Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Configuration Guide
2013 datenwerke
http://reportserver.datenwerke.net/
Table of Contents
Preface.................................................................................................................................. 7
Installation............................................................................................................................. 9
Configuration....................................................................................................................... 21
Datasources................................................................................................................ 22
Export settings............................................................................................................ 30
UI Customization......................................................................................................... 31
Extensions.................................................................................................................. 36
Executing Reports using URLs................................................................................... 37
Misc Settings............................................................................................................... 38
Security related properties.......................................................................................... 39
Appendix A: Config File Reference...................................................................................... 45
Preface
Business Intelligence (BI) describes the ability to jointly analyze all of a companys data, distilling relevant information to be used to foster better business decisions. The foundation of
any BI solution is the careful preprocessing of existing data, for example, in a data warehouse.
ReportServer acts as the gateway between end-users and the collected data, allowing users
to efficiently access and analyze exactly the data they need. From print-ready evaluations to
fine-grained ad-hoc reporting; ReportServer provides you with the tools to support your daily
work.
Target audience
This document is written for future ReportServer administrators, as well as those who are
tasked with initially setting up the system.
Installation
Installation
ReportServer is a web-based application using the Java Servlet technology. ReportServer is
run in an application server (such as Apache Tomcat) and stores application relevant metadata in a relational database using the hibernate library. ReportServer basically supports all
operating systems that can run java and have an application server available.
ReportServer is distributed as a zip-archive to deploy in your application server. Additionally
a windows installer package is available for the use with Microsoft Windows. This package
optionally also installs Oracle Java, Apache Tomcat and the PostgreSQL database. You can
download ReportServer from http://sourceforge.net/projects/dw-rs.
Windows Installer
If you choose to install ReportServer using the Windows installer you are guided through the
various steps of the installation process. The installer is primarily meant to provide a quick
and easy way to get ReportServer runnig and the configuration is not optimized for production use. For production use we recommend a manual installation of the application server,
so you can adjust all required settings to your environment.
Tomcat
The installer will configure ReportServer to run with the Apache Tomcat (http://tomcat.apache.org/) application server. You can either have the installer set up Tomcat for you, or use
an already installed Tomcat instance.
Tomcat directory and external URL
If you choose not to have Tomcat installed automatically, you must specify its installation
directory as well as the external URL of the system. The external URL is the URL used to
access your system over the network.
Database Selection
You can either install ReportServer together with a preconfigured PostgreSQL database or
have the installer use an existing relational database system. Please note that if you choose
to use an existing database system, you need to manually create the necessary schema.
See 4. Database Setup.
Also note that depending on the database system used, you need to manually install the
corresponding jdbc driver. See 4. Database Setup.
Note: In case you use an existing database make sure to create the schema before starting ReportServer.
Manual Installation
If you choose to use the zip-archive distribution to set up ReportServer, the installation process is comprised of 3 parts:
1.
Installation Prerequisits
Java Runtime Environment (JRE)
Application Server
Database
2.
Configuration of the database and authentication procedures
adjusting the config file persistence.xml
adjusting the config file reportserver.properties
3.
First system start and login
If the host computer supports it, you should use the 64-bit edition.
10
Note that it is required to increase the maximum memory available to the application server from its default values. Otherwise, ReportServer will probably not
start.
Also, the available permanent generation space (PermGenSpace) needs to be set to at least
256mb (we recommend 512mb). The maximal available heap size should be at least 1.5gb.
The encoding should be set to UTF8. The individual parameters can vary, depending on the
intended usage scenario and the expected parallel load.
A sample configuration of the VM might look as follows:
-Xmx1548M
-XX:MaxPermSize=512M
-Dfile.encoding=UTF8
11
12
Configuration Files
ReportServer has only two (external) config files which hold information on the database
connection as well as information on available authentication methods. All other configuration is done from within ReportServer. The file persistence.xml (in directory WEB-INF/classes/
META-INF) holds information on the database connection that is used by ReportServer.
The file reportserver.properties (in the directory WEB-INF/classes) holds information about
available authentication schemes, as well as, cryptogrpahy related properties.
persistence.xml
ReportServer uses the Java Persistence API (JPA) to abstract from the actual database system when storing application data. The necessary configuration is made in the persistence.
xml config file.
Example
<?xml version=1.0 encoding=UTF-8?>
<persistence version=1.0
xmlns=http://java.sun.com/xml/ns/persistence
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
xsi:schemaLocation=http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd>
<persistence-unit name=reportServerPU transaction-type=RESOURCE_LOCAL>
<class>net.datenwerke.rs.dashboard.service.dashboard.dagets.FavoriteListEntry</class>
...
<properties>
<property name=hibernate.dialect
value=org.hibernate.dialect.PostgreSQLDialect/>
<property name=hibernate.connection.driver_class value=org.postgresql.Driver/>
<property name=hibernate.connection.url
value=jdbc:postgresql://localhost/postgres/>
<property name=hibernate.connection.username value=rs/>
<property name=hibernate.connection.password value=rs/>
....
</properties>
</persistence-unit>
</persistence>
13
The file consists of two parts that are both contained within the <persistence-unit> tag. The
<classes> section lists the entity classes used by ReportServer. This part should not be
changed. The properties within the tag <properties> specify the JPA configuration.
