InetSoft Product Documentation: Reporting Software - Custom Report Security Integration

InetSoft's reporting software allows users to integrate custom report security options, leading to a highly adapatable solution that can be incorporated into existing systems. View the information below to learn more about the Style Intelligence solution.

Custom security integration is used under the following circumstances:

Your users/roles/groups have already been defined in your existing systems, which you wish to directly import into InetSoft, and InetSoft has no built-in mechanism of directly accessing this information, e.g., DB, Web Service (SOAP).
You wish to modularize your security into authentication and authorization and use different providers for each, e.g., read users/roles from LDAP (LDAP Security Provider) but write InetSoft-related permissions to disk (Default File Security Provider). This could be a requirement when your LDAP server has write restrictions.

custom report security integration example

More Dashboard & Report Examples

View a 2-minute demonstration of InetSoft's easy, agile, and robust BI software.

The recommended approach for implementing custom security (as of version 9.0) is to use the Composite Security Provider. The composite security provider modularizes security into 'Authentication' and 'Authorization'. Authentication deals with getting user/role/group information and validating login requests. Authorization deals with setting and getting report related permissions.

In order to set up composite security directly add the following properties in the 'sree.properties' file.

security.provider =

     inetsoft.sree.security.CompositeSecurityProvider

  
security.authentication.provider={AuthenticationProvider}

  
security.authorization.provider={AuthorizationProvider}

  
{AuthenticationProvider} can be one  of:


•  inetsoft.sree.security.FileAuthenticationProvider

•  inetsoft.sree.security.ldap.ADSecurityProvider

•  inetsoft.sree.security.ldap.IPlanetSecurityProvider

•  inetsoft.sree.security.ldap.GenericLdapSecurityProvider

•  class which extends inetsoft.sree.security.AbstractAuthenticationProvider e.g.,  com.company.security.MyAuthorizationProvider

  
{AuthorizationProvider} can be one of:


•  inetsoft.sree.security.FileAuthorizationProvider

•  inetsoft.sree.security.ldap.ADSecurityProvider

•  inetsoft.sree.security.ldap.IPlanetSecurityProvider

•  inetsoft.sree.security.ldap.GenericLdapSecurityProvider

•  class which extends inetsoft.sree.security.AbstractAuthorizationProvider, e.g.,  com.company.security.MyAuthorizationProvider

If you already have a custom security implementation in versions 8.0 and below; the recommended approach is to re-implement your security using the new Composite security provider as described above. However if you have an existing implementation which implements the 'SecurityProvider' interface you may use it with the addition of some methods.



  public class MyProvider implements  inetsoft.sree.security.SecurityProvider

  {
public boolean  checkPermission(Principal user, String resource, char acc){

   //check the type  of permission, which a user

   //has on a  resource

   //user is of type  SRPrincipal

   //acc is one of  'r','w','d'.

}
public boolean  supportGroupPermission() {

     //check if  provider has support for setting

     //permissions on  groups

}
public boolean authenticate(String  user, Object credential){

     //validate user  credentials

     //credential is  object of type

     //inetsoft.sree.security.DefaultTicket

  }

    public String[] getUsers() {

       // return a list  of all user logins

}
public String[] getIndividualUsers()  {

     //return a list of  users not belonging to a group

  }

    public User  getUsers(String name) {

       //return  inetsoft.sree.security.User object

}
public String[] getRoles() {

     // return a list  of all Roles

}
public String[] getRoles(String  user) {

     // return a list  of all Roles for a given user

}
public String[] getGroups() {

     // return a list  of all Groups

}
public Group getGroup(String name) {

     // Get a group by  name

}
public  Identity findIdentity(Indentity identity) {

     //find  the concrete identity of the security provider

}
public void setPermission(String  resource, 

                                   Permission  perm) {

     // save the  permission for a resource

}
public Permission getPermission(String  resource) {

     // get the  permission for a resource

}
public void removePermission(String  resource) {

     // remove the  permission for a resource

}
public void teardown() {

     //teardown the  security provider

  }

}