What are the authentication methods supported to access data source URLs?

[tuspatil1]

Hi Team,

We have jasperreports-6.21.3 community edition deployed in our environment & we uses JRXmlDataSource() to access the data source URLs, we would like to understand the authentication methods available for securely accessing data source URLs, such as OAuth, Bearer Token, or Digest Authentication.
Could you please provide information on the authentication methods supported by Jasper Studio and the corresponding Jasper APIs?

[Note: We have recently purchased te commercial edition jasperreport-9.0.0 & integration work is in progress]

Thanks,
Tushar

[teodord]

The JasperReports Library CE only has built-in support for Basic Authentication for data adapters.
As a customer of Jaspersoft, you woud probably be assisted with other types of connecting to remote sources of data for the reports.

[teodord]

Just to add more information here about data adapters which retrieve file data (JSON, XML, Excel, CSV, etc) from remote URLs:

They rely on pluggable implementations of the DataFileService and DataFileConnection interfaces, which can be added as extensions to the JRL core engine.
You can look at our default implementation of these two interfaces that provide basic authentication functionality and see how these could be used as examples when implementing more sophisticated authentication methods such as those using tokens and/or request headers:

https://github.com/TIBCOSoftware/jasperreports/blob/master/ext/data-adapters-http/src/main/java/net/sf/jasperreports/dataadapters/http/HttpDataService.java

https://github.com/TIBCOSoftware/jasperreports/blob/master/ext/data-adapters-http/src/main/java/net/sf/jasperreports/dataadapters/http/HttpDataConnection.java

In our standard HTTP basic authentication, we pass username and password. But in a custom implementation of your own, you could pass tokens in request headers or others stuff.

[teodord]

It's been a while since I last looked at HTTP data adapters, so I took a fresh look and I can tell you that if your method of authentication relies on passing certain headers to the HTTP request (tokens or something), then what you need is probably already possible:

If you create a JSON or XML data adapter file in Jaspersoft Studio, to retrieve JSON or XML data from a remote URL, you'll see that the wizard proposes you to set static request headers or GET or POST parameters.
Once you type in a remote URL starting with http:// or https:// the Options button opens a dialog that allows you to introduce such HTTP request specific information.

In addition to this static information that can be stored in the data adapter file itself, request headers can have dynamic values that come from report parameters. This is achieved by marking report parameter definitions inside the JRXML with this configuration property that would cause their value to be injected in the request as request header values:

https://jasperreports.sourceforge.net/config.reference.html#net.sf.jasperreports.http.data.header

I assume that the authentication requiring some UI login screen happens somewhere inside your application, prior to the report execution and thus you obtain a token or something that you than can use to authenticate the data retrieval request.
So you can pass that token as report parameter value and thus use it as data adapter HTTP request header value.

[dadza]

Also see the the sample reference.