Changing BIRT viewer to use POST instead of GET request to pass parameters through encrypted SSL
Options
<p>Similar to this theme:</p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=475144'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=475144</a></p>
<p> </p>
<p>Is there a way to pass all parameters through the BIRT viewer (say 3.7 or 4.4.2) as a POST request instead of GET?</p>
<p> </p>
<p>This way, the parameters can be encrypted through SSL as POST, vs unencrypted in the URL of a GET request.</p>
<p>
Security is the concern.</p>
<p> </p>
<p>-David</p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=475144'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=475144</a></p>
<p> </p>
<p>Is there a way to pass all parameters through the BIRT viewer (say 3.7 or 4.4.2) as a POST request instead of GET?</p>
<p> </p>
<p>This way, the parameters can be encrypted through SSL as POST, vs unencrypted in the URL of a GET request.</p>
<p>
Security is the concern.</p>
<p> </p>
<p>-David</p>
0
Comments
-
<p>Yes, you can pass parameters via POST.</p>
<p> </p>
<p>Here is an example with the out of the box example report, test.rptdesign, using the /frameset servlet.</p>
<p> </p>
<p>Via GET</p>
<pre class="_prettyXprint">
http://localhost:8080/birt/frameset?__report=test.rptdesign&sample=Hello+GET</pre>
<p>Via POST</p>
<pre class="_prettyXprint">
<HTML>
<BODY>
<SCRIPT>
function post(path, params, method) {
method = method || "post"; // Set method to post by default if not specified.
debugger;
// The rest of this code assumes you are not using a library.
// It can be made less wordy if you use one.
var form = document.createElement("form");
form.setAttribute("method", method);
form.setAttribute("action", path);
for(var key in params) {
if(params.hasOwnProperty(key)) {
var hiddenField = document.createElement("input");
hiddenField.setAttribute("type", "hidden");
hiddenField.setAttribute("name", key);
hiddenField.setAttribute("value", params[key]);
form.appendChild(hiddenField);
}
}
document.body.appendChild(form);
form.submit();
}
post('http://localhost:8080/birt/frameset?__report=test.rptdesign', {sample: 'Hello POST'});
</SCRIPT>
</BODY>
</HTML></pre>
<p>
</p>Warning No formatter is installed for the format ipb1 -
<p>Thank you, that was helpful.</p>
<p> </p>
<p>One motivation for this is that the Print capability of the BIRT server runtime viewer passes parameters with a GET request, and it would be nice to see it as a POST so the parameters can be protected by the SSL connection (at least what I can see in 3.7 and 4.4.2 runtimes).</p>
0 -
<div>Is there any way to hide (not expose) the parameter after clicking the print function?</div>
<div>Rather than print, others can work as well for POST method with hidden parameters. The goal is to pass credentials, but to do it via a POST, and not to have it be part of the request.</div>
0 -
<p>Sorry, I was having a conversation with a colleague and wanted to make sure I clarified the situation we're trying to understand, please bear with me:<br><br>
We put these credential parameters in the body of the POST, but the "print" function is different than the other buttons, it creates a new tab and turns to use "GET", that is out of our control, and thus the parameters (that in this case have credentials) are appearing which we wish to hide.<br><br>
Other buttons of BIRT viewer do not need to open a new tab automatically, so the "POST" works as well.</p>
<p> </p>
<p>Is it possible to indicate this as a defect with BIRT runtime? It really should use a POST request like the other buttons to keep all parameters being passed securely.</p>
0 -
<p>The BIRT Viewer included with OS BIRT is an sample / example application.</p>
<p> </p>
<p><a data-ipb='nomediaparse' href='http://developer.actuate.com/deployment-center/deployment-guides/'>http://developer.actuate.com/deployment-center/deployment-guides/</a></p>
<p> </p>
