JReport Enterprise Server supports two types of security mechanism. One is the default applied security of setting permissions for users, groups and roles. The other is role based security in which permissions are defined on roles only, and users and groups are mapped to roles.
The JReport Enterprise Server security system is implemented based on a whole set of security APIs, with which you can customize your own implementation. JReport Enterprise Server also provides two sets of implementations for you to directly adopt. One is an implementation based on a database that makes the built-in security system. The other is an LDAP implementation to be used when JReport Enterprise Server can directly access an LDAP server.
Accessing data by direct API implementation may result in many time-consuming IO operations. As a result, the performance of the server security system may be lowered. In order to promote performance, a cache system is added between the security service and the security API. The cache system is used to store security objects including users, groups, roles and ACLs for the security system.
The following is a diagram of the JReport Enterprise Server security system structure:
Go through the following topics for details about the server security system: