|
 
3. Integration
3.1. Building
the Security class
To compile your Security
class, you need to have the rwrun.jar in your classpath. If
you are using Oracle9i JDdeveloper just add the Reports
Runtime library to your project.
The complete XML
Security example used in this tutorial is avaibable in the
resources section.
3.2. Deploying
the classes on your server
You can
- Deploy Java classes
- Deploy a jar file.
3.2.1. Deploy Java
Classes
If you are running
a Reports Server version 9.0.2.0.4 or lower, you should:
- Create a classes
directory in your $ORACLE_HOME/reports/
directory
- Copy your classes
to this new directory ($ORACLE_HOME/reports/classes)
If you are running
a Reports Server version 9.0.2.0.5 or higher, you should: copy
your classes to the $ORACLE_HOME/reports/jlib/classes
directory.
3.2.2. Deploy a Jar
file
If you packaged your
classes in a jar file, you need to manually modify the class
path to point to the jar file.
The Java class plath
of your Report Server depends on the way that you use the server
: In-Process or Stand-Alone. You can find more information in
chapter Specifying an In-Process Server of Publishing Reports to the Web with Oracle9iAS Reports Services.
In-Process server
is the default configuration of Oracle9iAS Reports Services.
In-Process server is available for faster response. The In-Process
server cuts down on the communication expense between processes
and consequently increases response times. In this context the
Reports Server starts automatically, whenever it receives the
first request from the client via the Reports Servlet (rwservlet)
or a Reports JSP.
If you configure
the server as a Stand-Alone server you should start it manually
with the rwserver command line. In this context Reports Server
and the application server processes are independent. You can
use this configuration when debugging your reports extension,
stopping and starting the Reports Server without any effect
on your application server.
If you are using
the "In-Process" server (the class path used by Oracle9i
Reports is the OC4J path).
- Copy the jar file
to the $ORACLE_HOME/reports/jlib
directory
- Open the OC4J
configuration file $ORACLE_HOME/j2ee/<instance_name>/config/server.xml.
The <instance_name>
represents the name of the OC4J where the reports are
executing, by default in Oracle9iDS the instance
is Oracle9iDS and
in Oracle9iAS it is OC4J_BI_Form.
- Add the jar file
to the class path using this XML entry:
<library path="../../../reports/jlib/XMLSecurity.jar"
/>
If you are using
the "Stand-Alone" server:
- Copy the jar file
to the $ORACLE_HOME/reports/jlib
directory
- Add file address
$ORACLE_HOME/reports/jlib/XMLSecurity.jar
to the REPORTS_CLASSPATH environment variable. On Windows
the REPORTS_CLASSPATH is in the registry.
3.3. Registering the new security
To register the new
security, you must perform the following steps:
- Add a new XML
entry for the security plug-in in the Reports Server configuration
file.
- Modify the job
that you want to secure in the Reports Server configuration
file.
3.3.1. Adding the
new XML entry for the security plugin.
Open the Reports
Server configuration file ($ORACLE_HOME/reports/conf/rep_<your
server>.conf), and add a new XML entry. For example,
in the XML Security example, the entry looks like this:
<security id="XMLSecurity" class="oracle.reports.plugin.security.xml.SecurityPlugin">
<property name="SecurityFile"
value="D:\\oracle\\ora9ias\\reports\\conf\\dependencies\\securityFile.xml" encrypted="no"/>
</security>
The security tag
has two attributes:
- id
contains the name of your new security, this name will be
used later to secure the job.
- class
contains the complete class name of the security.
If your security
needs some parameter you can add one or more property sub-elements
to the security tag. The XML Security accepts one parameter
that specifies the XML file security location. The property
element has the following attributes:
- name contains the name of the parameter, for
the XML Security the name is SecurityFile
- value
contains the value of the parameter, for the XML Security
the value contains the location of the XML Security file
- encrypted
contains a boolean value to specify if the value of the parameter
is encrypted of not, the XML Security file location does not
need to be encrypted.
3.3.2. Modifying
the job that you want to secure:
The security can
applies to one or more job elements. To secure a job you need
to add the securityId attribute to the job XML element. The
value of the securityId attribute is the id of the security
that you want to use.
<job jobType="report" engineId="rwEng" securityId="XMLSecurity" />
For
more details about the Reports Server configuration file, see
Publishing Reports to the Web with Oracle9iAS Reports
Services , chapter 3: "Configuring Oracle9iAS Reports
Services".
3.3.3. Disabling
the Single Sign On
By default Oracle9iAS
Report Service use Oracle9iAS SSO Server for the authentication,
if you develop your own security you do not need this integration.
Open the Reports
Servlet properties file ($ORACLE_HOME/reports/conf/rwservlet.properties)
and change the value of the SINGLESIGNON
property to NO.
By default this value is commented using # character, so you
need to uncomment the line too.
The property should
be like : SINGLESIGNON=NO
3.4. Using your new security
Now your new XML
Security is deployed and registered with your Reports Server.
If you secured the "report" job, each time a user will
try to execute a report, the security check will be executed.
That means, the user needs to specify the authId parameter for
each submission.
To execute a secured
job, the URL could be:
http://<your_server>:<port>/reports/rwservlet?report=rep.jsp&destype=cache&desformat=pdf&authId=username/password
If you are deploying
your new security on a Reports Server version 9.0.2.0.5 or lower
you could encounter an issue with image rendering in HTML
modes -Web layout or paper layout with destination type as HTML
or HTMLCSS-. The server protects all the commands, so the URL
to the image will be secured and you can not see any images
in your page. This issue is fixed in the Oracle9i Reports
version 9.0.2.1.
|
Security