<p style="margin-left:40px;"><em>The BIRT Runtime download includes the BIRT Engine, a BIRT Sample Viewer WAR file, and an exploded version of the Sample Viewer WAR. The BIRT Engine is a set of Java APIs that can be used to integrate BIRT’s powerful capabilities into your application. The Sample Viewer is a deployable WAR file that can be used to run and view BIRT designs via URL in a browser. The viewer also includes a tag library that can be used to embed the viewer or parameter page into JSP pages. This product guide will discuss everything from deploying the Sample Viewer to Tomcat to programming with the Engine APIs.</em></p>
<p> </p>
<p><a data-ipb='nomediaparse' href='http://www.eclipse.org/birt/documentation/integrating/viewer-usage.php'>http://www.eclipse.org/birt/documentation/integrating/viewer-usage.php</a></p>
<p> </p>
<p style="margin-left:40px;"><em>The Example Viewer can ...</em></p>
<p style="margin-left:40px;"><em>The Example Viewer also ..</em>.</p>
<p> </p>
<p>It's Open Source and can be modified. The Viewer code is available from GitHub ( I recently posted how to build the BIRT Project (@ <a data-ipb='nomediaparse' href='http://developer.actuate.com/community/forum/index.php?/topic/38966-modifying-birt-engine/?p=142684).'>http://developer.actuate.com/community/forum/index.php?/topic/38966-modifying-birt-engine/?p=142684).</a></p>
<p> </p>
<p>You may also log an enhancement in Bugzilla (@ <a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT).'>https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT).</a></p>
Warning No formatter is installed for the format ipb0 -
<p>Hi guys,</p>
<p> </p>
<p>this topic is very usefull for me, because I have to change my reports. Still today I have passed the parameters in the URl String. This works perfect, but now I have a lot of data and the report breaks because the length of the URl is > 2 kb.</p>
<p> </p>
<p>Now I will try to do this via post method. What I have to do, if I need multiple parameter. Could you help me please.</p>
<p> </p>
<p>I will try with 3 parameters:</p>
<p>MaList = String</p>
<p>DatVon = Date</p>
<p>Data = Integer</p>
<p> </p>
<p>Question 1:</p>
<p>How should the link look like, if will use the 3 parameters above.</p>
<pre class="_prettyXprint">
post('http://localhost:8080/birt/frameset?__report=test.rptdesign', {MaList: 'Hello POST'}); ?</pre>
<p>Question 2:</p>
<p>Where should I put the html section into the report? Should I use a text element at the beginning of the report? Or on the masterpage? Or could I use Script on initialize?</p>
<p> </p>
<p>Could you give me an example on some BIRT test report? I didn´t have any experience in html post method. Maybe you have also some other ideas, how I could send data values, they are > then 2kb. I use Version 3.7.2.</p>
<p> </p>
<p> </p>
<p>Thank you for your help and your efforts</p>
<p> </p>
<p>best regards</p>Warning No formatter is installed for the format ipb0 -
<p>For question #1, it's JSON so it should look like:</p>
<pre class="_prettyXprint _lang-">
post('http://localhost:8080/birt/frameset?__report=test.rptdesign', {MaList: 'Hello POST', DatVon: '2016-01-01', Data: 12345 });
</pre>
<p>For question #2, the HTML isn't part of the report itself. The OP wanted to run the report from a separate HTML page. If you want it as part of the report, I suppose you can use a HTML report item at the top most item and use the <SCRIPT>...</SCRIPT> part of the code, but you may want to use a button or a link to trigger the Javascript.</p>
Warning No formatter is installed for the format ipb0
Categories
- All Categories
- 109 Developer Announcements
- 49 Articles
- 100 General Questions
- 122 IM Services
- 40 OpenText Hackathon
- 31 Developer Tools
- 20.6K Analytics
- 4.1K AppWorks
- 8.9K Extended ECM
- 897 Cloud Fax and Notifications
- 77 Digital Asset Management
- 9.3K Documentum
- 29 eDOCS
- 121 Exstream
- 39.8K TeamSite
- 1.7K Web Experience Management
