PK
Vd?oa, mimetypeapplication/epub+zipPK Vd? iTunesMetadata.plist{
This section introduces security features and concepts in Oracle Reports. It also describes the new security features introduced in Oracle Reports 11g Release 1 (11.1.1).
This section discusses the following topics:
Oracle Reports 11g Release 1 (11.1.1) uses a standards-based Java EE security model through Oracle Platform Security Services. This provides a flexible, simple to administer security mechanism. It can be used with standalone Oracle Reports install or any Forms-Reports combination. The policy store and the identity store used for authentication and authorization can be standard JAZN-XML based or any LDAP server, including Oracle Internet Directory through JAZN-LDAP, providing flexibility.
Note: JAZN-XML is an XML file which is configured by the user to use as an id store and/or policy store. |
Oracle Reports 11g Release 1 (11.1.1) accomplishes authentication through Single Sign-On, Oracle Internet Directory, Embedded ID Store, and JAZN-XML File-based ID Store. For authorization, Oracle Reports 11g Release 1 (11.1.1) supports Oracle Internet Directory, File-based, and Portal-based methods. In prior releases, Reports Server authentication was restricted to use only Oracle Internet Directory. If you want to revert to the security mechanism of prior releases, you can do so in Oracle Enterprise Manager, as described in Section 7.8.1.1, "Switching to Oracle Portal Security". If you want to use OracleAS Single Sign-On without implementing data source security or Oracle Portal, refer to Chapter 17, "Configuring and Administering OracleAS Single Sign-On".
Alternatively, you might have your own application for launching reports with its own login mechanism and user/group repository, or have your own mechanism for protecting data sources (for example, you might choose to use a different LDAP server to store user and group information). In this case, Oracle Reports Services provides interfaces that allow you to integrate it with these non-Oracle components, as described in Section 15.14, "Security Interfaces".
Oracle Reports 11g Release 1 (11.1.1) uses Oracle Platform Security Services, enabling a new security mechanism that provides the features and functionality described in Table 15-1 (a subset of Table 1-1, "11g Functionality vs. 10g Functionality"):
Table 15-1 11g Security Features vs. 10g Functionality
11g New Features | Equivalent 10g Functionality |
---|---|
A standards-based Java EE security model through Oracle Platform Security Services. This provides a flexible, simple to administer security mechanism. For more information, see Section 15.1, "Introduction to Oracle Reports Security" |
Reports Server authentication restricted to use only Oracle Internet Directory. Authorization of Reports Server required Oracle Portal-based security model (using Portal metadata repository for checking authorization). |
Oracle Enterprise Manager advanced user interface. Administrators can use Oracle Enterprise Manager to more easily define and manage granular security policies for reports, directories, Web commands, and read/write access to directories. For more information, see Section 7.8, "Securing Oracle Reports Services" in Chapter 7, "Administering Oracle Reports Services Using Oracle Enterprise Manager" |
Basic UI in Oracle Portal for defining the policies. Hard-coded Web command access to the Oracle Reports seeded roles. Access policies at file (report) level only, not folder level. |
Read/write access to directories at Reports Server level. Administrators can control the input folders from which reports can be served and output folders to which the output of reports servers can be pushed. This ensures there is no security vulnerability. For more information, see Section 15.4.6, "Defining Read/Write Access to Directories" |
|
Database proxy authentication. Support for database authentication using proxy users:
|
Not Applicable |
Security check for distribution destinations. Ability to define security policies for distribution jobs. For example, you can define a security policy that specifies report output may not be burst to |
No security check performed for destinations specified in the distribution XML file. |
Security check for system parameters. A security check is performed for all system parameters, including those specified in the report definition as well as on the command line. |
No security check performed for system parameters. |
Security auditing. Audit authentication and authorization on the Reports Server. | |
Security for report output from Oracle Forms Services. With no configuration required, support for intermediate-level security even when Oracle Forms Services and Oracle Reports Services are not secured. For more information, see Section 15.11, "Intermediate-level Security for Forms and Reports", Section 17.6, "Oracle Forms Services Security Considerations" and Section 18.8.2, "Generating Random and Non-Sequential Job IDs". |
Anyone is able to see anyone else's report output by "guessing" the job ID based on sequential job ID assignment. |
Oracle Reports Services encompasses functionality for three main areas of security:
Application Security (that is, controlling access to the report application, where users launch report requests)
Resource Security (that is, controlling access to reports and Reports Servers)
Data Source Security (that is, for controlling access to a particular database)
Generally, users must log on to an application or site (for example, your own corporate Web site, Oracle WebCenter Portal) from which they can access and run their reports. This launcher application is typically protected by some sort of login facility, such as OracleAS Single Sign-On. Once they successfully gain entry into the launcher application, resource security takes over and determines which reports and destinations a given user or group may request.
For application security, OracleAS Single Sign-On provides a single point of user log in and, optionally, data source security. In a typical configuration, the user logs on through OracleAS Single Sign-On to gain access to a report application, where they access and run their reports.
Resource security ensures that only authorized users or groups execute a specific report. It also keeps users or groups from accessing particular Reports Servers for the execution of the report. Certain servers might be reserved for a particular group of users, or may simply be inaccessible during certain times for maintenance activities.
Once it is determined that a user has the necessary privileges to execute a given report through the specified Reports Server to the specified destination, then the user's privileges to the data source accessed by the report must be ascertained.
Optionally, or for backward compatibility, you can configure Oracle Portal to provide resource security for reports and Reports Servers out of the box. In a typical configuration, the administrator or developer specifies which users and groups could access which reports and Reports Servers from Oracle Portal.
Data source security defines the users or roles that can access the data within the given data source. A report might access multiple data sources and the current user must have privileges on all of the data sources accessed by the report in order to run it and view the output. The data source administrator (typically a DBA) grants access to data sources. Data source security must be established and in place prior to configuring your reports environment.
You can provide for data source security in two different ways with Oracle Reports Services:
You can associate data source connection information with a Single Sign-On user. In this case, the first time a user attempts to access the data source, Oracle Delegated Administration Services prompts them to create a resource for their data source connection. After the user creates this data source resource, OracleAS Single Sign-On associates it with the user in Oracle Internet Directory. Once the data source resource is associated with the Single Sign-On user, it becomes part of their Single Sign-On identity and they can access the data source without having to log in to it separately. This method has two key advantages. First, it enables each user to gain access to the data source through their Single Sign-On identity without having to login separately. Second, it enables a single report URL to be used by many users because the data source login information is stored with the user's identity and therefore does not have to be hard coded into the report's URL or a key mapping.
In your report URLs or key mappings, you can code AUTHID
and the necessary connection parameters (for example, USERID,SSOCONN
) for your report. This functionality is much the same as it was in previous releases of Oracle Reports Services. For a complete discussion of URL syntax, refer to Section 18.1, "The Reports URL Syntax". For a complete discussion of key mapping, refer to Section 18.13, "Using a Key Map File".
A Credential Store is the repository of security data that certify the authority of entities used by Java 2, JavaEE and ADF applications. Applications can use the credential store, a single, consolidated service provider to store and manage the credentials securely.
A domain includes one credential store. Application-specific credentials are supported and migrated to credentials in the domain credential store when the application is deployed. Thus, all servers and all applications deployed in a domain use a common credential store, the domain credential store.
Oracle Reports 11g Release 1 (11.1.1) uses credential store to store a password as a key. You can also use the credential store to configure database connection information for jobStatusRepository
and jobRepository
elements.
For example:
Portal password is stored in the reports credential map with key in the following syntax:
"portalpasswd_DomainName_InstanceName"
Note: You must create credentials under the Reports folder as the server accesses credentials from this folder in CSF. |
Oracle Platform Security supports the following types of credentials according to the data they contain:
A password Credential encapsulates a user name and a password
A generic credential encapsulates any customized data or arbitrary token, such as a symmetric key.
In Credential Store Framework (CSF), a credential is uniquely identified by a map name and a key name. Typically, the map name corresponds with the name of an application and all credentials with the same map name define a logical group of credentials, such as the credentials used by the application. All map names in a credential store must be distinct. If the credential store is intended to be the repository of X.509 certificates, it is recommended the use of an Oracle Wallet or a Java keystore. The credential store does not allow the storage of end-user digital certificates.
Note: CSF keys are stored inrwserver.conf and rwservlet.properties file. |
For more information on how to manage credentials in a domain credential store through Oracle Enterprise Manager, see Section 7.8.8, "Managing Credentials".
For more information about Wallet-Based and LDAP-Based Credential Stores and Configuring the Credential Store, see Oracle Fusion Middleware Security Guide.
This section provides a brief description of the Oracle Reports components and contains examples showing how to use command-line keywords with each component.
rwclient
(Reports Client) parses and transfers a command line to the specified Reports Server.
All file names and paths specified in the client command line refer to files and directories on the server machine, except for any file specified for the following command line keywords:
CMDFILE=
filename
. In this case, the CMDFILE specified is read and appended to the original command line (of which CMDFILE
is a part) before being sent to the Reports Server. The runtime engine does not reread the command file
DESNAME=
filename
DESTYPE=LOCALFILE
. In this case, DESNAME
refers to files on the client machine.
Refer to Table A-1 for the keywords that can be used with rwclient
.
Examples
Example 1: Running a paper report to cache
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb
desformat=pdf
DESTYPE=cache
Example 2: Sending report output to a file
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb desformat=pdf
DESTYPE=file
DESNAME=c:\mydir\test
Example 3: Sending report output to a printer
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb
DESTYPE=printer
DESNAME=myprinter
Example 4: Sending report output through e-mail
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb desformat=pdf
DESTYPE=mail
DESNAME="emp1@comp.com, emp2@comp.com" cc="emp3@comp.com" bcc="mgr@comp.com" replyto="me@comp.com" from="me@comp.com"
Example 5: Sending report output to WebDAV (any WebDAV server or Oracle Portal WebDAV)
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb desformat=htmlcss
DESTYPE=webdav
DESNAME="http://myusername:mypassword@mywebdavserv.com/mydir/test.html"
Example 6: Sending report output to Oracle Portal
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb
DESTYPE=oracleportal
desformat=PDF
PAGEGROUP=mypagegrp
OUTPUTPAGE=reports_output
ITEMTITLE=pushtoportal
STATUSPAGE=result
Example 7: Sending XML PDS report output to a file
rwclient server=myrepserv report=myxmlpdstest.rdf
DESTYPE=file desformat=PDF desname=c:\mydir\my.pdf
Example 8: Sending JDBC PDS report output to a file
rwclient server=myrepserv report=myjdbcpdstest.rdf
DESTYPE=file desformat=PDF desname=c:\mydir\myxml.pdf
p_jdbcpds=sybuser/sybpwd@server1.mydomain.com:1300
Example 9: Distributing a report output to multiple destinations:
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb
DISTRIBUTE=yes
DESTINATION=c:\mydistribute.xml
Example 10: Running scheduled reports
rwclient server=myrepserver report=test.rdf
SCHEDULE="every first fri of month from 15:53 Mar 25, 2009 retry 3 after 1 hour"
destype=file desformat=pdf desname=test.pdf
Example 11: Using a secured Reports Server
rwclient server=myrepserv report=test.rdf userid=scott/tiger@mydb desformat=pdf destype=file desname=test.pdf
AUTHID=myadmin/myadmin
Example 12: Running a report with e-mail notification
rwclient server=myrepserver report=test.rdf userid=scott/tiger@mydb destype=file desformat=pdf desname=test.pdf
NOTIFYSUCCESS="emp@comp.com"
NOTIFYFAILURE="admin@comp.com"
Example 13: Running a report that specifies a URL to be fetched with the URL engine
rwclient server=myrepserver report=test.rdf userid=scott/tiger@mydb destype=file desformat=pdf desname=test.pdf
JOBTYPE=rwurl
URLPARAMETER="http://www.oracle.com"
rwrun
(Reports Runtime) runs a report by starting its own in-process server (not to be confused with the default in-process Reports Server), which runs in the same JVM as the rwrun
process.
The configuration file for this in-process server is rwbuilder.conf
and trace files are saved in the rep_
machinename
-rwbuilder
directory.
