error 6632 jasperserver

Question

We are using iReport 5 and JasperReports Server 5. W have a report based on a MySQL Stored procedure that runs fine in the Designer, but throws a 6632 error running from the server.

The stored procedure accepts 3 parameters, I have set the parameters up as Input Controls on the server. When we run the report from the server, we get the following error:

2013-04-16 22:20:00,968 ERROR Validator,pool-1-thread-9:493 - Invalid SQL:An error has occurred. 
Please contact your system administrator. (6632), SQL: call sp_fasb(?, ?, ?)
2013-04-16 22:20:00,968 ERROR AsyncJasperPrintAccessor,pool-1-thread-9:258 - Error during report execution
com.jaspersoft.jasperserver.api.JSSecurityException: An error has occurred. Please contact your system administrator. (6632)
at com.jaspersoft.jasperserver.api.security.validators.Validator.validateSQL(Validator.java:494)
at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRTimezoneJdbcQueryExecuter.createDatasource(JRTimezoneJdbcQueryExecuter.java:167)
at net.sf.jasperreports.engine.fill.JRFillDataset.createQueryDatasource(JRFillDataset.java:1086)
at net.sf.jasperreports.engine.fill.JRFillDataset.initDatasource(JRFillDataset.java:667)
at net.sf.jasperreports.engine.fill.JRBaseFiller.setParameters(JRBaseFiller.java:1258)
at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:877)
at net.sf.jasperreports.engine.fill.BaseFillHandle$ReportFiller.run(BaseFillHandle.java:120)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$SynchronousExecutor.execute(EngineServiceImpl.java:859)
at net.sf.jasperreports.engine.fill.BaseFillHandle.startFill(BaseFillHandle.java:165)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$AsynchronousReportFiller.fillReport(EngineServiceImpl.java:821)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl.fillReport(EngineServiceImpl.java:1622)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$ReportFill.runReport(EngineServiceImpl.java:1005)
at com.jaspersoft.jasperserver.api.engine.jasperreports.service.impl.EngineServiceImpl$ReportRunnable.run(EngineServiceImpl.java:881)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)

In previous versions, this was reported as needing a regular expression for the SQL Validation property, or needing to lengthen the size of the number of characters in the underlying query, both of which we have attempted without success.

Sharad Sharad · Accepted Answer · 2013-04-16T09:26:40

This error is related to SQL Injection secuirty related fix in 4.5

Please check that the report you are running does not contain the SQL query which has comments in start of query. As of 4.5, such queries will not be allowed , as they pose SQL Injection security risk.
can u please add exact error log from the "jasperserver.log" to get the exact error message. Then we will be able to provide you the correct workaround by configuring the secuirty related properties file
As easy workaround, you can also go to /jasperserver-pro/WEB-INF/classes/esapi/security-config.properties file and then disable the secuirty for SQL Injection:-
```
  security.validation.sql.on=true 
```
to
```
  security.validation.sql.on=false
```

error 6632 jasperserver

2 Answers