I am using Jasper report :- TIBCO Jaspersoft Studio-6.2.0.final Jasper server :- JasperReports Server Community Edition (v6.2.0)
I published Report book template Jasper report into Jasper Server. But when I am running report from Jasper Server, I am getting below error
Error Message An error has occurred. Please contact your system administrator. (6632) Error Trace com.jaspersoft.jasperserver.api.JSSecurityException: An error has occurred. Please contact your system administrator. (6632) Arguments: at com.jaspersoft.jasperserver.api.security.validators.Validator.validateSQL(Validator.java:500) at com.jaspersoft.jasperserver.api.engine.jasperreports.util.JRTimezoneJdbcQueryExecuter.createDatasource(JRTimezoneJdbcQueryExecuter.java:167) at net.sf.jasperreports.engine.fill.JRFillDataset.createQueryDatasource(JRFillDataset.java:1129) at net.sf.jasperreports.engine.fill.JRFillDataset.initDatasource(JRFillDataset.java:696) at net.sf.jasperreports.engine.fill.JRFillDatasetRun.evaluate(JRFillDatasetRun.java:226) at net.sf.jasperreports.engine.fill.JRFillElementDataset.evaluateDatasetRun(JRFillElementDataset.java:238) at net.sf.jasperreports.engine.fill.JRFillCrosstab.evaluate(JRFillCrosstab.java:610) at net.sf.jasperreports.engine.fill.JRFillElementContainer.evaluate(JRFillElementContainer.java:281) at net.sf.jasperreports.engine.fill.JRFillBand.evaluate(JRFillBand.java:504) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillColumnBand(JRVerticalFiller.java:2026) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillDetail(JRVerticalFiller.java:752) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReportStart(JRVerticalFiller.java:259) at net.sf.jasperreports.engine.fill.JRVerticalFiller.fillReport(JRVerticalFiller.java:119) at net.sf.jasperreports.engine.fill.JRBaseFiller.fill(JRBaseFiller.java:558) at net.sf.jasperreports.engine.fill.BaseReportFiller.fill(BaseReportFiller.java:396) at net.sf.jasperreports.engine.fill.JRFillSubreport.fillSubreport(JRFillSubreport.java:742) at net.sf.jasperreports.engine.fill.JRSubreportRunnable.run(JRSubreportRunnable.java:58) at net.sf.jasperreports.engine.fill.AbstractThreadSubreportRunner.run(AbstractThreadSubreportRunner.java:216) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
I already updated security.validation.sql.on=false in security-config.properties file.
But still I am getting this error.
How to resolve this issue?
You might be using some special keywords in your SQL query (such as "with" clause). You may need to edit the jasperserver-pro/WEB-INF/classes/esapi/validation.properties file. And edit the line, Validator.ValidSQL=(?is)^\s*(select|ADD_NEW_CLAUSE_HERE)\s+^;+$.
And restart the server.
Proving the queries you use will be helpful for a more comprehensive answer.
for security reasons(!) I personally would recommend (using it is quite insecure as described below!) to
set this to
Validator.ValidSQL=.*or even better
#/jasperserver/WEB-INF/classes/esapi/security-config.properties security.validation.sql.on=falseso there is no validity check actually done. Why? Because the previous (standard regexp) is a quite weak (and immature - as e.g. preventing
with ... select ...clauses) check and may suggest that SQL injection would be prevented in a higher degree.
A) if I am NOT concerned about security/SQL injection in my environment or the cost-value-factor is inefficient (take non-IT budget-responsible people into the boat to decide here!), I would leave it like this for now
B) if I am concerned about security/SQL injection in my environment, I would recommend to
- read articles about SQL injection and how to prevent it robustly and continually on many necessary levels (e.g. also db user rights) updated for my target databases/ORM frameworks, e.g.
- search for better regexp clauses (if existent)? => seems an improper/week method to me only suitable for "little PHP shop style apps"
来源:https://stackoverflow.com/questions/34430291/an-error-has-occurred-please-contact-your-system-administrator-6632-error-in