Differences

This shows you the differences between two versions of the page.

--- 711:import_reports [2025/07/25 14:15] – [Reporting (Advanced)] Weinlein, Thomas
+++ 711:import_reports [2025/07/25 15:06] (current) – [Reporting (Advanced)] Weinlein, Thomas
@@ Line 18: / Line 18: @@
 ===== Reporting (Advanced) =====
+=== Security restrictions ===
 Access to persistent global variables is not allowed for reports in Stages, due to security implications. E.g.
 <code javascript>
 reportContext.setPersistentGlobalVariable(name, value)
@@ Line 26: / Line 29: @@
 </code>
 Use global variables instead:
 <code javascript>
 reportContext.setGlobalVariable(name, value)
@@ Line 33: / Line 37: @@
 </code>
+The access of custom event handler scripts to BIRT and other Java classes is highly restricted to keep the Stages server secure. In case additional classes need to be whitelisted there are errors logged that the system does not allow the access to those classes.
+In case the security implications are acceptable, add the following parameter to the reporting context in the ''server.xml'' and adapt the value accordingly.
+<code xml>
+<Context path="/reporting" [...]>
+   [...]
+   <Parameter name="metrics.script.class.whitelist" value="java.time.Instant,java.time.Duration" override="false"/>
+</Context>
+</code>
+To whitelist additional classes for **Stages data source** scripts add the following config property to config.xml.
+<code xml>
+<property name="metrics.script.class.whitelist" value="java.time.Instant,java.time.Duration"/>
+</code>
 ==== Direct database access in reports ====