积木报表post请求增加身份认证

2024-11-22 23:31:52 +08:00 · 2022-07-11 15:15:25 +08:00 · 2022-07-11 15:15:25 +08:00 · 227a125719
commit 227a125719
parent 5c58a377db
4 changed files with 47 additions and 7 deletions
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
@ -37,13 +37,34 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {

    private final OAuth2TokenApi oauth2TokenApi;

+    /**
+     * 积木报表内部请求获取token
+     *
+     * @param request
+     * @return
+     */
+    private static String getToken(HttpServletRequest request) {
+        String token = request.getParameter("token");
+        if (token == null) {
+            token = request.getHeader("X-Access-Token");
+        }
+        return token;
+    }
+
    @Override
    @SuppressWarnings("NullableProblems")
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
-        String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
+        String token;
+        Integer userType;
+        if (request.getRequestURI().startsWith("/jmreport/")) {
+            token = getToken(request);
+            userType = 2;
+        } else {
+            token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
+            userType = WebFrameworkUtils.getLoginUserType(request);
+        }
        if (StrUtil.isNotEmpty(token)) {
-            Integer userType = WebFrameworkUtils.getLoginUserType(request);
            try {
                // 1.1 基于 token 构建登录用户
                LoginUser loginUser = buildLoginUserByToken(token, userType);
@ -88,11 +109,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {

    /**
     * 模拟登录用户，方便日常开发调试
-     *
+     * <p>
     * 注意，在线上环境下，一定要关闭该功能！！！
     *
-     * @param request 请求
-     * @param token 模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
+     * @param request  请求
+     * @param token    模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
     * @param userType 用户类型
     * @return 模拟的 LoginUser
     */
--- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java
+++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java
@ -24,6 +24,20 @@ public class SecurityFrameworkUtils {

    private SecurityFrameworkUtils() {}

+    /**
+     * 积木报表内部请求获取token
+     *
+     * @param request
+     * @return
+     */
+    private static String getToken(HttpServletRequest request) {
+        String token = request.getParameter("token");
+        if (token == null) {
+            token = request.getHeader("X-Access-Token");
+        }
+        return token;
+    }
+
    /**
     * 从请求中，获得认证 Token
     *
@ -32,6 +46,9 @@ public class SecurityFrameworkUtils {
     * @return 认证 Token
     */
    public static String obtainAuthorization(HttpServletRequest request, String header) {
+        if (request.getRequestURI().startsWith("/jmreport/")) {
+            return getToken(request);
+        }
        String authorization = request.getHeader(header);
        if (!StringUtils.hasText(authorization)) {
            return null;
--- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java
+++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java
@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.security.config;
 import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@ -17,7 +18,7 @@ public class SecurityConfiguration {
        return new AuthorizeRequestsCustomizer() {
            @Override
            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
-                registry.antMatchers("/jmreport/**").anonymous();
+                registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
            }
        };
    }
--- a/yudao-ui-admin/src/views/visualization/jm/index.vue
+++ b/yudao-ui-admin/src/views/visualization/jm/index.vue
@ -6,12 +6,13 @@
 </template>
 <script>
 import iFrame from "@/components/iFrame/index";
+import {getAccessToken} from "@/utils/auth";
 export default {
  name: "JimuReport",
  components: { iFrame },
  data() {
    return {
-      url: process.env.VUE_APP_BASE_API + "/jmreport/list"
+      url: process.env.VUE_APP_BASE_API + "/jmreport/list?token=" + getAccessToken(),
    };
  },
 };