName();
      logger.info("user name: " + userName);
      
      return userPrincipal != null;
   }
   
   /** {@inheritDoc} */
   @Override
   public String getUserName() {
      logger.info("getUserName(): " + userName);
      return userName;
   }
   
}

Looking at the log, it seems like authenticate() and getUserName() are both called and are correct.
The ServerUserName is not set in the appContext correctly though, its value is "anonymous".

14:11:08,336 INFO  [birt] user name: zoli
14:11:08,337 INFO  [birt] getUserName(): zoli
14:11:30,759 INFO  [DataSetHandler] beforeOpen
14:11:30,760 INFO  [DataSetHandler] {org.eclipse.datatools.connectivity.oda.util_consumerResourceIds=org.eclipse.datatools.connectivity.oda.util.ResourceIdentifiers@6caf66c1, EXTENDED_ITEM_MAX_ROW=0, ServerUserName=anonymous, PARENT_CLASSLOADER=java.net.URLClassLoader@16394576, max_pool_size=10, AppRuntimeLocale=en_US, OdaConsumerId=com.actuate.data.oda.birt.propertyProvider, connection_time_out=3600, OdaConnPropertyContext={}, webapplication.projectclasspath=, org.eclipse.birt.data.query.ResultBufferSize=10, birt.viewer.resource.path=C:\jboss-sw\server\scrumworks\.\deploy\ActuateJavaComponent.war\resources}

I've changed the following parameters in the web.xml:
STANDALONE_REPOSITORY_FILE_AUTHENTICATION = true
STANDALONE_ALLOW_ANONYMOUS = false

Am I missing something?

[zszugyi]

I've also tried creating a custom LocalAccessManager to see if its authenticate() method is ever used but had no luck with it.

[averma]

You will also need to modify web.xml configuration parameters to point to your security adapters:
SECURITY_ADAPTER_CLASS
STANDALONE_ACCESS_MANAGER
Further details on customizing security are in Chapter 8 of the following document:
http://www.birt-exch...nt-kit-apps.pdf

Ashwini