Overview
Version
Report Server Version |
---|
11.0 |
Application Scenario
When the admin needs to share reports with external users and wants to ensure that the report data is not leaked:
The admin can set a digital signature and a validity period. Through the URL and digital signature, users can view the report within the specified validity period.
Without a digital signature or after the signature expires, the viewing link becomes invalid to ensure security.
Function Description
(1) The access to the template will be allowed only after the legality of the signature information is authenticated through the digital signature. Otherwise, an error will be returned indicating no permission to access the template.
(2) When accessing the Types of Template Preview, you need to add the suffix &fine_digital_signature=value to the URL.
Enabling Digital Signature Authentication
Obtaining the fine_digital_signature Value
Obtain the fine_digital_signature value of the corresponding digital signature key. This section takes the GettingStarted.cpt template as an example.
(1) You need to prepare the Java environment and IDE tool in advance and create a Java file, and import multiple JAR packages from %FR_HOME%\webapps\webroot\WEB-INF\lib into the newly created project, as shown in the following figure.
The JAR packages that need to be imported include: fine-core-11.0.jar, fine-third-11.0.jar, fine-accumulator-11.0.jar, and fine-cbb-11.0.jar.
(2) Copy the code into the newly created file, modify the template that needs digital signature authentication, and customize the digital signature key, as shown in the following figure.

The code is as follows:
import com.fr.cert.token.JwtBuilder;
import com.fr.cert.token.Jwts;
import com.fr.cert.token.SignatureAlgorithm;
import java.util.Date;
public class test {
public static void main(String[] args) {
//Validity period for the digital signature (in milliseconds)
long validTime = 30 * 60 * 1000L;
//Content of the digital signature, which is the relative path for accessing the resource
String path = "GettingStarted.cpt"; //Change this parameter to the path of the template that requires digital signature authentication, which is a relative path, for example, doc/xx.cpt.
String key = "123456"; //Digital signature key, which can be customized
//Generate fine_digital_signature
String fine_digital_signature = createJwt("", "", path, validTime, key);
//Output fine_digital_signature
System.out.println(fine_digital_signature);
}
private static String createJwt(String issuer, String id, String subject, long validTime, String key) {
//Used to generate the digital signature, that is, the value of the parameter fine_digital_signature
SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.HS256;
Date currentTime = new Date();
Date expirationTime = new Date(currentTime.getTime() + validTime);
JwtBuilder builder = Jwts.builder()
.setIssuer(issuer)
.setSubject(subject)
.setIssuedAt(currentTime)
.setExpiration(expirationTime)
.setId(id)
.signWith(signatureAlgorithm, key);
return builder.compact();
}
}
(3) Run the test file and obtain the fine_digital_signature value of the digital signature key, as shown in the following figure.
The value of the running result will be used in the section "Effect Display" of this document.
Platform Setting
Log in to the decision-making system as the admin, chooses System Management > Template Authentication, and enters the key value in the Digital Signature Key input box, as shown in the following figure.
Effect Display
Directly access the Types of Template Preview. The example link for this document is: http://localhost:8075/webroot/decision/view/report?viewlet=GettingStarted.cpt. A prompt indicating no permission is displayed, as shown in the following figure.
Add the parameter &fine_digital_signature=value to the end of the URL, where value is the data obtained by running the Java file in the section "Obtaining the fine_digital_signature Value" of this document. Now, the template can be viewed normally, as shown in the following figure.
Notes
Digital Signature Authentication Not Required for Previewing Templates in the Remote Design Mode
To facilitate template creation, when the designer remotely connects to a remote server with digital signature authentication enabled, previewing the template does not need digital signature authentication.
(1) In the remote design mode, a user can directly preview the template effect by clicking the preview button on the designer, without the need for digital signature authentication.
(2) After a user exits the remote design mode, the template cannot be directly previewed through the template preview URL anymore. In this case, the digital signature must be authenticated for the user to preview the template.
Hiding the Digital Signature Authentication Function
The super admin wants to enable the template authentication function for the sub-admin, but does not want the sub-admin to use the digital signature authentication function.
In this case, the super admin can hide the function through the fine_conf_entity visualization configuration plugin. The settings take effect after the server is restarted.

Configuration Item | Modification Rule |
TemplateAuthConfig.digitalAuthAvailable | The parameter values are as follows, and the default value is true. false: The admin cannot use the digital signature function under Template Authentication. true: The admin can use the digital signature function under Template Authentication. |
After the admin changes the value of the configuration item TemplateAuthConfig.digitalAuthAvailable to false, and restarts the server, when the admin chooses System Management > Template Authentication > Permission Configuration, the admin will find that Authenticate Digital Signature is hidden.

Failure of Viewing the Decision-Making System Homepage
Problem description & cause analysis:
When Template Authentication is enabled:
(1) Template authentication is not required when users view directory templates on the decision-making system.
(2) Template authentication is required when users view homepage templates on the decision-making system.
If template A is mounted on the homepage, a user cannot view the homepage if the user does not have the template authentication permission of template A. A prompt will be displayed: No permission to access this page. To access, please contact the administrator.
Solution:
(1) Directly disable digital signature authentication for the corresponding template in Template Authentication, and then mount the corresponding template through the homepage configuration page.
(2) Use a link on the homepage to mount the template: URL of the template + Parameter & fine_digital_signature=value.
The value is the digital signature generated by the key, not the key itself. For the method to obtain it, see the section "Obtaining the fine_digital_signature Value" of this document.