Single Sign On

JReport Server's web pages are built to work with an existing web application. In particular, it is possible to set up the web server so that a user of the website can login to an existing web application and have that login grant them access to JReport web pages. This is called the Single Sign On feature.

This is done by developers implementing the class defined by the JReport Server Java interface HttpExternalAuthorized and telling JReport Server to use that implementation.

The implementation can be aware of the application's technique for managing login state in the servlet session. This code can tell JReport Server which user is logged in. The implementation can redirect the user to the application's login workflow if the request is not from a logged in user.

This system gives the user one spot in the application to login. A successful login there will allow the user to run JReport Server web pages without doing another login dialog.

JReport Server is told to use the local implementation of ExternalAuthorized in two ways.

Use the command line to define a system property that registers the class.
The system property jrs.httpExternalAuthorized is used to hold the name of the class that implements HttpExternalAuthorized.

If the name of the class is SheldonsHttpExternalAuthorized.java, then change the script file that starts up JReport Server to include the parameter string: -Djrs.httpExternalAuthorized=SheldonsHttpExternalAuthorized.

Use a Java API method call to register the class.

The Java API class HttpUserSessionManager has a method for setting the ExternalAuthrized object that JReport Server uses.

If the name of the package is com.mycorp.myHttpExternalAuthorized, then in a JSP page, connect to JReport Server, then pass an instance of the class object for myHttpExtneralAuthorized as the parameter in the method HttpUserSessonManager.setHttpExternalAuthorized().

<%@ page import="com.example.MyHttpExternalAuthorized" %>

        // initialize and connect to JReport Server
    initEnv(System.getProoperties());
    HttpRptServer httpRptServer = HttpUtil.getHttpRptServer(request);

        // set the HttpExternalAuthorized object used by JReport Server
    httpRptServer.getHttpUserSessionManager().setHttpExternalAutorized(new myHttpExternalAuthorized());

There are examples of implementations of the ExternalAuthorized Java interface in the sample source files that come with JReport Server. Look in the folder <install_root>\help\samples\APISecurity\SingleSignOn. Read the comments in the source code for more information about Single Sign On and how the Java interface is used.

samples\APISecurity\SingleSignOn\CustomHttpExternalAuthorized.java
samples\APISecurity\SingleSignOn\com\example\MyExternalAuthorized.java

In that same SingleSignOn folder are several JSP pages that can be placed into the public_html\jinfonet folder and run as web applications to exercise and demonstrate how Single Sign On works. The file customIndex.jsp is the entry point page. It has comments inside it on how to run the demonstration.

Notes:

The set of application users does not need to be the same set of users that are registered in JReport Server. However, the Single Sign On protocol does require that the application code identify the logged in user to JReport Server using a registered JReport Server user name.
When the set of application users is different from the set of JReport Server users, then the application code for returning the logged in user will need a system to map the applications user to a JReport Server user.