Customized implementation of the Security API

JReport Server provides a set of Security APIs which you can implement in order to build your preferred security system. This section discusses the basic rules and implementation of the Security API.

Partial Implementation of the Security API

The Security API can meet various requirements for seamlessly integrating the JReport security system into an existing external security system.

By implementing all interfaces, you provide full functions to the JReport Server security system. However, if you do not want to provide a complete security system to your JReport Server, but only to use part of the functions available, you can achieve this by implementing the interfaces that meet your requirements.

Here are some examples:

Example 1

Requirements: You only want to customize authentication and authorization.

The following interfaces are required to be implemented:

Example 2

Requirements: You want to customize authentication and users, while the JReport Server maintains other functions of the security system.

The following interfaces are required to be implemented:

Example 3

Requirements: For CLS/RLS scenario, you must provide user/role information.

The following interfaces are required to be implemented:

Implementing the Security API using an .xml file

You can specify a customized implementation of the Security API in a .xml file. The JReport Server loads classes according to this file.

The file is customizedAPI.xml in <install_root>\bin. Specify the content in the .xml file as follows:

<?xml version="1.0" encoding="UTF-8"?>

<jreport-customized-api>
    <security>
        <authentication-provider>
            com.customer.security.AuthenticationProviderImpl
        </authentication-provider>
        <authorization-provider>
            com.customer.security.AuthorizationProviderImpl
        </authorization-provider>
        <user>
            <provider>
                com.customer.security.user.UserProviderImpl
            </provider>
            <permission-provider>
                com.customer.security.user.UserPermissionProviderImpl
            </permission-provider>
            <privilege-provider>
                com.customer.security.user.UserPrivilegeProviderImpl
            </privilege-provider>
        </user>
        <group>
            <provider>
                com.customer.security.group.GroupProviderImpl
            </provider>
            <permission-provider>
                com.customer.security.group.GroupPermissionProviderImpl
            </permission-provider>
            <privilege-provider>
                com.customer.security.group.GroupPrivilegeProviderImpl
            </privilege-provider>
        </group>
        <role>
            <provider>
                com.customer.security.role.RoleProviderImpl
            </provider>
            <permission-provider>
                com.customer.security.role.RolePermissionProviderImpl
            </permission-provider>
            <privilege-provider>
                com.customer.security.role.RolePrivilegeProviderImpl
            </privilege-provider>
        </role>
        <relation>
            <role-group>
                com.customer.security.relation.RoleGroupRelationProviderImpl
            </role-group>
            <role-user>
                com.customer.security.relation.RoleUserRelationProviderImpl
            </role-user>
            <group-user>
                com.customer.security.relation.GroupUserRelationProviderImpl
            </group-user>
        </relation>
    </security>
</jreport-customized-api>
Rules for applying customized Security API

The following are rules for applying customized Security API:

Notes: