Jasper-Reports-Publisher/docs/components/security/index.rst

91 lines
2.1 KiB
ReStructuredText

.. This is a comment. Note how any initial comments are moved by
transforms to after the document title, subtitle, and docinfo.
.. demo.rst from: http://docutils.sourceforge.net/docs/user/rst/demo.txt
.. |EXAMPLE| image:: static/yi_jing_01_chien.jpg
:width: 1em
**********************
Security Monitor
**********************
.. contents:: Table of Contents
Overview
==================
Click the Security tab to open the Security Checks page.
.. image:: _static/security-tab.png
This will open the screen below.
.. image:: _static/security-panel.png
Checks
================
The security page evaluates five checks and provides fixes if check fails.
* Firewalld status
* InfoPage status
* Demo directory status
* Password encryption status
* ipAddressesAllowed status
Fixing Security Issues
======================
Whether or not you elect to fix an issue is up to you.
To fix a security issue, simply click the "Fix Now" button as shown.
.. image:: _static/fix.png
Firewalld
======================
It's important to limit the IPs that have access to your JRI instance to the database(s) being served.
InfoPage
======================
The info page shows important information and should be disabled.
Clicking the Fix Now button will disable the page in your application.properties file.
Demo Directory
======================
The demo directory should be deleted in production environments.
Password Encryption
======================
Clicking the button will encrypt all un-encrypted passwords in your application.properties file.
Whenever a new password is added via a Data Source, you can encrypt via this location.
.. note::
You may see an error displayed: ERROR StatusLogger No log4j2 configuration file found. Using default configuration...
The error is due to configuration and does not effect encryption.
ipAddressesAllowed
======================
Restrict access to JRI based on IP address
.. note::
Each time a Data Source password is added via the Data Source tab, you will see the status for password encryption change.
Please see https://github.com/daust/JasperReportsIntegration#security for additional information.