Details

    • Type: Improvement Improvement
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.1-1
    • Fix Version/s: 1.1.2.6, 1.1.3.4
    • Labels:
      None
    • Environment:
      windows

      Description

      Please provide some suggestions on how to secure birt. THe problem I have is that I thought that jira would proxy the birt request and report thru it, but it does not. It performs a redirect to the birt server with the parameters in the URL. So you need to have direct access to birt to use power report.

      my jira instance is externally available on the internet, however, I do not want to put the birt tomcat instance on the internet since it does is not secured by user name and password. I would need to put birt on the internet so that my external users could run reports. I do not want to do that unless I can do it in a secure manner.

        Issue Links

          Activity

          Hide
          cyrille.courtiere@valiantys.com
          added a comment -

          Hello,

          There is currently no available solution to secure BIRT URLs when you integrate it with PowerReport.

          I added this issue to our backlog and we are going to schedule it for a future release, but I cannot give you any visibility on this for now.

          We will come back to you when it is scheduled.

          Best regards,

          Cyrille

          Show
          cyrille.courtiere@valiantys.com
          added a comment - Hello, There is currently no available solution to secure BIRT URLs when you integrate it with PowerReport. I added this issue to our backlog and we are going to schedule it for a future release, but I cannot give you any visibility on this for now. We will come back to you when it is scheduled. Best regards, Cyrille
          Hide
          win bolton
          added a comment -

          I have found a workaround for this. Since we have crowd, I used the crowd apache plugin http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache to enable basic security on the birt server which has an apache proxy in front of it. The only drawback is getting prompted for the birt server even though you are already logged into Jira.

          Show
          win bolton
          added a comment - I have found a workaround for this. Since we have crowd, I used the crowd apache plugin http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache to enable basic security on the birt server which has an apache proxy in front of it. The only drawback is getting prompted for the birt server even though you are already logged into Jira.
          Hide
          Brice Gestas [Valiantys]
          added a comment -

          Hi,

          This new feature is now available in the new version of PowerReport => https://plugins.atlassian.com/plugin/details/23616

          Regards

          Show
          Brice Gestas [Valiantys]
          added a comment - Hi, This new feature is now available in the new version of PowerReport => https://plugins.atlassian.com/plugin/details/23616 Regards
          Hide
          alice.paillard@valiantys.com
          added a comment -

          Dear customers,

          We are currently migrating our support to an external JIRA and up to today 12AM you won't be able to comment nor create in this Studio project.

          Url of that new JIRA is https://jira.valiantys.com/
          Could you please sign up into that new JIRA with the same username as your Studio's one?

          • For outstanding bugs and Support Requests: copy of these issues have been created, please leave a comment on the issue so that I change the reporter.
          • For resolved issues, improvements and new features: the rest of the existing issues will be imported next week.

          Thanks,
          Alice

          Show
          alice.paillard@valiantys.com
          added a comment - Dear customers, We are currently migrating our support to an external JIRA and up to today 12AM you won't be able to comment nor create in this Studio project. Url of that new JIRA is https://jira.valiantys.com/ Could you please sign up into that new JIRA with the same username as your Studio's one? For outstanding bugs and Support Requests : copy of these issues have been created, please leave a comment on the issue so that I change the reporter. For resolved issues, improvements and new features : the rest of the existing issues will be imported next week. Thanks, Alice
          Hide
          Sim Hua Soon
          added a comment -

          Hi Brice,

          can you explain how to secure the BIRT server? Or to prevent users from accessing the reports directly from BIRT?
          I can't find the info in the documentation. Thanks.

          Show
          Sim Hua Soon
          added a comment - Hi Brice, can you explain how to secure the BIRT server? Or to prevent users from accessing the reports directly from BIRT? I can't find the info in the documentation. Thanks.
          Hide
          Brice Gestas [Valiantys]
          added a comment -

          Hi Sim,

          This feature has been implemented in the 1.0.2.4 version of the plugin. Unfortunately, performance and behavior problems has been detected, that is why this version is unstable...

          We will try to fix this in the next version of the plugin.

          Regards

          Show
          Brice Gestas [Valiantys]
          added a comment - Hi Sim, This feature has been implemented in the 1.0.2.4 version of the plugin. Unfortunately, performance and behavior problems has been detected, that is why this version is unstable... We will try to fix this in the next version of the plugin. Regards
          Hide
          Sim Hua Soon
          added a comment -

          Hi Brice,

          Thanks for your reply. I did not get an email notification.

          Any plans on when the next version is going to be out.
          It is a security risk since people can access all the reports directly from birt. Will you be able to recommend any quick workaround?

          Thanks.

          Show
          Sim Hua Soon
          added a comment - Hi Brice, Thanks for your reply. I did not get an email notification. Any plans on when the next version is going to be out. It is a security risk since people can access all the reports directly from birt. Will you be able to recommend any quick workaround? Thanks.
          Hide
          Brice Gestas [Valiantys]
          added a comment -

          Hi,

          I can't tell you a fixed date but we will try to release a new version of PowerReport in the next quarter of this year.

          Unfortunately, there is no workaround to face that security problem.

          Regards

          Show
          Brice Gestas [Valiantys]
          added a comment - Hi, I can't tell you a fixed date but we will try to release a new version of PowerReport in the next quarter of this year. Unfortunately, there is no workaround to face that security problem. Regards
          Hide
          Brice Gestas [Valiantys]
          added a comment -

          Hi,

          This bug has been fixed. Please download the latest version of PowerReport => https://plugins.atlassian.com/plugins/com.valiantys.jira.plugins.reporting

          Regards

          Show
          Brice Gestas [Valiantys]
          added a comment - Hi, This bug has been fixed. Please download the latest version of PowerReport => https://plugins.atlassian.com/plugins/com.valiantys.jira.plugins.reporting Regards

            People

            • Assignee:
              Brice Gestas [Valiantys]
              Reporter:
              win bolton
            • Votes:
              2 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: