Adsense Ad

Thursday, 23 November 2017

Hide username and password while calling oracle Reports. USING CGICMD.DAT file

If you have not configured reports with Oracle Single Sign-on, Oracle report server explicitly requires username and password when report is called using Web.Show_document(). Username and password is required in report calling URL, for example following method calls a reports using Web.Show_Documnet().
Web.Show_Document('http://domainname.com:8090/reports/rwservlet?userid=username/password@db& server=ReportsServer_1&desformat=PDF&destype=cache&report=report.rdf&paramform=yes','_blank');
In above call username and password are visible in URL, causing security problem. Oracle has provieded serveral methods to resolve this problem, one of these solution is to define keymapping in CGICMD.DAT file. In Reports services 11g this file is located at following location
$DOMAIN_HOME/servers/WLS_REPORTS/stage/reports/reports/configuration/cgicmd.dat
In Oracle Reports services 10g this file can be located in reportsconfdirectory.
To define a key mapping, append follwing line at the end of the file
userlogin: userid=username/password@db %*
Restart reports server/Managed server, now you can call your report using following URL
Web.Show_Document('http://domainname.com:8090/reports/rwservlet?userlogin&server=ReportsServer_1&desformat=PDF&destype=cache&report=report.rdf&paramform=yes','_blank');
You can define key mapping for as many parameter as you need using following syntax,
userlogin: userid=username/password@db server=ReportsServer_1 desformat=PDF destype=cache %*
If reports have been configured with SSO, simply pass ssoconn=configparameter in reports calling URL, here config is the Resource Access Descriptor defined in OID. This parameter will automatically get login information from Oracle Internet Directory.

No comments: