hhyykk/ipms-sjy
1
1
Fork 0
mirror of https://gitee.com/hhyykk/ipms-sjy.git synced 2025-10-30 01:38:43 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

积木报表post请求增加身份认证

Browse Source
This commit is contained in:
jiangqiang
2022-07-11 15:15:25 +08:00
parent 5c58a377db
commit 227a125719
4 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java
View File

@@ -37,13 +37,34 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
private final OAuth2TokenApi oauth2TokenApi; private final OAuth2TokenApi oauth2TokenApi;
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
@Override @Override
@SuppressWarnings("NullableProblems") @SuppressWarnings("NullableProblems")
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws ServletException, IOException { throws ServletException, IOException {
String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader()); String token;
Integer userType;
if (request.getRequestURI().startsWith("/jmreport/")) {
token = getToken(request);
userType = 2;
} else {
token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
userType = WebFrameworkUtils.getLoginUserType(request);
}
if (StrUtil.isNotEmpty(token)) { if (StrUtil.isNotEmpty(token)) {
Integer userType = WebFrameworkUtils.getLoginUserType(request);
try { try {
// 1.1 基于 token 构建登录用户 // 1.1 基于 token 构建登录用户
LoginUser loginUser = buildLoginUserByToken(token, userType); LoginUser loginUser = buildLoginUserByToken(token, userType);
@@ -88,7 +109,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
/** /**
* 模拟登录用户,方便日常开发调试 * 模拟登录用户,方便日常开发调试
* * <p>
* 注意,在线上环境下,一定要关闭该功能!!! * 注意,在线上环境下,一定要关闭该功能!!!
* *
* @param request 请求 * @param request 请求

17
yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java
View File

@@ -24,6 +24,20 @@ public class SecurityFrameworkUtils {
private SecurityFrameworkUtils() {} private SecurityFrameworkUtils() {}
/**
* 积木报表内部请求获取token
*
* @param request
* @return
*/
private static String getToken(HttpServletRequest request) {
String token = request.getParameter("token");
if (token == null) {
token = request.getHeader("X-Access-Token");
}
return token;
}
/** /**
* 从请求中,获得认证 Token * 从请求中,获得认证 Token
* *
@@ -32,6 +46,9 @@ public class SecurityFrameworkUtils {
* @return 认证 Token * @return 认证 Token
*/ */
public static String obtainAuthorization(HttpServletRequest request, String header) { public static String obtainAuthorization(HttpServletRequest request, String header) {
if (request.getRequestURI().startsWith("/jmreport/")) {
return getToken(request);
}
String authorization = request.getHeader(header); String authorization = request.getHeader(header);
if (!StringUtils.hasText(authorization)) { if (!StringUtils.hasText(authorization)) {
return null; return null;

3
yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java
View File

@@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer; import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
@@ -17,7 +18,7 @@ public class SecurityConfiguration {
return new AuthorizeRequestsCustomizer() { return new AuthorizeRequestsCustomizer() {
@Override @Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) { public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
registry.antMatchers("/jmreport/**").anonymous(); registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
} }
}; };
} }

3
yudao-ui-admin/src/views/visualization/jm/index.vue
View File

@@ -6,12 +6,13 @@
</template> </template>
<script> <script>
import iFrame from "@/components/iFrame/index"; import iFrame from "@/components/iFrame/index";
import {getAccessToken} from "@/utils/auth";
export default { export default {
name: "JimuReport", name: "JimuReport",
components: { iFrame }, components: { iFrame },
data() { data() {
return { return {
url: process.env.VUE_APP_BASE_API + "/jmreport/list" url: process.env.VUE_APP_BASE_API + "/jmreport/list?token=" + getAccessToken(),
}; };
}, },
}; };