When changing the file, make sure that the XML syntax is maintained.
Furthermore,
- lines beginning with <class... should not be changed
- the file should be stored in UTF-8 encoding.
Connection properties
ReportServer supports all databases, that are supported by Hibernate. A list of the database systems supported by Hibernate can be found at https://community.jboss.org/wiki/
SupportedDatabases2.
Example config for MySQL
<property name=hibernate.dialect value=org.hibernate.dialect.MySQLDialect/>
<property name=hibernate.connection.driver_class value=com.mysql.jdbc.Driver/>
<property name=hibernate.connection.url
value=jdbc:mysql://localhost:3306/reportserver/>
<property name=hibernate.connection.username value=rs/>
<property name=hibernate.connection.password value=rs/>
<property name=hibernate.connection.autocommit value=false/>
14
Note, the JDBC driver corresponding to your database must be copied to the directory path_to_webapps/reportserver/WEB-INF/lib. ReportServer ships with the
JDBC drivers for MySQL, H2, and PostgreSQL.
Debug settings
<property name=hibernate.show_sql value=false/>
<property name=hibernate.format_sql value=true/>
15
Description
acquire_increment
Defines how many connections are acquired simultaniously by c3p0, if all connections
currently in the pool are busy.
idle_test_period
timeout
Number of seconds a pooled connection can remain idle before it is discarded. Zero means that idle connections are never discarded.
max_size
max_statements
Maximal size of the statement cache. Zero means that statements should not be cached.
min_size
Search settings
ReportServer can keep its search index either in memory or outsource it to disk. For this set
the value either to ram or filesystem.
<property name=hibernate.search.default.directory_provider value=ram/>
Note that in case the search index is stored to disk that you need to provide a path
to where the search index should be stored.
<property name=hibernate.search.default.indexBase
value=tmp/lucene/indexes/>
Further note, that if the search index is kept in memory that it needs to be recreated on a
ReportServer restart.
16
The property
<property name=hibernate.search.analyzer
value=net.datenwerke.rs.search.service.search.RsSearchAnalyzer/>
configures the analyzer that is to be used to create the search index. The analyzer is used to
split text into segments that are useful for indexing. Normally, the analzyer should not need to
be changed. Further information on Hibernate search can be found at http://www.hibernate.
org/subprojects/search.html.
Reportserver.properties
The config file reportserver.properties contains settings which are needed at ReportServer
statup time as well as settings concerning cryptographic functionality. All properties are stored as attribute value pairs.
Excerpt from the reportserver.properties file
rs.crypto.pbe.passphrase = The Passphrase
rs.crypto.pbe.keylength = 128
Crypto settings
Passwords (such as, for example, datasource passwords) that are stored in ReportServer
will be encrypted. ReportServer uses AES and password based encryption. For this, you
need to configure the following properties:
rs.crypto.pbe.salt
the salt that is used on key generation by the password based encryption method. This value
should be set to a long random string.
rs.crypto.pbe.keylength
The key size used. Keep in mind that key sizes over 128 require the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. For more information, see http://
www.oracle.com/technetwork/java/javase/downloads/index.html.
For secure storage of user passwords ReportServer uses the salted HMAC construction.
rs.crypto.passwordhasher.hmac.passphrase
Defines the static part of the salt for the salted HMAC construction. This value should be set
to a long random string.
17
Authentication settings
ReportServer supports several methods for user authentication. The different methods can
also be combined.
rs.authenticator.pams
This parameter defines which authentication methods are to be used. The individual values
are separated by a colon.
The following authenticator modules are available
net.datenwerke.rs.authenticator.service.pam.UserPasswordPAM
This is the standard mechanism and allows users to authenticate using a username and
password. Note: with this authentication method username and password are sent to the
server in the clear. Thus, this method should only be used over a secure channel (such as
TLS/SSL). If you are not in a secured environment choose the ChallengeResponsePAM
instead.
net.datenwerke.rs.authenticator.service.pam.IPRestrictionPAM
With this method you can restrict the set of IP addresses that can access ReportServer. The
allowed address ranges are configured in rs.authenticator.iprestriction.addresses. The individual values are separated by a colon. Example: rs.authenticator.iprestriction.addresses =
127.0.0.1/32:192.168.1.0/24
net.datenwerke.rs.authenticator.service.pam.EveryoneIsRootPAM
This method will disable authentication and log in all users as root.
net.datenwerke.rs.authenticator.cr.service.pam.ChallengeResponsePAM
This method is similar to the UserPasswordPAM but the password is transmitted securely to
the server. In cases where the connection is not secured via SSL this is the recommended
authentication method. Note though, that this requires the client browser to perform cryptographic tasks which may be slow on non-up-to-date browsers.
net.datenwerke.rs.authenticator.service.pam.ClientCertificateMatchEmailPAM
If your organisation uses x509 certificates, you can use this method to allow users to log in
with their client certificates.
rs.authenticator.pam.ClientCertificateMatchEmailPAM.debug
This parameter allows to enable debug mode for client certificate authentication.
