Details

    • Type: Change Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.1-1
    • Fix Version/s: 1.1.2.6, 1.1.3.4
    • Component/s: None
    • Labels:
      None
    • Environment:
      windows

      Description

      Please provide some suggestions on how to secure birt. THe problem I have is that I thought that jira would proxy the birt request and report thru it, but it does not. It performs a redirect to the birt server with the parameters in the URL. So you need to have direct access to birt to use power report.

      my jira instance is externally available on the internet, however, I do not want to put the birt tomcat instance on the internet since it does is not secured by user name and password. I would need to put birt on the internet so that my external users could run reports. I do not want to do that unless I can do it in a secure manner.

        Attachments

          Issue Links

            Activity

            Hide
            cyrille.courtiere@valiantys.com cyrille.courtiere@valiantys.com added a comment -

            Hello,

            There is currently no available solution to secure BIRT URLs when you integrate it with PowerReport.

            I added this issue to our backlog and we are going to schedule it for a future release, but I cannot give you any visibility on this for now.

            We will come back to you when it is scheduled.

            Best regards,

            Cyrille

            Show
            cyrille.courtiere@valiantys.com cyrille.courtiere@valiantys.com added a comment - Hello, There is currently no available solution to secure BIRT URLs when you integrate it with PowerReport. I added this issue to our backlog and we are going to schedule it for a future release, but I cannot give you any visibility on this for now. We will come back to you when it is scheduled. Best regards, Cyrille
            Hide
            winbolton win bolton added a comment -

            I have found a workaround for this. Since we have crowd, I used the crowd apache plugin http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache to enable basic security on the birt server which has an apache proxy in front of it. The only drawback is getting prompted for the birt server even though you are already logged into Jira.

            Show
            winbolton win bolton added a comment - I have found a workaround for this. Since we have crowd, I used the crowd apache plugin http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Apache to enable basic security on the birt server which has an apache proxy in front of it. The only drawback is getting prompted for the birt server even though you are already logged into Jira.
            Hide
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment -

            Hi,

            This new feature is now available in the new version of PowerReport => https://plugins.atlassian.com/plugin/details/23616

            Regards

            Show
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment - Hi, This new feature is now available in the new version of PowerReport => https://plugins.atlassian.com/plugin/details/23616 Regards
            Hide
            alice.paillard@valiantys.com alice.paillard@valiantys.com added a comment -

            Dear customers,

            We are currently migrating our support to an external JIRA and up to today 12AM you won't be able to comment nor create in this Studio project.

            Url of that new JIRA is https://valiantys.atlassian.net/
            Could you please sign up into that new JIRA with the same username as your Studio's one?

            • For outstanding bugs and Support Requests: copy of these issues have been created, please leave a comment on the issue so that I change the reporter.
            • For resolved issues, improvements and new features: the rest of the existing issues will be imported next week.

            Thanks,
            Alice

            Show
            alice.paillard@valiantys.com alice.paillard@valiantys.com added a comment - Dear customers, We are currently migrating our support to an external JIRA and up to today 12AM you won't be able to comment nor create in this Studio project. Url of that new JIRA is https://valiantys.atlassian.net/ Could you please sign up into that new JIRA with the same username as your Studio's one? For outstanding bugs and Support Requests : copy of these issues have been created, please leave a comment on the issue so that I change the reporter. For resolved issues, improvements and new features : the rest of the existing issues will be imported next week. Thanks, Alice
            Hide
            hssim Sim Hua Soon added a comment -

            Hi Brice,

            can you explain how to secure the BIRT server? Or to prevent users from accessing the reports directly from BIRT?
            I can't find the info in the documentation. Thanks.

            Show
            hssim Sim Hua Soon added a comment - Hi Brice, can you explain how to secure the BIRT server? Or to prevent users from accessing the reports directly from BIRT? I can't find the info in the documentation. Thanks.
            Hide
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment -

            Hi Sim,

            This feature has been implemented in the 1.0.2.4 version of the plugin. Unfortunately, performance and behavior problems has been detected, that is why this version is unstable...

            We will try to fix this in the next version of the plugin.

            Regards

            Show
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment - Hi Sim, This feature has been implemented in the 1.0.2.4 version of the plugin. Unfortunately, performance and behavior problems has been detected, that is why this version is unstable... We will try to fix this in the next version of the plugin. Regards
            Hide
            hssim Sim Hua Soon added a comment -

            Hi Brice,

            Thanks for your reply. I did not get an email notification.

            Any plans on when the next version is going to be out.
            It is a security risk since people can access all the reports directly from birt. Will you be able to recommend any quick workaround?

            Thanks.

            Show
            hssim Sim Hua Soon added a comment - Hi Brice, Thanks for your reply. I did not get an email notification. Any plans on when the next version is going to be out. It is a security risk since people can access all the reports directly from birt. Will you be able to recommend any quick workaround? Thanks.
            Hide
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment -

            Hi,

            I can't tell you a fixed date but we will try to release a new version of PowerReport in the next quarter of this year.

            Unfortunately, there is no workaround to face that security problem.

            Regards

            Show
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment - Hi, I can't tell you a fixed date but we will try to release a new version of PowerReport in the next quarter of this year. Unfortunately, there is no workaround to face that security problem. Regards
            Hide
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment -

            Hi,

            This bug has been fixed. Please download the latest version of PowerReport => https://plugins.atlassian.com/plugins/com.valiantys.jira.plugins.reporting

            Regards

            Show
            brice.gestas@valiantys.com Brice Gestas [Valiantys] added a comment - Hi, This bug has been fixed. Please download the latest version of PowerReport => https://plugins.atlassian.com/plugins/com.valiantys.jira.plugins.reporting Regards

              People

              • Assignee:
                brice.gestas@valiantys.com Brice Gestas [Valiantys]
                Reporter:
                winbolton win bolton
              • Votes:
                2 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Jirassimo Notifications