I. Overview
1) This authentication is a template authentication mode. When digital signature authentication is enabled, no access can be granted even if the template URL can be obtained after logging in to the system. With the digital signature authentication, only when the signature information is verified to be legal can access to the template be granted.
2) This authentication mode is suitable for systems that need to strengthen access control.
3) Verification flow chart:
Note: When upgrading the JAR, the digital signature token generated by the official document before May 20, 2019 will become invalid and the new JAR needs to be used to generate fine_digital_signature.
| You will learn |
|---|
|
II. Enable Digital Signature Authentication
1. Enable the authentication and select a template
When enabled, all templates need authentication by default. Please refer to Template Authentication - II. Introduction to Template Authentication - 3. Enable the authentication and select a template.
2. Select Digital Signature Authentication
1) Enable Digital Signature Authentication by selecting [Management System]>[Template Authentication]>[Global Settings].
Once enabled, when accessing the template /view/report?viewlet=***.cpt, the signature as authenticated by the authentication server will be added to the QueryString or the request header of the URL to be accessed, the parameter name is fine_digital_signature, and the URL format is :/View/report?viewlet =***.cpt&fine_digital_signature = value.
2) After selecting digital signature authentication, you need to customize the digital signature key to compile and get the value of fine_digital_signature. Take 123456 as an example.
1) Click Save to complete the setting.
3. Generate a digital signature
This step gets the fine_digital_signature value of the corresponding digital signature key. Here we take the GettingStartedEN.cpt template as an example.
1) You need to prepare the Java environment and IDE tools in advance and create a Java file; import the fine-core-10.0.jar and fine-third-10.0.jar under %FR_HOME%\webapps\webroot\WEB-INF\lib into the new project library:
2) Copy the code to the newly created file, and you can modify the digital signature template of lines 10-11 and enter the digital signature key set.
import com.fr.cert.token.JwtBuilder;
import com.fr.cert.token.Jwts;
import com.fr.cert.token.SignatureAlgorithm;
import java.util.Date;
public class test {
public static void main(String[] args) {
//Signature valid time
long validTime = 30 * 60 * 1000;
//Signature content: use relative path
String path = "GettingStartedEN.cpt";
String key = "123456"; //Key set in the platform
//Generate fine_digital_signature
String fine_digital_signature = createJwt("", "", path, validTime, key);
//Output fine_digital_signature
System.out.println(fine_digital_signature);
}
private static String createJwt(String issuer, String id, String subject, long validTime, String key) {
//Generate value of fine_digital_signature
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
Date currentTime = new Date();
Date expirationTime = new Date(currentTime.getTime() + validTime);
JwtBuilder builder = Jwts.builder()
.setIssuer(issuer)
.setSubject(subject)
.setIssuedAt(currentTime)
.setExpiration(expirationTime)
.setId(id)
.signWith(signatureAlgorithm, key);
return builder.compact();
}
}
3) Copy the generated value.
4. Preview
1) Take http://localhost:8075/webroot/decision/view/report?viewlet = GettingStartedEN.cpt as an example, and it shows no permission.
2) Enter [&fine_digital_signature = the value just copied] at the end of the URL, refresh and preview before viewing the report.
III. Remote server preview template
For JAR packages released on August 3, 2020 or later, when the FineReport Designer switches the working directory to the remote server with digital signature authentication enabled, the template can be previewed directly.
Note: The template preview URL becomes invalid when the remote designer user exits. In other words, if the connection to the remote server is disconnected, the template preview URL can not be previewed directly.
IV. Disable "Digital Signature Authentication"
Super administrator wants to enable template authentication for secondary administrators, but does not want secondary administrators to use "Digital Signature Authentication".
The super administrator can use "fine_conf_entity Visual Configuration" plugin to mask the "Digital Signature Authentication" function. The settings take effect after the server is restarted.
Note: For details about how to modify field values of FineDB database tables, see FINE_CONF_ENTITY Visual Configuration.
Configuration item | |
Reports in 10.0.14 and later versions support this parameter. The parameter values are as follows. The default value is true. false: The administrator cannot use the "Template Authentication" - "Digital Signature Authentication" function. true: The administrator can use the "Template Authentication" - "Digital Signature Authentication" function. |
Modify the configuration item "TemplateAuthConfig.digitalAuthAvailable" to "false", after restart the server, the administrator click on the "Manage > Template Configuration", can be found in the authentication "Digital Signature Authentication" blocked, unable to set.
Note: Do not set the authentication mode to "Digital Signature Authentication" before blocking "Digital Signature Authentication". Otherwise, the authentication still takes effect.