Note: It is recommended that you userwrun for testing purposes only. Use rwservlet and rwclient in your production environment to take full advantage of the power of Oracle Reports Services. |
Refer to Table A-1 for the keywords that can be used with rwrun
.
Examples
Example 1: Customizing a report
rwrun userid=scott/tiger@mydb report=emp.rdf
CUSTOMIZE=empcustomize.xml
destype=file desformat=pdf desname=emp.pdf
Example 2: Sending report output to a file
rwrun report=test.rdf userid=scott/tiger@mydb desformat=pdf
DESTYPE=file
DESNAME=c:\mydir\test.pdf
Example 3: Sending report output to a printer
rwrun report=test.rdf userid=scott/tiger@mydb
DESTYPE=printer
DESNAME=myprinter
Example 4: Sending report output through e-mail
rwrun report=test.rdf userid=scott/tiger@mydb desformat=pdf
DESTYPE=mail
DESNAME="emp1@comp.com, emp2@comp.com" cc="emp3@comp.com" bcc="mgr@comp.com" replyto="me@comp.com" from="me@comp.com"
Example 5: Sending report output to WebDAV (any WebDAV server or Oracle Portal WebDAV)
rwrun report=test.rdf userid=scott/tiger@mydb desformat=htmlcss
DESTYPE=webdav
"DESNAME"="http://myusername:mypassword@mywebdavserv.com/mydir/test.html"
Example 6: Sending report output to Oracle Portal
rwrun report=test.rdf userid=scott/tiger@mydb
DESTYPE=oracleportal desformat=PDF PAGEGROUP=mypagegrp OUTPUTPAGE=reports_output ITEMTITLE=pushtoportal STATUSPAGE=result
Example 7: Sending XML PDS report output to a file
rwrun report=myxmlpdstest.rdf destype=file desformat=PDF desname=c:\mydir\my.pdf
Example 8: Sending JDBC PDS report output to a file
rwrun report=myjdbcpdstest.rdf destype=file desformat=PDF desname=c:\mydir\myxml.pdf
P_JDBCPDS=sybuser/sybpwd@server1.mydomain.com:1300
Example 9: Distributing report output to multiple destinations
rwrun report=test.rdf userid=scott/tiger@mydb
DISTRIBUTE=yes
DESTINATION=c:\mydistribute.xml
Example 10: Using a secured Reports Server
rwrun report=test.rdf userid=scott/tiger@mydb desformat=pdf destype=file desname=test.pdf
AUTHID=myadmin/myadmin
Example 11: Running a report with e-mail notification
rwrun report=test.rdf userid=scott/tiger@mydb destype=file desformat=pdf desname=test.pdf
NOTIFYSUCCESS="emp@comp.com"
NOTIFYFAILURE="admin@comp.com"
rwbuilder
invokes Oracle Reports Builder. When you include a REPORT|MODULE
keyword on the command line with rwbuilder
, Oracle Reports Builder opens with the specified report highlighted in the Object Navigator. When no report is specified, Oracle Reports Builder opens with a Welcome dialog offering you the choice of opening an existing report or creating a new one.
Refer to Table A-1 for the keywords that can be used with rwbuilder
.
Example
rwbuilder report=myrep.rdf userid=scott/tiger@mydb
rwconverter
(Reports Converter) enables you to convert one or more report definitions or PL/SQL libraries from one storage format to another. For example, you can use rwconverter
to:
Combine a report file with an XML file to create a new report
Convert a report stored in an .rdf
file to a .rep,
.rex,
.jsp,
or .tdf
(template) file.
Note: When a report is converted to a template, only objects in the report's header and trailer sections and margin area are used in the template. Objects in the main section are ignored. |
Convert a report stored in a .rex
file to an .rdf
or a template (.tdf
file)
Convert a library stored in the database to a .pld
or .pll
file
Convert a library stored in a .pld
file into a database library or a .pll
file
Convert a library stored in a .pll
file into a database library of a .pld
file
Note: When you convert a report that has an attached library, convert the .pll files attached to the report before converting the .rdf/.rex file. |
Create a PL/SQL script that batch registers reports in Oracle Portal
In some cases, rwconverter
automatically compiles the report's PL/SQL as part of the conversion process. Provided your conversion destination is not a .rex file, rwconverter
automatically compiles PL/SQL under the following conditions:
Converting to a .rep
file. If there are compile errors, rwconverter
displays an error message and the .rep file is not created.
Using a .rex
file as the source. If there are compile errors, rwconverter
displays a warning, but the conversion continues.
Using a report created on another platform than the source. If there are compile errors, rwconverter
displays a warning, but the conversion continues.
In all other situations, you must compile the report's PL/SQL yourself (for example, using Program > Compile > All in Oracle Reports Builder).
Note: Fonts are mapped when a report is opened by Oracle Reports Builder or Reports Runtime, not during the conversion. |
Refer to Table A-1 for the keywords that can be used with rwconverter
.
Example:
rwconverter scott/tiger@mydb stype=rdffile source=inven1.rdf dtype=xmlfile dest=inven1_new.xml
rwservlet
(Oracle Reports Servlet) translates and delivers information between either a Web server or a Java EE Container (for example, Oracle WebLogic Server) and the Reports Server, allowing you to run a report dynamically from your Web browser. Optionally, it can use the in-process Reports Server, which reduces the maintenance and administration of the Reports Server by providing a means for starting the server automatically, whenever it receives the first request from the client.
The keywords used with rwservlet
are also known as Web commands. Oracle Reports 11g Release 1 (11.1.1) introduces security access levels for rwservlet
Web commands, based on two categories:
End user Web commands are: GETJOBID, KILLJOBID, SHOWAUTH, SHOWJOBID.
Administrator-only Web commands are: DELAUTH, GETSERVERINFO, KILLENGINE, PARSEQUERY, SHOWENV, SHOWJOBS, SHOWMAP, SHOWMYJOBS.
Administrators are allowed to run both end user and administrator-only Web commands. For a non-secured server, the user ID and password for administrators can be set in the identifier element of the Reports Server configuration file.