18
rs.authenticator.blockroot
Setting this to true disables direct access using the root user. This is recommended for production environments. Note that you can switch to the root user using sudo if you need to
perform administrative tasks (and you have the corresponding privileges). Further information on sudo can be found in the administration guide.
19
20
Configuration
ReportServer is now up and running. In the following section we describe configuration options affecting the operation of ReportServer. The present document should be considered
as a reference containing a brief description of the various configuration options. Keep in
mind that the settings described here affect all areas of ReportServer which to describe is
beyond the scope of this config guide. See the administrators and users guide for further
information to the various areas of ReportServer.
All configuration files described in this section can be found in ReportServers internal filesystem. You can access the internal filesystem using the administration module (administration
/ file system) or using the terminal: you can open the terminal by pressing CTRL+ALT+T.
By using the command editTextFile you can edit files directly from the terminal. You can also
create new files using the command createTextFile. For further information on the workings
of the terminal see the administrators guide. Using the graphical user interface, you can select files similar to selecting files when working in the Explorer in your operating system. To
do this, go to administration/file system. To edit a file, choose the tab Edit file.
Please note, that after changing a config file you need to run the terminal command config
reload for the change to take effect.
Configuration files in ReportServer are defined in an XML format. Note that XML files can
only then be read and processed if they are well-formed. Here are a few basic rules for XML
files:
Examples:
each XML file has a single root element. In ReportServer all configuration files have the
root element <configuration>
every element with content consists of an opening and a closing tag: for example,
<tag>Here is some content</tag>
elements without any content can be opened and closed with a single tag of the form
<tag/>.
21
Datasources
In this section we will cover:
how to define the default datasource,
how to define datasource bundles,
how to configure the connection pool,
how to configure the internal db
22
<keys>
<key>Prod</key>
<key>Test</key>
</keys>
If you now create a datasource of type datasourcebundle you can specify a datasource for
each of the defined keys. If you select a datasourcebundle as data source for a report, then
the actual data source will only be determined at execution time, that is, the report will be
executed using the data source corresponding to the users selection on login. Note that
scheduled reports will always be run with the first data source in the list.
23
Internal database
The internal database is used, for example, for the intermediate storage of CSV data sources. Data from CSV data sources is transferred automatically before use into the internal
database. Thus, all features of the dynamic list are available when using CSV data sources.
Similarly is the internal DB used to store the results of scripted data sources. The corresponding settings can be made in the configuration file /fileserver/etc/datasources/internaldb.cf.
Define where the internal database should be stored using the parameter location
(<location>dbtmp</location>). In this example, the internal db is stored in a directory dbtmp
below the directory webapps/reportserver. Keep in mind that the application server needs to
be able to write to this directory. If you do not specify the parameter location, ReportServer
will keep the internal database in memory.
By default, ReportServer encrypts files of the internal data source. The following parameters
<encryption>
<disable>false</disable>
<password>SecretPassphrase</password>
</encryption>
Demodata
ReportServer comes with the option to install a demo database, which is the base for the
demo report shipped with ReportServer. The demo data will be installed in the internal database. To install the demo data on startup change the config file /fileserver/etc/datasources/
internaldb.cf to include the tag <installdemodata>true</installdemodata>. A sample configuration could, for example, look like:
24
<configuration>
<internaldb>
<location>dbtmp</location>
<encryption>
<disable>false</disable>
<password>SecretPassphrase</password>
</encryption>
<installdemodata>true</installdemodata>
</internaldb>
</configuration>
Note that this change will only take effect after a restart of ReportServer. To load the demo
data during runtime you can alternatively use the following script:
import net.datenwerke.rs.core.service.internaldb.InternalDbService
GLOBALS.getRsService(InternalDbService.class).initDemoDatabase()
To execute the script, copy the two lines to a file beneath the bin directory. Then open the
terminal (ctrl+alt+t), go to the directory to where you placed the script (for example cd /fileserver/bin/tmp) and execute the script via exec theScriptsName.
25
You can specify a timeout for parameter queries in the configuration file /fileserver/etc/datasources/parameter.cf. If queries get cancelled you should think about ways to tune your
database.
Set the parameter <querytimeout>60</querytimeout> to stop queries after 60 seconds
If you want to use the post-processing feature of the data source parameter enable it using
the following lines
<postprocessing>
<enable>true</enable>
</postprocessing>
The post-processing feature, for example, allows to switch parameter values or perform
complex string operations. Learn more about data source parameter post-processing in the
parameter chapter in the administrators guide.
Dynamic Lists
In Dynamic Lists, users can use Computed Columns. Computed collumns allow users to extend the list of columns by fields which do not exist in the source but which can be constructed
from existing fields. Computed Columns are based on SQL.
In /fileserver/etc/dynamiclists/computedcolumn.cf you can specify which SQL functions can
be used with Computed Columns.
Add those functions that may be used by your users.
Example
<function>abs</function>
We strongly recommend against allowing to use functions that can change data.
Further, the database user used for report execution should not have write access.
26
If you are using SSL or TLS please also specify these values. Next, configure the return
address and encryption policy.
<mail>
<sender>rs@yourmailserver.com</sender>
<encryptionPolicy>allow_mixed</encryptionPolicy>
</mail>
The encryption policy controls whether or not mails have to be encrypted or whether it is ok
to send mails unencrypted if a users public key is not specified. Choose between strict and
allow_mixed. Note that if you choose strict then mails to users that do not have a public key
registered with ReportServer will not receive any messages.
Scheduler settings
ReportServer comes with a powerful scheduler. ReportServers scheduler allows you to
schedule the execution of reports. The executed report can then either be emailed or stored
in a folder in a Teamspace.
The schedule and report recipients are user provided on scheduling. You can configure the
messages that ReportServer will send out on certain events. Each message can be customized to your specifications.
27
Available Substitutions
28
Expression
Description
${report.getName()}
reports name
${report.getDescription()}
reports description
${report.report.getKey()}
reports key
${report.getId()}
reports ID
${user.getUsername()}
username
${user.getFirstname()}
${user.getLastname()}
${user.getEmail()}
${user.getTitle()}
users title
${user.getId()}
id of user
${teamspace.getName()}
name of Teamspace
${folder.getName()}
${message}
${subject}
${recipients}
${filename}
${nextDates}
${RS_CURRENT_DATE}
current date
${errMsg}
${stacktrace}
If you would like to send emails in the HTML format please set the corresponding html attribute to true.
29
In case you do not want to have one or more notifications, you can disable the individual
notifications using the disabled attribute:
<fileaction disabled=true html=false>
If you do not want to use the scheduler you can disable it using
<properties>
<disabled>true</disabled>
</properties>
Keep in mind that this change will only take effect after reboot. To enable or disable the scheduler while ReportServer is running, use the terminal command scheduler daemon start /
stop. We refer to the Administration Guide for more information.
Export settings
Regarding the export to PDF and Microsoft Excel, there are several options that you can
set. In /fileserver/etc/exportfilecmd/excelexport.cf you can specify in which format Excel documents are to be exported. You can choose between the old XLS and the current XLSX
format. If you have selected the XLSX format, ReportServer allows to stream the data to the
client. This means, that the chunks of resulting Excel file are sent to the user while it is still
being created. Streaming result files can significantly reduce processing time.
To specify the Excel format and whether or not to use streaming, adjust the following parameters:
<format>xlsx</format>
<stream>true</stream>
You can specifiy document properties (title, creator and author) of PDF files in /fileserver/
etc/exportfilecmd/metadata.cf. The texts specified here will be included in newly generated
PDF files.
Modify the following parameters:
<title>title</title>
<creator>ReportServer</creator>
<author>ReportServer</author>
As with email notifactions you can use substitutions to dynamically populate the fields. The
following substitutions are available:
30
Available Substitutions
Expression
Description
${user.getUsername()}
username
${user.getFirstname()}
${user.getLastname()}
${user.getEmail()}
${user.getTitle()}
users title
${user.getId()}
users id
You can further specifiy the default character set used by ReportServer. In the file /fileserver/
etc/main/main.cf you will find the option charset. By default, the charset ISO-8859-1 is used.
UI Customization
In this section we cover the possibilities of customizing the user interface. ReportServer provides the following customization options:
Specifying the default language,
Customizing error messages,
customize PDF preview,
customize the report documentation,
add tabs based on context
Further customization options are available whith the use of ReportServer scripts. More information on ReportServer scripts can be found in the Administration Guide.
The property default specifies which language to use as default language. Please note that
currently only German and English are available. If you are interested in creating a translation, please contact us.
31
An exception is thrown whenever an error occurs in ReportServer. The exception is composed of: a title, error message, and the stack trace.
In /fileserver/etc/main/templates.cf you can customize the error message that is displayed
on errors that occur during the export of reports.
When customizing the error message you should give clear instructions as to what the affected employee should do in this case. Usually you would specify the contact address of
an administrator or helpdesk. When customizing, the following substitutions are available:
${headline}, ${msg} and ${stacktrace}.
32
The documentation report itself is a script report. It creates the documentation automatically
from the available metadata.
You can customize this report or use a completely different report (for example, if you want
to display additional information from other sources).
The ID of the documentation report is configured in /fileserver/etc/reportdoku/doku.cf. Note
that the documentation report must be given a parameter reportId. Having configured the
documentation report you can now create a report documentation by opening a report (e.g.,
from a Teamspace) and clicking on the button display report documentation.
You can also directly display the documentation report in a tab in the Teamspace. For this,
you need to configure a view in the /fileserver/etc/ui/urlview.cf config file. This is explained in
the next section.
33
Tabs to be displayed in the administration module go into the <adminviews> tags and tabs
for the Teamspace are put within the <objectinfo> tags, respectively. To add a new tab, you
define a <view> tag. For adding a tab to the Teamspace whenever a report is selected add
the following <view> tag to <objectinfo>.
<view>
<types>
net.datenwerke.rs.tsreportarea.client.tsreportarea.dto.TsDiskReportReferenceDto
</types>
<name>Report Information</name>
<url>
reportserver/reportexport?key=DOKU&format=html&p_reportId=${reportId}
</url>
</view>
By this, you can add as many tabs as you like. Using <types> you control the objects for
which the tab will be added. The following types are available in Teamspaces.
