3
votes

I am using Jasper report :- TIBCO Jaspersoft Studio-6.2.0.final Jasper server :- JasperReports Server Community Edition (v6.2.0)

I published Report book template Jasper report into Jasper Server. But when I am running report from Jasper Server, I am getting below error

Error Message An error has occurred. Please contact your system administrator. (6632) Error Trace com.jaspersoft.jasperserver.api.JSSecurityException: An error has occurred. Please contact your system administrator. (6632) Arguments: at com.jaspersoft.jasperserver.api.security.validators.Validator.validateSQL(Validator.java:500) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRTimezoneJdbcQueryExecuter.createDatasource(JRTimezoneJdbcQueryExecuter.java:167) at net.sf.jasperreports.engine.fill.JRFillDataset.createQueryDatasource(JRFillDataset.java:1129) at net.sf.jasperreports.engine.fill.JRFillDataset.initDatasource(JRFillDataset.java:696) at net.sf.jasperreports.engine.fill.JRFillDatasetRun.evaluate(JRFillDatasetRun.java:226) at net.sf.jasperreports.engine.fill.JRFillElementDataset.evaluateDatasetRun(JRFillElementDataset.java:238) at net.sf.jasperreports.engine.fill.JRFillCrosstab.evaluate(JRFillCrosstab.java:610) at net.sf.jasperreports.engine.fill.JRFillElementContainer.evaluate(JRFillElementContainer.java:281) at net.sf.jasperreports.engine.fill.JRFillBand.evaluate(JRFillBand.java:504) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillColumnBand(JRVerticalFiller.java:2026) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillDetail(JRVerticalFiller.java:752) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReportStart(JRVerticalFiller.java:259) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReport(JRVerticalFiller.java:119) at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:558) at net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:396) at net.sf.jasperreports.engine.fill.JRFillSubreport.fillSubreport(JRFillSubreport.java:742) at net.sf.jasperreports.engine.fill.JRSubreportRunnable.run(JRSubreportRunnable.java:58) at net.sf.jasperreports.engine.fill.AbstractThreadSubreportRunner.run(AbstractThreadSubreportRunner.java:216) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)

I already updated security.validation.sql.on=false in security-config.properties file.

But still I am getting this error.

How to resolve this issue?

2

2 Answers

3
votes

You might be using some special keywords in your SQL query (such as "with" clause). You may need to edit the jasperserver-pro/WEB-INF/classes/esapi/validation.properties file. And edit the line, Validator.ValidSQL=(?is)^\s*(select|ADD_NEW_CLAUSE_HERE)\s+^;+$.

And restart the server.

Proving the queries you use will be helpful for a more comprehensive answer.

1
votes

for security reasons(!) I personally would recommend (using it is quite insecure as described below!) to

  1. set this to

    Validator.ValidSQL=.*
    

    or even better

    #/jasperserver/WEB-INF/classes/esapi/security-config.properties 
    security.validation.sql.on=false
    

    so there is no validity check actually done. Why? Because the previous (standard regexp) is a quite weak (and immature - as e.g. preventing with ... select ... clauses) check and may suggest that SQL injection would be prevented in a higher degree.

A) if I am NOT concerned about security/SQL injection in my environment or the cost-value-factor is inefficient (take non-IT budget-responsible people into the boat to decide here!), I would leave it like this for now

B) if I am concerned about security/SQL injection in my environment, I would recommend to