The security access levels are specified using Oracle Enterprise Manager, as described in Section 7.8.4, "Defining Security Policies for Web Commands":
Note: When you userwservlet to run a JSP, you can use all keywords applicable to rwservlet . For more information on running a JSP with rwservlet , see Section 18, "Running Report Requests". |
Note: The following keywords are commands rather than keyword=value pairs; that is, these keywords are entered by themselves without a corresponding value: SHOWENV, SHOWJOBS, SHOWMAP, SHOWMYJOBS, KILLJOBID, KILLENGINE, PARSEQUERY, DELAUTH, GETJOBID, and GETSERVERINFO. |
Refer to Table A-1 for the keywords that can be used with rwservlet
.
Examples
In the following examples, myias.mycomp.com
is your Oracle Application Server instance, and 7779
is the port where rwservlet
is running.
Example 1: Running a paper report to a browser (cache)
http://myias.mycomp.com:7779/reports/rwservlet?
DESTYPE
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
desformat=pdf+=cache
Example 2: Sending report output to a file
http://myias.mycomp.com:7779/reports/rwservlet?
DESTYPE
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
desformat=pdf+=file+
DESNAME=c:\mydir\test
Example 3: Sending report output to a printer
http://myias.mycomp.com:7779/reports/rwservlet?
DESTYPE
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+=printer+
DESNAME=myprinter
Example 4: Sending report output to e-mail
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
DESTYPE
desformat=pdf+=mail+
DESNAME="emp1@co
mp.com,
CC=
emp2@comp.com"+"emp3@comp.com"+
BCC="mgr@comp.com"+
REPLYTO="me@comp.com"+
FROM=me@comp.com"
Example 5: Sending report output to WebDAV (any WebDAV server or Oracle Portal WebDAV)
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
DESTYPE
desformat=htmlcss+=webdav+
DESNAME=
"http://myusername:mypassword@mywebdavserv.com/mydir/test.html"
Example 6: Sending report output to Oracle Portal
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
PAGEGROUP
destype=oracleportal+desformat=PDF+=
mypagegrp+
OUTPUTPAGE=reports_
output+
ITEMTITLE=pushtoportal+
STATUSPAGE=result
Example 7: Sending XML PDS report output to a file
http://myias.mycomp.com:7779/reports/rwservlet?
DESNAME
server=myrepserv+report=myxmlpdstest.rdf+destype=file+
desformat=PDF+=c:\mydir\my.pdf
Example 8: Sending JDBC PDS report output to a file
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserv+report=myjdbcpdstest.rdf+destype=file+
desformat=PDF+desname=c:\mydir\myxml.pdf+
P_JDBCPDS=sybuser/sybpwd@server1.mydomain.com:1300
Example 9: Distributing report output to multiple destinations
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
DISTRIBUTE=yes+
DESTINATION=c:\mydistribute.xml
Example 10: Running scheduled reports
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserver+report=test.rdf+
SCHEDULE="every first fri of month from 15:53 Oct 23, 2007 retry 3 after 1 hour"
+destype=file+desformat=pdf+desname=test.pdf
Example 11: Using a secured Reports Server
http://myias.mycomp.com:7779/reports/rwservlet?
AUTHID
server=myrepserv+report=test.rdf+userid=scott/tiger@mydb+
desformat=pdf+destype=file+desname=test.pdf+=myadmin/myadmin
Example 12: Using a key map file (for more information, see Section 18.13, "Using a Key Map File")
http://myias.mycomp.com:7779/reports/rwservlet?key1
where
key1
is a key defined in the cgicmd.dat
file (the keyname should be the first parameter)
or
http://myias.mycomp.com:7779/reports/rwservlet?
CMDKEY
server=myrepserv+userparam=12+=keyname
Example 13: Running a report with a Parameter Form
http://myias.mycomp.com:7779/reports/rwservlet?
PARAMFORM
server=myrepserver+report=test.rdf+userid=scott/tiger@mydb+
destype=cache+desformat=htmlcss+=html
Example 14: Running a report with e-mail notification
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserver+report=test.rdf+userid=scott/tiger@mydb+
NOTIFYSUCCESS
destype=file+desformat=pdf+desname=test.pdf+="emp@comp.com"+
NOTIFYFAILURE="admin@comp"
Example 15: Running a report that specifies a URL to be fetched with the URL engine
http://myias.mycomp.com:7779/reports/rwservlet?
server=myrepserver+report=test.rdf+userid=scott/tiger@mydb+
JOBTYPE
destype=file+desformat=pdf+desname=test.pdf+=rw
url+
URLPARAMETER="http://www.oracle.com"
Example 16: Showing the environment information for server myrepserver
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWENV?
server=myrepserver+authid=myrepuser/myreppassword
Example 17: Viewing the past jobs information for server myrepserver
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWJOBS?server=myrepserver+authid=myrepuser/myreppassword
+queuetype=past
Example 18: Viewing the cgicmd.dat
key mappings (for more information, see Section 18.13, "Using a Key Map File")
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWMAP?authid=myrepuser/myreppassword
Example 19: Viewing current jobs information for user myrepuser
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWMYJOBS?
server=myrepserver+authid=myrepuser/myreppassword+
queuetype=current
Example 20: Getting the status of a job with job ID 30
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWJOBID30?
server=myrepserver+authid=myrepuser/myreppassword
Example 21: Cancelling a currently running job with job ID 122
http://myias.mycomp.com:7779/reports/rwservlet/
KILLJOBID122?
server=myrepserver+authid=myrepuser/myreppassword
Example 22: Viewing the parsed query of a command
http://myias.mycomp.com:7779/reports/rwservlet/
PARSEQUERY?
server=myrepserver+authid=myrepuser/myreppassword+
report=test.rdf+userid=scott/tiger@db+destype=cache+
desformat=htmlcss
Example 23: Showing DB authentication page
http://myias.mycomp.com:7779/reports/rwservlet/
SHOWAUTH?
server=myrepserver+authid=myrepuser/myreppassword+authtype=D
Example 24: Deleting cookies set by rwservlet
http://myias.mycomp.com:7779/reports/rwservlet/
DELAUTH?
server=myrepserver+authid=myrepuser/myreppM
assword
Example 25: Getting the output of job with job ID 87
from server myrepserver
http://myias.mycomp.com:7779/reports/rwservlet/
GETJOBID87?
server=myrepserver+authid=myrepuser/myreppassword
Example 26: Displaying server information for server myrepserver
http://myias.mycomp.com:7779/reports/rwservlet/
GETSERVERINFO?
server=myrepserver+authid=myrepuser/myreppassword
Example 27: Killing engine rwEng-1
in server myrepserver
http://myias.mycomp.com:7779/reports/rwservlet/
KILLENGINE1?
type=rwEng+server=myrepserver+authid=myrepuser/myreppassword
rwserver
(Reports Server) processes client requests, which includes ushering them through its various services, such as authentication and authorization checking, scheduling, caching, and distribution (including distribution to pluggable output destinations). Reports Server also spawns runtime engines for generating requested reports, fetches completed reports from the reports cache, and notifies the client that the job is ready.
Refer to Table A-1 for the keywords that can be used with rwserver
.
To manage Reports Server using Oracle Enterprise Manager, refer to Chapter 7, "Administering Oracle Reports Services Using Oracle Enterprise Manager".
For manual configuration, see Section 8.2, "Reports Server Configuration File".
rwbridge
(Oracle Reports Bridge) is used when Reports Server and Oracle Reports Client are in different Farms. Oracle Reports Client uses the default broadcast mechanism for server discovery, which sends packets that can travel only within a Farm. The Oracle Reports Bridge can bridge two Farms in a network. It intercepts the packets broadcast by Reports Server and Oracle Reports Client and transfers them to the remote bridges configured in the Oracle Reports Bridge configuration file.
There are no command line keywords for rwbridge
.
To configure the Oracle Reports Bridge, refer to Section 7.5, "Configuring Oracle Reports Components".
To start and stop the Oracle Reports Bridge, see Chapter 6, "Starting and Stopping Oracle Reports Services".
Oracle Reports supports PDF 1.4 and is capable of generating high fidelity PDF reports on all platforms. The PDF features supported by Oracle Reports include:
PDF compression decreases the PDF file size, thereby reducing the time spent in downloading the PDF file.
The amount of space saved using compression varies based on the contents of the report, for example, the number of images versus the size of the content.
Images: PDF compression does not significantly affect the size of files containing images in it, as image files are typically already compressed.
Formatted data: Highly formatted data can achieve higher compression rates. However, actual compression rates will vary for each report.
Compressed files are about one fifth the size of the original file. Testing has shown that the best case compression ratio of one-eighth to the worst case compression ratio of one-half was achieved based on the contents in the original file.
By default, PDF output generated by Oracle Reports is compressed. To specify the level of compression, use PDFCOMP
on the command line. For more information, see Section A.7.24, "PDFCOMP".
Although compressed files download quickly, the time taken to generate a compressed file is much more when compared to a non-compressed file.
Note: Compression rate depends on the report's content; thus, the time taken to generate the PDF file as well as the PDF file size will vary from report to report. |
This section outlines the PDF font-related features supported by Oracle Reports:
Font aliasing enables you to substitute one font for another; that is, font-to-font substitution. This font-to-font substitution is usually used when porting applications (in this case, your PDF file) across platforms. You can alias multibyte fonts as well as character sets. For font aliasing considerations when designing multilingual applications, see Section 23.2.1.3.2, "Font Aliasing Considerations".
The font enhancements introduced in Oracle Reports 11g Release 1 (11.1.1) make font aliasing unnecessary in almost all cases. In prior releases, a report may have been created with fonts that are readily available on Windows, but not on UNIX (for example, Arial font). In such cases, it was necessary to alias the Windows fonts to other fonts with a similar style available on UNIX (for example, Helvetica). Now, with support for TTF and TTC files on UNIX, a font such as Arial is supported on both Windows and UNIX, eliminating the need for aliasing.
Font aliasing occurs at the time of generating the PDF file. The PDF file will contain only the necessary font information required to display the output. The fonts used will not be embedded in the PDF file.
Note: The fonts must be available on the machine displaying the PDF output. The fonts need not be available on the machine generating the PDF file. |
At the time of viewing the report, Adobe Acrobat replaces the aliased fonts based on the following:
If the fonts do not exist on the machine displaying the output, Adobe Acrobat substitutes it with the Adobe
Sans
MM
font.
If the Adobe
Sans
MM
font does not match, the output may display dots for the data.
Font aliasing will work with any or all of the following:
Single byte fonts, including Eastern European fonts for both ASCII and IS0-Latin character sets.
Adobe multibyte Character ID (CID) fonts listed in Table 11-2, which are available as a free download from Adobe.
Type1 PostScript fonts.
TrueType fonts.
Table 11-2 outlines the mapping between Oracle NLS_CHARACTERSET
, CMap name, and CID font name used in PDF font aliasing for multibyte fonts.
Table 11-2 CID Font Mapping for PDF Font Aliasing
Language | Oracle NLS_CHARACTERSET Name | CMap Name | CID Font Name |
---|---|---|---|
Japanese |
|
|
|
Korean |
|
|
|
Traditional Chinese |
|
|
|
Simplified Chinese |
|
|
|
(*) These fonts are available in Adobe Acrobat Reader 5.0 and later.
(**) These fonts are available in Adobe Acrobat Reader 4.0 and later.
It is recommended that you use Version 5.0 CID fonts (*) in order to avoid unexpected font mapping, which results in multibyte characters overlapping. Version 5.0 fonts are compatible with Adobe Acrobat Reader 5.0 and later.
If font aliasing is necessary, use Oracle Enterprise Manager to define the aliasing, instead of directly editing the uifont.ali
file as in prior releases. For information about using Oracle Enterprise Manager for font configuration, see Section 7.9.1, "Configuring Fonts".
For more information about the uifont.ali
file, refer to uifont.ali in Section 9.3, "Font Configuration Files":
If font aliasing does not work, verify that:
In Acrobat Reader 6.0 and later, choose File > Document Properties > Fonts. (In prior releases, beginning with Acrobat Reader 3.0, choose File > Document Info > Fonts). Verify that the aliased font has been added to the list. If it is not included, then font aliasing did not occur. The fonts were not found or the entry in the uifont.ali
file is incorrect.