Types
net.datenwerke.rs.tsreportarea.client.tsreportarea.dto.AbstractTsDiskNodeDto
All exported reports which were, for example, created by the scheduler.
The name field defines the tabs name. The url is the address that is displayed. This also
allows you to access external addresses, that are then displayed within the tab.
For the report documentation you must enter the following URL:
reportserver/reportexport?key=DOKUBERICHT&format=html&p_reportId=${reportId}
34
The following replacements are available for defining the url: ${id} (the objects id), and
${type} (the objects type). Note that Teamspaces do only contain report references. Thus
the replacement ${id} will contain the id of the reference rather than the id of the referenced
report. For this, there is the special replacmenet called ${reportId} which is only available for
report references.
You can find more information about how reports can be accessed using a URL in the
Administrators Guide.
Similarly, to the report documentation in the Teamspace you can display additional information on any selected object in the administration module. In the administration module you
can add tabs to objects in the report management, user management, dadget management,
datasource management and fileserver modules. These are configured within the <adminviews> tag.
The following tables describe which types can be used. Note that the type must be used
together with the corresponding prefix.
Description
AbstractReportManagerNodeDto
ReportDto
reports
ReportFolderDto
folders
Description
AbstractUserManagerNodeDto
UserDto
users
GroupDto
groups
OrganisationalUnitDto
Description
AbstractFileServerNodeDto
FileServerFolderDto
folders
FileServerFileDto
files
35
Description
AbstractDatasourceManagerNodeDto
DatasourceFolderDto
folders
DatasourceDefinitionDto
data sources
Description
AbstractDashboardManagerNodeDto
DashboardNodeDto
dashboards
DashboardFolderDto
folders
The following example would display a tab User Information which displays the website at
Url http://www.mycompany.com/employe.
<adminviews>
<view>
<types>net.datenwerke.security.client.usermanager.dto.UserDto</types>
<name>User Information</name>
<url>http://www.mycompany.com/employe=${id}</url>
</view>
</adminviews>
Extensions
ReportServer has a modular design which allows you to easily extend it. The extension
points are called hooks. Extensions are written in groovy (groovy.codehaus.org) and can
hook into various places in ReportServer. In order to use scripts, you must configure certain
properties in the configuration file /fileserver/etc/scripting/scripting.cf.
This file controls whether scripts are enabled to begin with. Furthermore, you have to specify
a path (in the internal filesystem) beneath which scripts can be placed (this helps to allow
users to create/edit files in the file system without giving them the rights to write scripts).
Finally, you can name a script which is executed on ReportServer startup and one which is
executed whenever a user logs in.
36
<scripting>
<enable>true</enable>
<restrict>
<location>bin</location>
</restrict>
<startup>
<login>fileserver/bin/onlogin.rs</login>
<rs>fileserver/bin/onstartup.rs</rs>
</startup>
</scripting>
In the above example we allow scripts only in the bin folder (and subfolders). We defined the
script fileserver/bin/onlogin.rs as the script that is executed whenever a user logs in (note
that the script is executed with the current user, that is, the user that logged in and thus the
user must have the rights to execute this script). The second, on startup script is executed
without any user.
The onstartup and onlogin scripts shipped with the ReportServer demo data allow you to
easily execute your own scripts. The onstartup script executes all scripts in the folder /fileserver/bin/onstartup.d. Likewise, the onlogin.rs script executes all scripts within /fileserver/
bin/onlogin.d.
Further information on ReportServer scripts can be found in the administration guide.
37
In this case the username is set to user and the password is set to pass. Username and
password must be specified in any request using the url parameters user and password.
The following properties define which reports can be accessed using this method. Allowing
a report to be accessed can be done using the reports id or its key. Multiple keys/ids are
specified comma-separated.
<registered>
<ids>1, 2, 3, 4</ids>
<keys>asd, fgh,jkl</keys>
</registered>
Finally, you must define a user with which the reports are to be executed. Note that the user
must have sufficient privileges to actually run the reports.
<executeuser>
<id>123</id>
</executeuser>
Note that now anyone knowing the above specified username and password can execute
the here speciefied reports.
Misc Settings
ReportServer needs a directory to store temporary files. You can define the directory to use
in /filserver/etc/main/main.cf. Furthermore, you can specify a maximum lifetime (in seconds)
of temporary files in the directory.
<tempdir>tempdir</tempdir>
<tempfile>
<lifetime>3600</lifetime>
</tempfile>
38
Maintenance Tasks
ReportServer performs certain maintenance tasks from time to time. You can define the interval (in ms) with which ReportServer will execute these.
<maintenance>
<tasks>
<interval>600000</interval>
</tasks>
</maintenance>
In the example the expression getClass is prohibited. Multiple expressions are comma separated.
Configuring cryptography
The file /fileserver/etc/security/crypto.cf defines various cryptography related options. The
<cryptocredentials> section defines how cryptographic credentials, such as private keys and
certificates are retireved for various ReportServer modules.
To do so, a provider is specified for each module.
39
A provider is defined by specifying the name of the handler-class and some additional attributes.
