Friday, May 31, 2013

JasperReports in a Box - Part I

JasperReports is one of the most successful (open-source) reporting engines out there. It is easily integrated into a java project and comes with a powerful report designer that has made the library very popular not just in the open-source community.

A troubling bug (feature?) of JasperReports is that it allows to inject arbitrary java (or groovy) code that, during report exeuction, will be executed with the same privileges as the surrounding application; see, for example, this blog post from 2007!

In this post we are going to explore how we can use the java-sandbox library to securely execute JasperReports.

Der Power User

Ich erinnere mich, dass man vor fünfundzwanzig Jahren der Annahme war, das in Zukunft alle Manager oder mindestens die, die mit Zahlen umgehen müssten, SQL können würden. Das war um 1990. Diese Vorhersage ist lange überholt, selten dass ein Führungskraft noch weiß, was die Abkürzung SQL bedeutet. Die Idee war, dass der SQL Select eine einfache Abfragesprache darstellt,  die jeder wenigstens ein bisschen beherrschen können würde.
Leider waren dann da noch die Operationen Oder und Join und außerdem sollte man sich ja auch nicht vertippen ... und schon waren die allermeisten KollegInnen nicht frustrationsresistent genug und verloren den Glauben daran, dass es ihrer Karriere förderlich wäre SQL zu können.


We have released the java-sandbox, a library for securely executing user generated code. Have a look at

Calling Reports via the URL - Drill Downs

This post is part of the Tutorial Series on ReportServer.

In this post we have a look at how ReportServer exposes reports via the URL and how this can be used to implement drilling.

Friday, May 17, 2013

Installation and basic configuration

ReportServer is a web-based application incorporating the Java Servlet technology. The application is executed inside an application server and stores its persistent data in a relational database using the hibernate library. All common operating systems are supported.

ReportServer can be downloaded as a zip-file for all platforms, or as a windows installer, bundled with tomcat and the postgresql database. The installer package is primarily intended for quick setup in an evaluation environment - for a production install we highly recommend to install the application from the zip package.

Installation und Basiskonfiguration

ReportServer ist eine webbasierte Anwendung auf Grundlage der Java Servlet Technologie. Die Anwendung läuft innerhalb eines Application Servers und speichert persistente Daten unter Verwendung der Hibernate Bibliothek in einer relationalen Datenbank. Alle gängigen Bertriebssysteme werden unterstützt.

ReportServer steht als ZIP-Archiv und als Windows Installer Paket auf sourceforge zum Download bereit.

Saturday, May 11, 2013

Eclipse Birt with ReportServer - The Basics

This post is part of the Tutorial Series on ReportServer.

In this post we show you how to integrate reports generated with Eclipse Birt in ReportServer. We will create a simple report accessing ReportServer's demo content that we set up in a previous post. We then show how to upload the report to ReportServer and execute it from there.

Friday, May 10, 2013

JasperReports with ReportServer - The Basics

This post is part of the Tutorial Series on ReportServer.

In this post we show you how to integrate reports generated with JasperReports in ReportServer. We will create a simple report accessing the demo content that we set up last time. We then show how to upload this report to ReportServer and execute it from there.

Tuesday, May 7, 2013

Loading and Accessing the Demo Content

This post is part of the Tutorial Series on ReportServer.

In this post we set the basis for many of the upcoming tutorials. We will show you how to load the democontent into ReportServer's internal database so that we can later base our reporting tutorial on some data. We assume that you have ReportServer up and running which should be the case after following the quick install guide.

A Tutorial Marathon for ReportServer

ReportServer 2.0 is out. Now it is time to spread the word that a new and free reporting plattform is around to revolutionize the way we think about reporting. With ReportServer, reporting becomes a dynamic field, where it becomes easy for end users to get the data they need, when they need it.

Regrettably, the documentation we have is currently mostly in German and does, furthermore, not cover the very advanced topics of such as extending ReportServer via scripts. Thus, while working hard on generating a complete documentation (in English), we have decided to start pushing out easy and self-contained tutorials to get you started. Moreover, for specific questions you can always use our forum. Our plan with the tutorials is to touch on many different topics to give a glance into the verstatile world of reporting with ReportServer. We plan to publish a tutorial about every fortnight starting with a series on using reports generated with JasperReports in ReportServer. Any new tutorial will be published on this site, so be sure to come back.

Available Tutorials 

Sunday, May 5, 2013

ReportServer 2.0

After more than a year of intensive development we have completed ReportServer 2.0 and made it available for download on Sourceforge.
With a completely redesigned interface, many new features and more than 100 detail improvements, Report Server 2.0 further improves the ease and efficiency of your everyday reporting.


With the new Dashboard, users can easily build their own starting page that contains all the important data on a single glance. With the help of dagets (dashboard gadgets) you can add reports, quick links, webpages and other data onto your dashboard. You even generate multiple dashboards and switch between them with a single click.

Preview of Graphic Reports

The preview of Eclipse Birt and Jasper reports has been completely rewritten. It now shows the entire report exactly as it will appear on print and all this without any browser plugin necessary.

The Sandbox

Did you know that many reporting engines (e.g., JasperReports and Eclipse Birt) compile the layout into executable code? Did you know that its a piece of cake to hide malicious code in a report which is then executed at report generation?
The new ReportServer Sandbox allows you to specify a restricted environment for the execution of third party reports and user generated code. As we feel this is something that many projects could benefit from, we plan to fork it and release it as an independent project. We will keep you posted.

Extending ReportServer

The needs and requirements of a reporting platform can be very specific and vary greatly between different companies. With ReportServer we have created a framework for reporting that allows to be customized to your company's needs. With plugging into so called "Hooks" you can adapt extend not only the GUI but also tap into the inner workings of ReportServer to, for example, implement new features. 

SFTP Server

ReportServer stores its metadata in a database backend. Until now this meant that access to objects such as config files, scripts or report configurations was only possible via the web interface. Now we have added a second mechanism of accessing such data. ReportServer can be asked to start an integrated SFTP server that provides access to many of the objects within ReportServer via a virtual filesystem. This especially simplifies the work flow for report designers that can now easily upload and download design files (such as JRXML files for Jasper) via the SFTP server.

and many more enhancements:

  • better support for Eclipse Birt reports
  • secure your emails using S/Mime
  • better search functions
  • new parameters
  • improved logging of system events
  • ...