修改积木报表相关访问配置

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java

@@ -37,34 +37,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
     private final OAuth2TokenApi oauth2TokenApi;
 
-    /**
-     * 积木报表内部请求获取token
-     *
-     * @param request
-     * @return
-     */
-    private static String getToken(HttpServletRequest request) {
-        String token = request.getParameter("token");
-        if (token == null) {
-            token = request.getHeader("X-Access-Token");
-        }
-        return token;
-    }
-
     @Override
     @SuppressWarnings("NullableProblems")
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
             throws ServletException, IOException {
-        String token;
-        Integer userType;
-        if (request.getRequestURI().startsWith("/jmreport/")) {
-            token = getToken(request);
-            userType = 2;
-        } else {
-            token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
-            userType = WebFrameworkUtils.getLoginUserType(request);
-        }
+        String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
         if (StrUtil.isNotEmpty(token)) {
+            Integer userType = WebFrameworkUtils.getLoginUserType(request);
             try {
                 // 1.1 基于 token 构建登录用户
                 LoginUser loginUser = buildLoginUserByToken(token, userType);
@@ -109,11 +88,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
     /**
      * 模拟登录用户，方便日常开发调试
-     * <p>
+     *
      * 注意，在线上环境下，一定要关闭该功能！！！
      *
-     * @param request  请求
-     * @param token    模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
+     * @param request 请求
+     * @param token 模拟的 token，格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
      * @param userType 用户类型
      * @return 模拟的 LoginUser
      */

yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java

@@ -24,20 +24,6 @@ public class SecurityFrameworkUtils {
 
     private SecurityFrameworkUtils() {}
 
-    /**
-     * 积木报表内部请求获取token
-     *
-     * @param request
-     * @return
-     */
-    private static String getToken(HttpServletRequest request) {
-        String token = request.getParameter("token");
-        if (token == null) {
-            token = request.getHeader("X-Access-Token");
-        }
-        return token;
-    }
-
     /**
      * 从请求中，获得认证 Token
      *
@@ -46,9 +32,6 @@ public class SecurityFrameworkUtils {
      * @return 认证 Token
      */
     public static String obtainAuthorization(HttpServletRequest request, String header) {
-        if (request.getRequestURI().startsWith("/jmreport/")) {
-            return getToken(request);
-        }
         String authorization = request.getHeader(header);
         if (!StringUtils.hasText(authorization)) {
             return null;

yudao-module-infra/yudao-module-infra-biz/src/main/java/cn/iocoder/yudao/module/infra/framework/security/config/SecurityConfiguration.java

@@ -27,6 +27,8 @@ public class SecurityConfiguration {
                         .antMatchers("/swagger-resources/**").anonymous()
                         .antMatchers("/webjars/**").anonymous()
                         .antMatchers("/*/api-docs").anonymous();
+                //积木报表
+                registry.antMatchers("/jmreport/**").permitAll();
                 // Spring Boot Actuator 的安全配置
                 registry.antMatchers("/actuator").anonymous()
                         .antMatchers("/actuator/**").anonymous();

yudao-module-visualization/yudao-module-visualization-biz/pom.xml

@@ -23,6 +23,12 @@
             <version>${revision}</version>
         </dependency>
 
+        <dependency>
+            <groupId>cn.iocoder.boot</groupId>
+            <artifactId>yudao-module-system-biz</artifactId>
+            <version>${revision}</version>
+        </dependency>
+
         <!-- 业务组件 -->
         <dependency>
             <groupId>cn.iocoder.boot</groupId>
@@ -57,5 +63,6 @@
             <groupId>org.jeecgframework.jimureport</groupId>
             <artifactId>jimureport-spring-boot-starter</artifactId>
         </dependency>
+
     </dependencies>
 </project>

yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/config/JimuReportTokenService.java

@@ -0,0 +1,44 @@
+package cn.iocoder.yudao.module.visualization.config;
+
+import cn.hutool.core.util.StrUtil;
+import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
+import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
+import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
+import cn.iocoder.yudao.module.system.service.user.AdminUserService;
+import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class JimuReportTokenService implements JmReportTokenServiceI {
+    @Autowired
+    private OAuth2TokenApi oauth2TokenApi;
+
+    @Autowired
+    private AdminUserService adminUserService;
+
+    @Override
+    public String getUsername(String token) {
+        if (StrUtil.isNotEmpty(token)) {
+            OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(token);
+            if (accessToken != null) {
+                Long userId = accessToken.getUserId();
+                System.out.println(userId);
+                AdminUserDO user = adminUserService.getUser(userId);
+                if (user != null) {
+                    return user.getUsername();
+                }
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public Boolean verifyToken(String token) {
+        if (StrUtil.isNotEmpty(token)) {
+            OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(token);
+            return accessToken != null;
+        }
+        return false;
+    }
+}

yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java

@@ -1,26 +0,0 @@
-package cn.iocoder.yudao.module.visualization.framework.security.config;
-
-import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
-
-/**
- * visualization 模块的 Security 配置
- */
-@Configuration("visualizationSecurityConfiguration")
-public class SecurityConfiguration {
-
-    @Bean("visualizationAuthorizeRequestsCustomizer")
-    public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
-        return new AuthorizeRequestsCustomizer() {
-            @Override
-            public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
-                registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
-            }
-        };
-    }
-
-}

yudao-server/src/main/resources/application.yaml

@@ -69,7 +69,6 @@ yudao:
   security:
     permit-all_urls:
       - /admin-ui/** # /resources/admin-ui 目录下的静态资源
-      - /jmreport/**
   swagger:
     title: 管理后台
     description: 提供管理员管理的所有功能