<provider type=signature>
<class>
net.datenwerke.rs.incubator.service.crypto.FileServerKeyStoreKryptoCredentialProvider
</class>
<alias>rs</alias>
<secret>secret</secret>
<type>jks</type>
<location>/fileserver/keystore.jks</location>
</provider>
This configures the default handler, which tries to load key-material from a file within the fileserver. Providers can be specified for these types:
signature: a keystore that holds the private key, ReportServer uses when sending signed
emails
user: a keystore that holds public keys and certificates of ReportServer users. This is used,
when sending encrypted emails. An alternate method to provide key material is by using a
custom script, that retrieves the keys e.g. from a corporate directory.
The parameter maxage defines the number of days a password remains valid. The parameter minage denotes that a password may be changed at most every day. Minlength defines
the minimal length of passwords.
The property <historysize>6</historysize> denotes that the last 6 passwords may not be
used when changing the password.
40
You can define a threshold on the number of failed login attempts after which a user account
is blocked. This is done using <lockoutthreshold>3</lockoutthreshold>. <lockoutresettimeout>60</lockoutresettimeout> specifies the time after wich automatically locked accounts
can be used again.
The characterset definitions specify which characters for a password are approved and how
many characters from a particular group must be used.
<characterset>0123456789</characterset>
<choosemin>2</choosemin>
<characterset>abcdefghijklmnopqrstuvwxyz</characterset>
<choosemin>1</choosemin>
<characterset>ABCDEFGHIJKLMNOPQRSTUVWXYZ</characterset>
<choosemin>1</choosemin>
<characterset>!$%&/=?*:.;\,-_+~\\\#@</characterset>
<choosemin>2</choosemin>
In the above example, it is specified that from the first and last group (the digits and special
characters) at least 2 characters must be used. From the two remaining groups at least a
single character must be used.
Note that the specified number denotes a lower bound on the characters chosen from this
group.
User activation
Users can be activated by administrators using the user manager. On this, the user will receive an email with an automatically generated (single use) password (note that for this the mail
server must be correctly configured). After the first login, the user must change the password
according to the password policy.
You can customize the email sent to the user in the configuration file /fileserver/etc/security/
activateuser.cf.
<security>
<activateaccount>
<email>
<subject>Your ReportServer account details</subject>
<text>
Username: ${user.getUsername()}
Password: ${password}
</text>
</email>
</activateaccount>
</security>
41
Description
${user.getUsername()}
username
${user.getFirstname()}
${user.getLastname()}
${user.getEmail()}
${user.getTitle()}
users title
${user.getId()}
users id
${password}
${url}
The file hostkey.pem should contain the servers certificate. The path should be defined absolutely (e.g., C:/path/to/hostkey.pem)
Note that changes will only take effect after restarting ReportServer. If you do not want to
start the SFTP server simply supply an invalid path.
42
43
44
Appendix A
Config File Reference
Configuration Files
In the following Chapter we provide samples for each configuration file.
datasources/databasebundle.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<bundletype>
<name>BaseBundle</name>
<keys>
<key>Prod</key>
<key>Test</key>
</keys>
</bundletype>
</configuration>
datasources/datasources.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<datasource>
<defaultDatasourceName>Demodaten</defaultDatasourceName>
<useconnectionpool>true</useconnectionpool>
</datasource>
</configuration>
45
datasources/internaldb.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<internaldb>
<location>dbtmp</location>
<encryption>
<disable>false</disable>
<password>SecretPassphrase</password>
</encryption>
<installdemodata>true</installdemodata>
</internaldb>
</configuration>
datasources/parameter.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<parameter>
<datasource>
<querytimeout>60</querytimeout>
<postprocessing>
<enable>true</enable>
</postprocessing>
</datasource>
</parameter>
</configuration>
datasources/pool.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<pool disable=false provider=c3p0>
<defaultconfig>
<partitionCount>4</partitionCount>
<maxConnectionsPerPartition>10</maxConnectionsPerPartition>
<minConnectionsPerPartition>1</minConnectionsPerPartition>
<connectionTimeoutInMs>10000</connectionTimeoutInMs>
<maxConnectionAgeInMs>3600000</maxConnectionAgeInMs>
<queryExecutionTimeLimitInMs>60000</queryExecutionTimeLimitInMs>
<acquireRetryDelayInMs>1000</acquireRetryDelayInMs>
<acquireRetryAttempts>2</acquireRetryAttempts>
<idleMaxAgeInSeconds>3600</idleMaxAgeInSeconds>
<idleConnectionTestPeriodInSeconds>14400</idleConnectionTestPeriodInSeconds>
</defaultconfig>
<pool16>
<!-- specific stuff for datasource with id 16 -->
</pool16>
46
</pool>
</configuration>
datasources/sql.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<sql>
<incondition>
<maxsize>1000</maxsize>
</incondition>
</sql>
</configuration>
dynamiclists/computedcolumn.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<functions>
<function>abs</function>
