Clarity

We are upgrading from CA PPM 14.2 to 15.1 (Patch 2).  This obviously means we have to upgrade Jaspersoft from 5.x to 6.2.  All of our custom reports that do not utilize the DWH are working fine, however the OOTB reports (that we've customized to add our own custom attributes/input controls to) are not working.  Has anyone had any experience with this upgrade and run into the same problems?  

One thing we did have to do was change the organization name (Jaspersoft 6.2 does not allow capital letters), but I find it hard to believe that's the issue if our own custom reports are working.  

Anyone out there have any ideas?

Hi Peter,

We don't recommend upgrading jaspersoft but install Jaspersoft 6.2 in parallel and then move the content from old jaspersoft server to new Jaspersoft server.

Regards

Suman Pramanik  

Yes, I've confirmed with my team that what you've mentioned is what we've done... I'm told that the issues may stem from the fact that we had to change the organization name, but can't pinpoint what's causing an issue only with DWH reports and not custom reports.

If you have changed the organization then you can run the few jaspersoft commands 

admin update jasperParameters

admin jaspersoft syncPPMContext -userName superuser -password superuser

More details on the page List of Jaspersoft Commands in accordance with CA PPM Version 

Regards

Suman Pramanik 

Yep, we've done that too.

It seems it has something to do with security config file changes.  Not sure anyone has experienced this before?

The only security is keystore and I am sure you would have generated the same. 

This seemed to solve our problem, finally:

webapps/jasperserver/WEB-INF/classes/esapi/security-config.properties

changing  security.validation.sql.on=false

I am sorry turning off the security exposes system to vulnerabilities and never a suggested solution. I would request you to raise a ticket and we can work to get this resolved.

The security information can be more found

Jaspersoft Security Changes and Configuration | Jaspersoft Community 

The resolution came from our ticket with CA Support!

Hi Peter,

I am checking with the team internally and will get back to you on this. 

Regards

Suman Pramanik 

Hi Peter,

There are some details on this page:

http://community.jaspersoft.com/wiki/jaspersoft-security-changes-and-configuration

In short, we have 2 options.

The first is to tweak the file as mentioned. This may make Jaspersoft vulnerable to SQL Injection and Cross Site Scripting.

The other would be to modify the report queries that violate these rules.

For example, removing tags, brackets <>, etc...

Please see the notes on the page about parameter names and values.

Thanks,

Shawn

Shawn - I'm fine with option A, only in the interest of time.  The reports causing us problems are the OOTB reports that we've added parameters to (and in some cases, an attribute or two to the output).  Would it be the OOTB SQL causing the issues, or only the SQL that we added to the reports?

Actually, my preference would be that we use Option A until we can look at each report and remove the necessary tags, and then switch the security setting back.  This solution would not delay our upgrade, and allow us to eventually return to the recommended state.

Hi Peter,

I don't think we have an issue with OOTB, its the customization which is causing the issue.

Thanks Shawn_Walsh for clarifying it

Regards

Suman Pramanik