Merge pull request #114 from daust/b2.9.0

B2.9.0

README.md

@@ -164,13 +164,18 @@ You can find the instructions [here](src/doc/github/integration-usage.md).
 #                                   - application.reportsPath
 #                                   "name" in jdbc connection definition
 #                                     no longer required
+# 2.9.0     D. Aust   03.06.2022  #94 Suppressing debug information 
+#                                   - application.printDebugToScreen          
+#                                 #109 Ip Addresses Allowed
+#                                   - ipAddressesAllowed available for 
+#                                       each data source                  
 #====================================================================
 
 #====================================================================
 # Application properties (global)
 #====================================================================
 [application]
-configFileVersion=2.8.0
+configFileVersion=2.9.0
 
 # set the jndiPrefix, this is different for different
 # containers, e.g. 
@@ -197,6 +202,14 @@ infoPageIsEnabled=true
 #      file
 reportsPath=
 
+# To enable detailed request error messages, set printDebugToScreen=true
+# When this setting enabled, any request that produces an error response includes a detailed message, 
+# including a stack trace. 
+# This setting must not be enabled on productions systems due to the risk of sensitive information being 
+# revealed to an attacker.
+# The default value is false
+#printDebugToScreen=true
+
 #====================================================================
 # JDBC datasource configuration
 # http://www.orafaq.com/wiki/JDBC#Thin_driver
@@ -207,6 +220,10 @@ type=jdbc
 url=jdbc:oracle:thin:@127.0.0.1:1521:XE
 username=my_oracle_user
 password=my_oracle_user_pwd
+# this parameter is limiting access to the integration for the 
+# specified list of ip addresses, e.g.: 
+# ipAddressesAllowed=127.0.0.1,10.10.10.10,192.168.178.31
+# if the list is empty, ALL addresses are allowed
 
 #====================================================================
 # Native JNDI datasource, to be configured in the application server
@@ -215,6 +232,10 @@ password=my_oracle_user_pwd
 #[datasource:jndi_test]
 #type=jndi
 #name=jndi_test
+# this parameter is limiting access to the integration for the 
+# specified list of ip addresses, e.g.: 
+# ipAddressesAllowed=127.0.0.1,10.10.10.10,192.168.178.31
+# if the list is empty, ALL addresses are allowed
 
 #====================================================================
 # JDBC datasource configuration
@@ -226,6 +247,10 @@ password=my_oracle_user_pwd
 #url=jdbc:oracle:thin:@127.0.0.1:1521:XE
 #username=my_oracle_user
 #password=my_oracle_user_pwd
+# this parameter is limiting access to the integration for the 
+# specified list of ip addresses, e.g.: 
+# ipAddressesAllowed=127.0.0.1,10.10.10.10,192.168.178.31
+# if the list is empty, ALL addresses are allowed
 
 #====================================================================
 # Direct printing
@@ -268,8 +293,10 @@ Thus, over time some security features were implemented and more will follow in
 Currently, you can use the following features for improved security: 
 * The info page of the J2EE application shows lots of important information like version information and current configuration values. For production environments this can quickly become a security issue. You can turn off the info page by specifying the parameter ``infoPageIsEnabled=true`` in the ``application.properties`` file, see details [here](#configuration.jasperreports_properties).
 * Restrict access based on IP address: You typically want to restrict access to the JasperReportsIntegration J2EE application. Only the database server should be allowed to call it. You can can restrict access to certain ip addresses by specifying the parameter ``ipAddressesAllowed=...`` in the ``application.properties`` file, see details [here](#configuration.jasperreports_properties).
+* The parameter ``ipAddressesAllowed`` is also available for each data source (since 2.9.0).
 * You should encrypt the passwords in the configuration file ``application.properties``. You can do this using the command line script ``bin\encryptPasswords.cmd`` or ``bin/encryptPasswords.sh`` respectively. 
 * You should delete the directory ``reports/demo`` because it contains sample reports, particulary one that works on the user objects installed in the schema. 
+* Since 2.9.0, all error messages will be suppressed. For development systems you need to enable the error messages by specifying the parameter ``printDebugToScree=true`` in the ``application.properties`` file, see details [here](#configuration.jasperreports_properties).
 