<function>ceil</function>
<function>floor</function>
<function>mod</function>
<function>power</function>
<function>round</function>
<function>sign</function>
<function>sin</function>
<function>sqrt</function>
<function>trunc</function>
<function>exp</function>
<function>ln</function>
<function>log</function>
<function>concat</function>
<function>lower</function>
<function>upper</function>
<function>initcap</function>
<function>lpad</function>
<function>rpad</function>
<function>ltrim</function>
<function>rtrim</function>
<function>trim</function>
<function>replace</function>
<function>translate</function>
<function>substr</function>
<function>instr</function>
<function>length</function>
<function>add_months</function>
47
<function>last_day</function>
<function>months_between</function>
<function>round</function>
<function>sysdate</function>
<function>trunc</function>
<function>to_char</function>
<function>to_date</function>
<function>to_number</function>
<function>hextoraw</function>
<function>rawtohexcomput</function>
</functions>
</configuration>
exportfilecmd/excelexport.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<xls>
<format>xlsx</format>
<stream>true</stream>
</xls>
</configuration>
exportfilecmd/metadata.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<exportmetadata>
<title>Title</title>
<creator>ReportServer</creator>
<author>ReportServer</author>
</exportmetadata>
</configuration>
mail/mail.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<smtp>
<host>mail.datenwerke.net</host>
<port>25</port>
<username>rs@datenwerke.net</username>
<password>Uur5eeti</password>
<ssl>false</ssl>
<tls>
<enable>false</enable>
<require>false</require>
</tls>
48
</smtp>
<mail>
<sender>rs@datenwerke.net</sender>
<encryptionPolicy>allow_mixed</encryptionPolicy>
</mail>
</configuration>
main/localization.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<localization>
<locales>de,en</locales>
<default>de</default>
</localization>
</configuration>
main/main.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<default>
<charset>ISO-8859-1</charset>
</default>
<tempdir>tempdir</tempdir>
<tempfile>
<lifetime>3600</lifetime>
</tempfile>
<maintenance>
<tasks>
<interval>600000</interval>
</tasks>
</maintenance>
<search>
<timeout>5000</timeout>
</search>
</configuration>
main/templates.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<errors>
<html><!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/
html4/strict.dtd>
<html>
<meta http-equiv=content-type content=text/html; charset=UTF-8>
<head>
49
<title>Fehler</title>
<link type=text/css rel=stylesheet href=/ReportServer.css>
<link rel=stylesheet type=text/css href=/resources/css/reportserver.css />
<link rel=stylesheet type=text/css href=/resources/css/modulespecific.css />
</head>
<body class=errorpage>
<div class=errorpage-header>Fehler: ${headline}</div>
<div class=errorpage-msg>${msg}</div>
<div class=errorpage-todo>Im Falle eines nicht nachvollziehbaren Fehlers
kontaktieren Sie bitte einen Administrator.</div>
<div class=errorpage-stacktrace-header>Details:</div>
<div class=errorpage-stacktrace>${stacktrace}</div>
</body>
</html></html>
</errors>
</configuration>
misc/httpauthexecute.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<httpauthexecute>
<username/>
<password/>
<registered>
<ids/>
<keys/>
</registered>
<executeuser>
<id/>
</executeuser>
</httpauthexecute>
</configuration>
misc/misc.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<database>
<oracle>
<filter>
<convertclobs>true</convertclobs>
</filter>
</oracle>
</database>
<remoteaccess>
<sftp>
50
<keylocation>tmpres/hostkey.pem</keylocation>
<port>8022</port>
</sftp>
</remoteaccess>
</configuration>
reportdoku/doku.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<report>
<id>48</id>
</report>
</configuration>
reportengines/reportengines.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<birt>
<library>
<folder>
<id>1</id>
</folder>
</library>
<enable>true</enable>
</birt>
<jasper>
<enable>true</enable>
<allowedlanguages>groovy</allowedlanguages>
</jasper>
</configuration>
scheduler/scheduler.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<scheduler>
<mailaction html=false>
<subject>ReportServer: ${subject}</subject>
<text>Guten Tag,
eine Einplanung wurde ausgefhrt.
Bericht: ${report.getName()}
Nachricht:
${message}
</text>
<attachment>
<name>rep-${report.getName()}-${RS_CURRENT_DATE}</name>
51
</attachment>
</mailaction>
<fileaction disabled=false html=false>
<subject>ReportServer: Einplanung in Teamspace gespeichert</subject>
<text>Guten Tag,
eine Einplanung in den Teamspace wurde ausgefuehrt.
Bericht: ${report.getName()}
Dateiname: ${filename}
Beschreibung: ${description}
Teamspace: ${teamspace.getName()}
Ordner: ${folder.getName()}
</text>
</fileaction>
<notification disabled=false html=false>
<scheduled>
<subject>ReportServer: Neue Einplanung</subject>
<text>Es wurde eine Einplanung fr Sie vorgenommen.
Bericht: ${reportName}
Benutzer: ${scheduleUser}
Nchste Termine: ${nextDates}
</text>
</scheduled>
<unscheduled>
<subject>ReportServer: Einplanung gelscht</subject>
<text>Eine Einplanung wurde gelscht.
Report: ${reportName}</text>
</unscheduled>
<failed>
<subject>ReportServer: Einplanung fehlgeschlagen</subject>
<text>Die eingeplante Ausfhrung des Berichts ist fehlgeschlagen.