The fonts specified for the report are available on the machine where the report will be viewed.
The [PDF]
section name in the uifont.ali
file has not been modified as Oracle Reports parses the file for the section name.
The version of the Adobe Acrobat Reader used for viewing is 3.0 or higher, as required for multibyte character reports to display properly.
With font subsetting, the PDF file includes the font information needed to render the PDF, regardless of the availability of that font on the machine used to view the report. PDF font subsetting works for single byte, multibyte, and Unicode fonts and is the preferred method of creating multibyte reports.
When you subset a font in a PDF file, the font information is embedded into the PDF output for only those characters that are needed for the report output.
Note: You can modify the PDF file if you have:
|
Before using font subsetting, you must:
Include the font file paths in the REPORTS_PATH
environment variable. Oracle Reports looks for fonts in the path specified in the REPORTS_PATH
environment variable when generating a PDF file.
Include the font subsetting entries in the uifont.ali
file. Oracle Reports subsets the fonts only when the font entries listed in the uifont.ali
file exist in the PDF file being generated.
Note: Theuifont.ali file is located in the following directory:
|
The section for font subset in the uifont.ali
file is [PDF:Subset]
and the entry is:
[PDF:Subset] font_name = "font_file_name"
where
font_name
is the font name, which must be enclosed in quotes if it contains more than one word.
font_file_name
is the font file name, which must always be enclosed in quotes, and is case-sensitive. If it does not exactly match the existing font file name, Oracle Reports generates a REP-1924
error.
The font files can be saved in any folder; for example, ORACLE_INSTANCE
/reports/
font_folder
. The font file's path is added by default to the $REPORTS_PATH
environment variable.
Note: Thefont_file_name is not the font name displayed in Oracle Reports Builder. |
Example 1
[PDF:Subset] Arial = "Arial.ttf"
To use TrueType fonts in a TrueType Collection (.ttc
) file, the syntax for the entry in the [PDF:Subset]
section in uifont.ali
is:
[PDF:Subset] font_name = "ttc_file_name[,table_directory_number]"
where
font_name
is the font name, which must be enclosed in quotes if it contains more than one word.
ttc_file_name
is a TrueType Collection file name.
table_directory_number
is the Table Directory number for the TrueType font in a TrueType Collection file, using a zero-based index (for example, "MS PGothic" = "msgothic.ttc,1
" indicates that Oracle Reports should use the second font in the TrueType Collection file). If the table_directory_number
is omitted or if you supply an invalid value, Oracle Reports will always subset the first font program in the TrueType Collection file.
Example 2
[PDF:Subset] "MS PGothic" = "msgothic.ttc,1" "MS UI Gothic" = "msgothic.ttc,2"
Table 11-3 shows the font name and Table Directory number values for common East Asian TrueType Collection files on the Windows platform.
Table 11-3 Common East Asian TrueType Collection Files on the Windows Platform
TTC File Name | Font Name | Table Directory Number |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
You can view the fonts used in your reports as follows:
In Acrobat Reader 6.0 and later, choose File > Document Properties > Fonts. (In prior releases, beginning with Acrobat Reader 3.0, choose File > Document Info > Fonts.)
The Document Font dialog box displays Original Font, Type, Encoding, Actual Font (or the font used), and Type.
Note: In the case of font subsetting:
|
Two environment variables allow for backward compatibility with the font mechanisms of prior releases:
REPORTS_ENHANCED_FONTHANDLING specifies whether to use the new 11g Release 1 (11.1.1) font model, or revert to the Toolkit font handling mechanism of 10g Release 2 (10.1.2). By default, REPORTS_ENHANCED_FONTHANDLING
=YES
.
REPORTS_ENHANCED_SUBSET specifies whether to include the enhanced TTF font subsetting feature introduced in Oracle Reports 10g Release 2 (10.1.2). By default, REPORTS_ENHANCED_SUBSET
=YES
to ensure that the PDF file generated is accessible and searchable.
You can set environment variable REPORTS_ENHANCED_SUBSET
=NO
to revert to the implementation of font subsetting used in releases prior to Oracle Reports 10g Release 2 (10.1.2); that is, Type3 fonts.
If you set REPORTS_ENHANCED_SUBSET
=NO
, use Adobe Acrobat Reader and perform the following steps to ensure optimum viewing:
Choose Edit > Preferences > Page Display.
Select Smooth Text, Smooth Line Art, and Smooth Images.
(Laptop/LCD Screens) Select the Use CoolType check box.
Click OK.
Note: These steps are valid for Adobe Acrobat Reader 7.0. |
If font subsetting does not work, verify the following:
The fonts you use in the report have bold, italic, and bold italic versions. If you have used italic or bold styles in the report, with PDF font subsetting, and you do not see italic or bold styles in the output, check the Windows TTF files. On Windows, there are some fonts that have bold, italic, and bold italic versions. For example, Arial has arialbd.ttf
(Arial bold), ariali.ttf
(Arial italic), and arialbi.ttf
(Arial bold italic), while some other fonts, such as Arial Unicode MS (arialuni.ttf
), do not have any bold or italic versions. For fonts that do not have bold or italic versions, Windows synthesizes bold or italic styles from the main font file while displaying, as does Oracle Reports on Windows. These styles are preserved in HTML/HTMLCSS, RTF, and PDF (without PDF subsetting or embedding) outputs. However, while doing the PDF subsetting or embedding, since actual font glyphs are included in the report, Oracle Reports needs the TTF files that contain styles; that is, to include the bold style for Arial in the report, it would need arialbd.ttf
. But for fonts such as Arial Unicode MS that do not have such TTF files, PDF subsetted output will not have bold or italic styles.
The Actual Font value is Embedded Subset and Type is TrueType (in Acrobat Reader 6.0 and later, choose File > Document Properties > Fonts; in prior releases, beginning with Acrobat Reader 3.0, choose File > Document Info > Fonts). If this is not specified, then font subsetting is not implemented. The problem could be either that the fonts were not found or the entry in the uifont.ali
file is incorrect.
The font file names are valid.
The case of the font file name matches the case defined in the file.