 ## Accessing JasperReportsIntegration through SSL
 
@@ -416,7 +443,23 @@ The configuration file for logging is ``conf/log4j2.xml``.
     <pre>&lt;Logger name="de.oc" level="<b>debug</b>" additivity="false" \&gt;</pre>
 * You can restart the application server, but you don't have it. It should pick up the change after 30 seconds automatically without restarting. 
 * Then you can find the log entries in the file ``logs/JasperReportsIntegration.log``.
-
+
+## Error Messages in the Browser
+
+Since 2.9.0, all error messages will be suppressed. For development systems you need to enable the error messages by specifying the parameter ``printDebugToScree=true`` in the ``application.properties`` file, see details [here](#configuration.jasperreports_properties).
+
+## Direct Printing
+
+In order to use direct printing, two things have to happen: 
+- You need to specify the parameter ``isEnabled=true`` in the section ``[directPrinting]`` of the configuration file ``application.properties``, see details [here](#configuration.jasperreports_properties).
+- You need to pass the parameter ``p_print_is_enabled`` in the request for the report.
+
+If you specify it in the request for the report but it is *not* enabled in the configuration file on the server, an exception will be raised. 
+
+## Encrypting and Password-Protecting PDF Files
+
+Starting 2.9.0 you can encrypt and password-protect your generated pdf files, for details see [the section on integration and usage](src/doc/github/integration-usage.md).
+
 ## Known Issues
 
 * When using "headless" Linux servers (https://www.howtogeek.com/660841/what-is-a-headless-server/, ), you might encounter error messages regarding awt like the following: ``"java.lang.NoClassDefFoundError: Could not initialize class sun.awt.X11GraphicsEnvironment"``.  

ReadMe-Dietmar.txt

@@ -5,15 +5,15 @@
 *) Development
 
 - APEX:
-	- http://vm1/ords
-	- Workspace: JRI_TEST, User: Dietmar.Aust
+	- http://win11/ords
+	- Workspace: DEMO, User: dietmar.aust
 	- APEX Application: Jasper Reports Integration Test (v2.6.2)
 
 - Datenbank-Schema: 
-	- Server: vm1
+	- Server: win11
 	- Port: 1521
-	- SID: XE
-	- User: JRI_TEST	
+	- SID: orclpdb
+	- User: DEMO
 
 - Patch/<versionsnummer>/_install.sql
 	- Hier jeden Installationsschritt für ein Upgrade dokumentieren
@@ -47,6 +47,10 @@ cp /usr/local/Cellar/groovy/2.4.7/libexec/lib/ivy-2.4.0.jar /usr/local/Cellar/an
 
 	- => thus at this time (3.09.2020) this would be Java 8 with a Premier Support Until date until March 2022.
 
+*) New Direction 24.08.2022
+- Supporting the official LTS releases: https://www.oracle.com/java/technologies/java-se-support-roadmap.html
+- => Primarily JDK 17
+
 *) Which Oracle JDBC libraries should we use?
 
 - We use the latest Oracle JDBC libraries which are still supported by the chosen Java JDK / Runtime. 

build.gradle

@@ -22,6 +22,7 @@
   31.01.2022  D. Aust   #93: Upgrading log4j 1.x to log4j 2.x (2.17.1)
   01.02.2022  D. Aust   #70: Upgrade Oracle JDBC libraries 
   08.02.2022  D. Aust   #82: Unable to start JRI with tomcat 10 - buildWarTomcat10 task created
+  02.06.2022  D. Aust   #102: Upgrade libraries to JasperReports 6.19.1
 
  */
 
@@ -48,15 +49,15 @@ import org.gradle.internal.os.OperatingSystem
 //-----------------------------------------------------------------------------
 
   project.description       = "JasperReportsIntegration - more details here: https://github.com/daust/JasperReportsIntegration"
-  project.version           = '2.8.1'
+  project.version           = '2.9.0'
 
   sourceCompatibility       = 1.8
   targetCompatibility       = 1.8
 
   archivesBaseName          = "jri"
 
   // version of jasperreports to be used
-  def jasperreportsVersion  ='6.18.1'  
+  def jasperreportsVersion  ='6.19.1'  
 
   // Download Oracle JDBC drivers, must be the full version:
   // https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19c-downloads.html
@@ -114,6 +115,10 @@ dependencies {
     //implementation("com.oracle.database.ha:ons")
     implementation("com.oracle.database.ha:simplefan")
 
+    // encrypting PDF files: https://github.com/daust/JasperReportsIntegration/issues/101
+    // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on
+    implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70'
+
     // https://mvnrepository.com/artifact/xalan/serializer
     // see bug: #55 - Barcodes produce classnotfounderror
     compile group: 'xalan', name: 'serializer', version: '2.7.1'
@@ -132,6 +137,8 @@ dependencies {
     compile fileTree(dir: "lib/jasper-reports/$jasperreportsVersion", include: ['*.jar'])
     // dependencies from oracle jdbc
     compile fileTree(dir: "lib/additional-war-libraries", include: ['*'])
+
+
 }
 
 gretty {
@@ -453,6 +460,7 @@ task jriDownloadJasperLibraries{
   }
 }   
 
+
 /* build a new war file that will work on Tomcat10 */
 task buildWarTomcat10{
   description = "build a new war file that will work on Tomcat10"

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.6.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists