diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index e87f5bc44..29907a6a1 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -37,13 +37,34 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { private final OAuth2TokenApi oauth2TokenApi; + /** + * 积木报表内部请求获取token + * + * @param request + * @return + */ + private static String getToken(HttpServletRequest request) { + String token = request.getParameter("token"); + if (token == null) { + token = request.getHeader("X-Access-Token"); + } + return token; + } + @Override @SuppressWarnings("NullableProblems") protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException { - String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader()); + String token; + Integer userType; + if (request.getRequestURI().startsWith("/jmreport/")) { + token = getToken(request); + userType = 2; + } else { + token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader()); + userType = WebFrameworkUtils.getLoginUserType(request); + } if (StrUtil.isNotEmpty(token)) { - Integer userType = WebFrameworkUtils.getLoginUserType(request); try { // 1.1 基于 token 构建登录用户 LoginUser loginUser = buildLoginUserByToken(token, userType); @@ -88,11 +109,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - * + *

* 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java index 5dc17b626..a64f4aafd 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/util/SecurityFrameworkUtils.java @@ -24,6 +24,20 @@ public class SecurityFrameworkUtils { private SecurityFrameworkUtils() {} + /** + * 积木报表内部请求获取token + * + * @param request + * @return + */ + private static String getToken(HttpServletRequest request) { + String token = request.getParameter("token"); + if (token == null) { + token = request.getHeader("X-Access-Token"); + } + return token; + } + /** * 从请求中,获得认证 Token * @@ -32,6 +46,9 @@ public class SecurityFrameworkUtils { * @return 认证 Token */ public static String obtainAuthorization(HttpServletRequest request, String header) { + if (request.getRequestURI().startsWith("/jmreport/")) { + return getToken(request); + } String authorization = request.getHeader(header); if (!StringUtils.hasText(authorization)) { return null; diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java index f35855a85..bc8a1f249 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/security/config/SecurityConfiguration.java @@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.security.config; import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer; @@ -17,7 +18,7 @@ public class SecurityConfiguration { return new AuthorizeRequestsCustomizer() { @Override public void customize(ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry registry) { - registry.antMatchers("/jmreport/**").anonymous(); + registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll(); } }; } diff --git a/yudao-ui-admin/src/views/visualization/jm/index.vue b/yudao-ui-admin/src/views/visualization/jm/index.vue index 1bfa13875..55c267cf3 100644 --- a/yudao-ui-admin/src/views/visualization/jm/index.vue +++ b/yudao-ui-admin/src/views/visualization/jm/index.vue @@ -6,12 +6,13 @@