The font types are TrueType; that is, filename
.ttf
or filename
.ttc
.
The font name is enclosed in double quotes if it consists of two or more words.
The font name does not contain embedded parenthesis.
The font files are located in the path specified by the REPORTS_PATH
environment variable. When generating a PDF file, Oracle Reports looks for fonts in the path specified in the REPORTS_PATH
environment variable.
The font names are correct and are available on the machine where the PDF file is generated.
The [PDF:Subset]
section name in the uifont.ali
file has not been modified. Oracle Reports parses the file looking for the section name.
The version of the Adobe Acrobat Reader used for viewing is 3.0 or higher, as required for multibyte character reports to display correctly.
The value of the REPORTS_ENHANCED_SUBSET
environment variable is set to YES
. If REPORTS_ENHANCED_SUBSET
=NO
, Oracle Reports reverts to the earlier implementation of font subsetting, using Type3 fonts to create a PDF document. Type3 fonts are imaged characters that look slightly bolder than they would if expressed as a Type1 font. See Section 11.2.2.2.2, "Backward Compatibility" for more information on improving the viewing quality.
PDF font embedding is the process of including the entire font set along with the data in the PDF file. PDF font subsetting and font embedding are mutually exclusive.
Note: Font embedding will work only if the fonts are included in the PDF file. Font embedding increases your PDF file size. |
PDF font embedding in Oracle Reports is for Type1 fonts only (single byte fonts) and not for TrueType fonts. Convert TrueType fonts to Type1 fonts using available 3rd party tools in order to include specific Type1 fonts in your report.
PDF font embedding with Oracle Reports occurs between a font and a set of font file names.
Note: You must ensure that you have the necessary font licenses before embedding any fonts in your output. |
The setup for PDF embedding includes:
A command line keyword: PDFEMBED
A uifont.ali File Entry:[PDF:Embed]
PDFEMBED
The command line keyword PDFEMBED
is used to specify whether Oracle Reports will embed the Type1 PostScript fonts specified in the uifont.ali
file into the PDF output. For more information, see Section A.7.25, "PDFEMBED".
uifont.ali File Entry
The section for font aliasing in the uifont.ali
file is [PDF:Embed]
.
(Windows only) The entry in the uifont.ali
file should be:
font_name = "font_name.pfm
font_name.pfb"
(UNIX only) The entry in the uifont.ali
file should be:
font_name = "font_name.afm
font_name.pfa"
Example 11-1 Font Embedding
[PDF:Embed] Symbol = "Symbol.pfm Symbol.pfb"
In Example 11-1, the Symbol font is embedded into the PDF file. This ensures portability by:
Creating the report with the Symbol font.
Embedding the Symbol font in the PDF file (Figure 11-3).
If PDF font embedding does not work, verify the following:
In Acrobat Reader 6.0 and later, choose File > Document Properties > Fonts. (In prior releases, beginning with Acrobat Reader 3.0, choose File > Document Info > Fonts). Verify that the embedded font has been added to the list. If the font has not been added, then font embedding did not occur. The problem could be either that the fonts were not found or the entry in the uifont.ali
file is incorrect.
The correct font file name is used.
The font path specified in the REPORTS_PATH
environment variable is correct. When generating the PDF file, Oracle Reports looks for fonts in the paths specified in the REPORTS_PATH
environment variable.
The font type is a Type1 font.
The font name is enclosed within double quotes if it consists of 2 or more words.
The [PDF:Embed]
section name in the uifont.ali
file has not been modified. Oracle Reports parses the file looking for the section name.
The format to specify the embedded font is valid:
font_name="fontfilename.pfm/.afm fontfilename.pfb/.pfa".
For example (Windows):
UtopiaMediumItalic = "UtopiaMediumItalic.pfm UtopiaMediumItalic.pfb"
The font name is correct and available on the machine where the PDF file is generated.
Table 11-4 summarizes the advantages and disadvantages of font aliasing, font embedding, and font subsetting.
Table 11-4 Comparison of PDF Font Features
PDF Type | Advantages | Disadvantages | PDF Type |
---|---|---|---|
Font Aliasing |
Multibyte support. Good display. Small file size (Japanese example; 23KB for font aliasing when compared to 130KB for font subsetting). |
Unicode character set not supported. Asian Font Packs are required on the client machine, if the client's operating system and Acrobat Reader are not the native version. Limited fonts support. For example, there is no support for font emphasis. |
Font Aliasing |
Font Embedding |
Guaranteed display. |
Only single byte support provided. Large file size. |
Font Embedding |
Font Subsetting |
Unicode support. Guaranteed display. Generated file is searchable and editable using Adobe Acrobat. |
No styles (Italic and Bold) support. |
Font Subsetting |
The precedence order for the same font in multiple places within the uifont.ali
file is as follows:
Font aliasing takes precedence over font embedding (highest).
Font subsetting takes over font embedding (intermediate).
Font embedding takes no precedence (lowest).
For example, if you have included the same font entries for both font embedding and font subsetting, then font subsetting will override font embedding. This is assuming you have not set the command line option PDFEMBED=NO
.
For all font features —font aliasing, font subsetting, and font embedding—include the specific entries first followed by the generic entries. For example, if you want to subset Arial Plain, Arial Bold, Arial Italic, and Arial Bold-Italic fonts, your entries should be in the following order:
[ PDF:Subset ] Arial..Italic.Bold.. = "Arialbi.ttf" Arial...Bold.. = "Arialb.ttf" Arial..Italic... = "Ariali.ttf" Arial..... = "Arial.ttf"
If the plain Arial..... = "Arial.ttf"
entry appears first, then all the styles of the Arial font in the layout will be subset as Arial Plain font. Here is a sample of a portion of the uifont.ali
file for all the PDF entries containing all three PDF sections:
Sample 1
[ PDF ] Palatino = "Kino MT.ttf" [ PDF:Subset ] Garmond..Italic.Bold.. = "Garmacbi.ttf" Garmond...Bold.. = "Garmacb.ttf" Garmond..Italic... = "Garmaci.ttf" Garmond..... = "Garamac.ttf" [ PDF:Embed ] Arial = "Arial.pfm Arial.pfb"
Sample 2
[PDF] Arial.10.Italic = "Times New Roman".12.Italic.Bold "Courier New" = Symbol [PDF:Embed] "Times New Roman".14..Bold = "TimesBold.pfm TimesBold.pfb" [PDF:Subset] Verdana...Italic.Bold = "Verdanaz.ttf" Verdana...Bold = "Verdanab.ttf"
Beginning with Oracle Reports 11g Release 1 (11.1.1), you can encrypt and password-protect PDF reports generated by Oracle Reports.
