Closed TestOverload closed 10 years ago
dilit
commented
10 years ago Not sure what you are asking. DO you want to know if you could find out whether JasperReports Server is accepting encrypted password at login? If that's the case you can send a request to /GetEncryptionKey servlet. If it comes back with an error, login encryption is off. Otherwise, it will send you a key.
TestOverload
commented
10 years ago that's what i want. So will this api handle this case automatically? Does it provide some method to access GetEncryptionKey ?
dilit
commented
10 years ago Not sure what api you are talking about. You just call host:port/
Dmitriy
-------- Original message -------- From: TestOverload notifications@github.com Date: 02/22/2014 9:27 AM (GMT-06:00) To: Jaspersoft/jrs-rest-java-client jrs-rest-java-client@noreply.github.com Cc: dilit dlitvak@jaspersoft.com Subject: Re: [jrs-rest-java-client] Is it possible to add api for password encryption when logging in jasper server (#1)
that's what i want. So will this api handle this case automatically? Does it provide some method to access GetEncryptionKey ?
— Reply to this email directly or view it on GitHub.
TestOverload
commented
10 years ago After turning on log-in password encryption in jasper server, i have tried to use jrs-rest-java-client to get a report from local jasperserver (like Code(1)), but it return status code 401 and no input stream return.
Also I have tried another raw method, using Jersey2 lib to access GetEncryptionKey to encrypt my password then log-in successfully. After setting a session id to cookie from a response when GetEncryptionKey, a report can be requested from jasperserver successfully.
So I guess the library jrs-rest-java-client may not check log-in password encryption is enabled in jasper server before log-in or executing a run like
OperationResult
I want to use jrs-rest-java-client to do some operations. Since jasper server need session id to identity and maintain a connection, i have no idea to pass the session id to the library after log-in, Then my program cannot continue to get report....
So My question is how to fix this issue. Can this library handle this case?
Thanks
alex-seeker
commented
10 years ago run rest service call (old rest service, not rest_v2) /rest/GetEncryptionKey - Get Public Key Encript the password with algorithm:
public String getEncryptedPassword(PublicKey publicKey, String originalPassword) throws Exception {
Cipher enc = Cipher.getInstance("RSA/NONE/NoPadding");
//Encryption
enc.init(Cipher.ENCRYPT_MODE, publicKey);
String utfCePass = URLEncoder.encode(originalPassword, CharEncoding.UTF_8);
byte[] encryptedUtfCePass = enc.doFinal(utfCePass.getBytes());
return byteArrayToHexString(encryptedUtfCePass);
}Put this encripted password to chain: ".authenticate"
GetEncryptionKey is not implemented in this rest java client library yet.
TestOverload
commented
10 years ago Thanks for your response. I will try it.
dilit
commented
10 years ago /rest/GetEncryptionKey should actually work even before authentication. Sending this request url to the server will tell you whether the server accepts encrypted or plain text passwords.
TestOverload
commented
10 years ago Resolved
Nazaf
commented
8 years ago I am stuck at this as for now. What i am not getting is. Do i have to write a service for it or i have to just enable the service in JasperServer and hit that?
yaroslav-kovalchyk
commented
8 years ago This library automatically encrypts your password before send it if encryption is on, so to authenticate you need just specify login and password (not encrypted) in authenticate() method.
I found in documentation sentence above. Please tern password encryption on (on a server) and try to use client as usually (with not encrypted password). It should work for you. If not - please reopen this issue.
I found that jasper server support RSA password encryption when logging in. Is it possible to add an autodetection and handle this case?