积木报表post请求增加身份认证

This commit is contained in:
jiangqiang 2022-07-11 15:15:25 +08:00
parent 5c58a377db
commit 227a125719
4 changed files with 47 additions and 7 deletions

View File

@ -37,13 +37,34 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
private final OAuth2TokenApi oauth2TokenApi;
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
@Override
@SuppressWarnings("NullableProblems")
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException {
String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
String token;
Integer userType;
if (request.getRequestURI().startsWith("/jmreport/")) {
token = getToken(request);
userType = 2;
} else {
token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
userType = WebFrameworkUtils.getLoginUserType(request);
}
if (StrUtil.isNotEmpty(token)) {
Integer userType = WebFrameworkUtils.getLoginUserType(request);
try {
// 1.1 基于 token 构建登录用户
LoginUser loginUser = buildLoginUserByToken(token, userType);
@ -88,7 +109,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
/**
* 模拟登录用户方便日常开发调试
*
* <p>
* 注意在线上环境下一定要关闭该功能
*
* @param request 请求

View File

@ -24,6 +24,20 @@ public class SecurityFrameworkUtils {
private SecurityFrameworkUtils() {}
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
/**
* 从请求中获得认证 Token
*
@ -32,6 +46,9 @@ public class SecurityFrameworkUtils {
* @return 认证 Token
*/
public static String obtainAuthorization(HttpServletRequest request, String header) {
if (request.getRequestURI().startsWith("/jmreport/")) {
return getToken(request);
}
String authorization = request.getHeader(header);
if (!StringUtils.hasText(authorization)) {
return null;

View File

@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
@ -17,7 +18,7 @@ public class SecurityConfiguration {
return new AuthorizeRequestsCustomizer() {
@Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
registry.antMatchers("/jmreport/**").anonymous();
registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
}
};
}

View File

@ -6,12 +6,13 @@
</template>
<script>
import iFrame from "@/components/iFrame/index";
import {getAccessToken} from "@/utils/auth";
export default {
name: "JimuReport",
components: { iFrame },
data() {
return {
url: process.env.VUE_APP_BASE_API + "/jmreport/list"
url: process.env.VUE_APP_BASE_API + "/jmreport/list?token=" + getAccessToken(),
};
},
};