Bericht: ${reportName}
Fehlermeldung: ${errMsg}
Empfnger: ${recipients}
Fehler-Details: ${stacktrace}
</text>
</failed>
</notification>
<properties>
<disabled>false</disabled>
</properties>
</scheduler>
</configuration>
52
scripting/scripting.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<scripting>
<enable>true</enable>
<restrict>
<location>bin</location>
</restrict>
<startup>
<login>fileserver/bin/onlogin.rs</login>
<rs>fileserver/bin/onstartup.rs</rs>
</startup>
</scripting>
</configuration>
security/activateuser.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<security>
<activateaccount>
<email>
<subject>Zugang zu Reportserver</subject>
<text>Hallo ${user.getFirstname()} ${user.getLastname()}, 

Ihr Zugang zu ReportServer wurde freigeschaltet. 
Bitte melden Sie sich mit folgenden temporren Zugangsdaten auf 

${url}

an. Sie werden dann aufgefordert ihr endgltiges Kennwort zu whlen. 

Benutzername: ${user.getUsername()}
Kennwort:
${password}

Bitte beachten Sie, dass fr eine erfolgreiche Anmeldung korrekte Gro-/Kleinschreibung
sowohl im Benutzernamen als auch im Kennwort erforderlich ist. 

Liebe Gre, 
Reportserver</text>
</email>
</activateaccount>
</security>
</configuration>
53
security/crypto.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<cryptocredentials>
<provider type=signature>
<class>net.datenwerke.rs.incubator.service.crypto.
FileServerKeyStoreKryptoCredentialProvider</class>
<alias>rs</alias>
<secret>secret</secret>
<type>jks</type>
<location>/fileserver/keystore.jks</location>
</provider>
<provider type=sftp>
<class>net.datenwerke.rs.incubator.service.crypto.
FileServerKeyStoreKryptoCredentialProvider</class>
<alias></alias>
<secret></secret>
<type></type>
<location></location>
</provider>
<provider type=user>
<class>net.datenwerke.rs.incubator.service.crypto.
FileServerKeyStoreKryptoCredentialProvider</class>
<alias>rs</alias>
<secret>secret</secret>
<type>jks</type>
<location>/fileserver/keystore-usr.jks</location>
</provider>
</cryptocredentials>
</configuration>
security/misc.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<juel>
<expression>
<blacklist>getClass</blacklist>
</expression>
</juel>
</configuration>
54
security/passwordpolicy.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<rs>
<security>
<passwordpolicy>
<bsipasswordpolicy>
<pswd>
<maxage>32000</maxage>
<minage>1</minage>
<minlength>8</minlength>
</pswd>
<historysize>6</historysize>
<lockoutthreshold>3</lockoutthreshold>
<lockoutresettimeout>60</lockoutresettimeout>
<characterset>0123456789</characterset>
<choosemin>1</choosemin>
<characterset>abcdefghijklmnopqrstuvwxyz</characterset>
<choosemin>1</choosemin>
<characterset>ABCDEFGHIJKLMNOPQRSTUVWXYZ</characterset>
<choosemin>1</choosemin>
<characterset>!$%&/=?*:.;\,-_+~\\\#@</characterset>
<choosemin>1</choosemin>
</bsipasswordpolicy>
</passwordpolicy>
</security>
</rs>
</configuration>
terminal/alias.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<cmdaliases>
<entry>
<alias>ll</alias>
<command>ls -l</command>
</entry>
</cmdaliases>
</configuration>
55
ui/objectinfo.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<objectinfo>
<ty-pes>net.datenwerke.rs.tsreportarea.client.tsreportarea.dto.
TsDiskReportReferenceDto</types>
<name>Report Information</name>
<url>reportserver/reportexport?key=DOKUBERICHT&format=html&p_
reportId=${reportId}</url>
</objectinfo>
<objectinfo>
<ty-pes>net.datenwerke.rs.tsreportarea.client.tsreportarea.dto.
TsDiskReportReferenceDto</types>
<name>Aenderungshistorie</name>
<url>reportserver/reportexport?key=REVISIONS&format=html&p_
reportId=${reportId}</url>
</objectinfo>
</configuration>
ui/previews.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
<pdf>
<forcelegacy>false</forcelegacy>
</pdf>
</configuration>
ui/urlview.cf
<?xml version=1.0 encoding=UTF-8?>
<configuration>
#todo .. wrong type<adminviews>
<view>
<ty-pes>net.datenwerke.rs.core.client.reportmanager.dto.reports.
ReportDto,xxxnet.datenwerke.rs.core.client.reportmanager.dto.ReportFolderDto</types>
<name>Eine URL</name>
<!--<url>/reportserver/lala/id=${id}&type=${type}</url>-->
<url>http://spiegel.de</url>
</view>
<view>
<types>net.datenwerke.rs.core.client.reportmanager.dto.ReportFolderDto</types>
<name>Eine andere URL</name>
<url>/reportserver/nurFolder/id=${id}&type=${type}</url>
</view>
56
</adminviews>
<objectinfo>
</objectinfo>
</configuration>
57
www.datenwerke.net