This optional functionality avoids unauthorized reading and changing of PDF reports. The encrypted PDF reports are readable by Acrobat Reader 5.0 and later, and other readers supporting PDF 1.4. This functionality is also compatible with reports developed with prior releases of Oracle Reports.
Oracle Reports uses the Adobe Standard Security Handler to encrypt PDF reports. This standard security handler allows up to two passwords (owner and user) and 8 types of access permissions to be specified for a document.
To provide encryption, password protection, and permissions security in PDF reports, Oracle Reports 11g Release 1 (11.1.1) introduces the following command line keywords:
Note: To generate PDF encrypted report output using Oracle Reports Builder (rwbuilder ), you must pass at least one of these command line keywords in the command while starting the rwbuilder .
In Oracle Reports Builder, select Generate to File>PDF to generate the PDF encrypted output. |
Table 11-5 describes the effect of the possible combinations of the PDFOWNER
and PDFUSER
command line keywords.
Table 11-5 Effect of PDFUSER and PDFOWNER Keyword Combinations
PDFUSER specified? | PDFOWNER specified? | Effect |
---|---|---|
Yes |
Yes |
When an end user attempts to open PDF report output in Acrobat Reader (5.0 or later), a password prompt displays to request the password specified by |
Yes |
No |
When an end user attempts to open PDF report output in Acrobat Reader (5.0 or later), a password prompt displays to request the password specified by |
No |
Yes |
When an end user attempts to open PDF report output in Acrobat Reader (5.0 or later), Oracle Reports opens the document, decrypts it, and displays it on the screen. If the end user attempts to change permissions on the PDF report output in Acrobat Writer (6.0 or later), a password prompt displays to request the password specified by |
No |
No |
Any end user can open PDF report output in Acrobat Reader (5.0 or later), and also change the document's passwords and permissions in Acrobat Writer (6.0 or later). No password prompts display. |
For information about suppressing specific permissions for encrypted PDF report using the PDFSECURITY
command line keyword, see Section A.7.27, "PDFSECURITY".
The encrypted PDF document's passwords and permissions, as specified by PDFUSER
, PDFOWNER
, and PDFSECURITY
, are stored with the PDF document. An end user with authorization to change these values can do so as follows:
In Acrobat Writer 6.0 or later, open the PDF document.
Select Document > Security > Restrict Opening and Editing.
In the password prompt, enter the appropriate password (as specified in Table 11-5).dialog box that displays, make desired changes to passwords and permissions.
In the dialog box that displays, make desired changes to passwords and permissions.
Support for PDF Security in Distribution
Oracle Reports 11g Release 1 (11.1.1) supports PDF encryption in distribution and bursting of reports. With this feature, you can set individual passwords and security permissions for each PDF that you generate.
To use this feature, you must add atleast one property (pdfuser
, pdfowner
, and pdfsecurity
) in the distribution xml file.
<destinations> <file id="F1" name="personal_report" format="pdf"> <property name="pdfsecurity" value="NOCOPY"/> <property name="pdfuser" value="mypdf"/> <property name="pdfowner" value="employee"/> <include src="mainSection"/> </file> </destinations>
For more information about the distribution xml file, see Section 20.3, "Introduction to Distribution XML Files" and Section 20.5, "Distribution XML File Examples".
Oracle Reports provides several ways for you to include accessibility features in your PDF file. The PDF format file follows the tagged-PDF standard defined in PDF 1.4. This standard along with Acrobat Reader 5 (or higher) provides you with features for inclusion in the paper layout.
For information on enabling accessibility-related features offered through Oracle Reports from the command line, see Section A.5.1, "ACCESSIBLE". For information about using the Oracle Reports accessibility properties designed to make PDF report output accessible to the disabled community (Alternative Text, Headers, ID, Report Language, and Table Caption properties), see the Oracle Reports online Help.
Additionally, refer to Chapter 43, "Building an Accessible JSP-based Web Report" in the Oracle Reports Building Reports manual, and to the Oracle accessibility site on OTN (http://www.oracle.com/accessibility/index.html
), where you can learn more about accessibility and find the Creating Accessible Enterprise Reports Using Oracle Reports white paper.
A PDF document can include global information about itself such as the document's title, author, creation and modification dates. This global information proves useful at the time of cataloging or searching for documents in external databases.
Oracle Reports provides report-level properties to enable such a classification, known as taxonomy. They are:
Title
Author
Subject
Keywords
Table 11-6 Taxonomy Properties
Property Name | Type | Description | Default Value |
---|---|---|---|
Title |
String |
Document title. |
PDF document name |
Author |
String |
Document's author. |
Oracle Reports |
Subject |
String |
Document's subject. |
None |
Keywords |
String |
Specifies keywords that can be used to categorize the document. |
None |
Refer to the Oracle Reports online Help for more information on the taxonomy properties.
Oracle Reports provides the capability to specify the dots per inch (DPI) value for the image resolution of the graph in PDF output. This enables you to scale the graph without compromising on the image quality.
For more information, see Section B.1.50, "REPORTS_GRAPH_IMAGE_DPI" and Section B.1.52, "REPORTS_JPEG_QUALITY_FACTOR".
The Common Object Service (COS) naming service orbd, provided by Sun Microsystem's JDK, can be used for Reports Server discovery instead of the default broadcast mechanism. Refer to the JavaIDL page on Sun Microsystem's Web site (http://java.sun.com
) for more details on the orbd
executable.
To start the naming service, use the following commands:
On Windows:
namingservice.bat port_number
On UNIX:
namingservice.sh port_number
To use OPMN to control the naming service, refer to Section 8.8.1.4, "COS Naming Service Specification"