修改积木报表相关访问配置

This commit is contained in:
jiangqiang 2022-07-16 11:00:07 +08:00
parent 5b1e6c0d91
commit d00a88a75d
7 changed files with 58 additions and 70 deletions

View File

@ -37,34 +37,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
private final OAuth2TokenApi oauth2TokenApi; private final OAuth2TokenApi oauth2TokenApi;
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
@Override @Override
@SuppressWarnings("NullableProblems") @SuppressWarnings("NullableProblems")
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException { throws ServletException, IOException {
String token; String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
Integer userType;
if (request.getRequestURI().startsWith("/jmreport/")) {
token = getToken(request);
userType = 2;
} else {
token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
userType = WebFrameworkUtils.getLoginUserType(request);
}
if (StrUtil.isNotEmpty(token)) { if (StrUtil.isNotEmpty(token)) {
Integer userType = WebFrameworkUtils.getLoginUserType(request);
try { try {
// 1.1 基于 token 构建登录用户 // 1.1 基于 token 构建登录用户
LoginUser loginUser = buildLoginUserByToken(token, userType); LoginUser loginUser = buildLoginUserByToken(token, userType);
@ -109,7 +88,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
/** /**
* 模拟登录用户方便日常开发调试 * 模拟登录用户方便日常开发调试
* <p> *
* 注意在线上环境下一定要关闭该功能 * 注意在线上环境下一定要关闭该功能
* *
* @param request 请求 * @param request 请求

View File

@ -24,20 +24,6 @@ public class SecurityFrameworkUtils {
private SecurityFrameworkUtils() {} private SecurityFrameworkUtils() {}
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
/** /**
* 从请求中获得认证 Token * 从请求中获得认证 Token
* *
@ -46,9 +32,6 @@ public class SecurityFrameworkUtils {
* @return 认证 Token * @return 认证 Token
*/ */
public static String obtainAuthorization(HttpServletRequest request, String header) { public static String obtainAuthorization(HttpServletRequest request, String header) {
if (request.getRequestURI().startsWith("/jmreport/")) {
return getToken(request);
}
String authorization = request.getHeader(header); String authorization = request.getHeader(header);
if (!StringUtils.hasText(authorization)) { if (!StringUtils.hasText(authorization)) {
return null; return null;

View File

@ -27,6 +27,8 @@ public class SecurityConfiguration {
.antMatchers("/swagger-resources/**").anonymous() .antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous() .antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous(); .antMatchers("/*/api-docs").anonymous();
//积木报表
registry.antMatchers("/jmreport/**").permitAll();
// Spring Boot Actuator 的安全配置 // Spring Boot Actuator 的安全配置
registry.antMatchers("/actuator").anonymous() registry.antMatchers("/actuator").anonymous()
.antMatchers("/actuator/**").anonymous(); .antMatchers("/actuator/**").anonymous();

View File

@ -23,6 +23,12 @@
<version>${revision}</version> <version>${revision}</version>
</dependency> </dependency>
<dependency>
<groupId>cn.iocoder.boot</groupId>
<artifactId>yudao-module-system-biz</artifactId>
<version>${revision}</version>
</dependency>
<!-- 业务组件 --> <!-- 业务组件 -->
<dependency> <dependency>
<groupId>cn.iocoder.boot</groupId> <groupId>cn.iocoder.boot</groupId>
@ -57,5 +63,6 @@
<groupId>org.jeecgframework.jimureport</groupId> <groupId>org.jeecgframework.jimureport</groupId>
<artifactId>jimureport-spring-boot-starter</artifactId> <artifactId>jimureport-spring-boot-starter</artifactId>
</dependency> </dependency>
</dependencies> </dependencies>
</project> </project>

View File

@ -0,0 +1,44 @@
package cn.iocoder.yudao.module.visualization.config;
import cn.hutool.core.util.StrUtil;
import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi;
import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
import cn.iocoder.yudao.module.system.service.user.AdminUserService;
import org.jeecg.modules.jmreport.api.JmReportTokenServiceI;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class JimuReportTokenService implements JmReportTokenServiceI {
@Autowired
private OAuth2TokenApi oauth2TokenApi;
@Autowired
private AdminUserService adminUserService;
@Override
public String getUsername(String token) {
if (StrUtil.isNotEmpty(token)) {
OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(token);
if (accessToken != null) {
Long userId = accessToken.getUserId();
System.out.println(userId);
AdminUserDO user = adminUserService.getUser(userId);
if (user != null) {
return user.getUsername();
}
}
}
return null;
}
@Override
public Boolean verifyToken(String token) {
if (StrUtil.isNotEmpty(token)) {
OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(token);
return accessToken != null;
}
return false;
}
}

View File

@ -1,26 +0,0 @@
package cn.iocoder.yudao.module.visualization.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
/**
* visualization 模块的 Security 配置
*/
@Configuration("visualizationSecurityConfiguration")
public class SecurityConfiguration {
@Bean("visualizationAuthorizeRequestsCustomizer")
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
return new AuthorizeRequestsCustomizer() {
@Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
}
};
}
}

View File

@ -69,7 +69,6 @@ yudao:
security: security:
permit-all_urls: permit-all_urls:
- /admin-ui/** # /resources/admin-ui 目录下的静态资源 - /admin-ui/** # /resources/admin-ui 目录下的静态资源
- /jmreport/**
swagger: swagger:
title: 管理后台 title: 管理后台
description: 提供管理员管理的所有功能 description: 提供管理员管理的所有功能