Merge remote-tracking branch 'origin/feature/visual' into feature/visual
commit
5b1e6c0d91
|
@ -37,13 +37,34 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
private final OAuth2TokenApi oauth2TokenApi;
|
private final OAuth2TokenApi oauth2TokenApi;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 积木报表内部请求获取token
|
||||||
|
*
|
||||||
|
* @param request
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
private static String getToken(HttpServletRequest request) {
|
||||||
|
String token = request.getParameter("token");
|
||||||
|
if (token == null) {
|
||||||
|
token = request.getHeader("X-Access-Token");
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@SuppressWarnings("NullableProblems")
|
@SuppressWarnings("NullableProblems")
|
||||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
|
||||||
throws ServletException, IOException {
|
throws ServletException, IOException {
|
||||||
String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
|
String token;
|
||||||
|
Integer userType;
|
||||||
|
if (request.getRequestURI().startsWith("/jmreport/")) {
|
||||||
|
token = getToken(request);
|
||||||
|
userType = 2;
|
||||||
|
} else {
|
||||||
|
token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
|
||||||
|
userType = WebFrameworkUtils.getLoginUserType(request);
|
||||||
|
}
|
||||||
if (StrUtil.isNotEmpty(token)) {
|
if (StrUtil.isNotEmpty(token)) {
|
||||||
Integer userType = WebFrameworkUtils.getLoginUserType(request);
|
|
||||||
try {
|
try {
|
||||||
// 1.1 基于 token 构建登录用户
|
// 1.1 基于 token 构建登录用户
|
||||||
LoginUser loginUser = buildLoginUserByToken(token, userType);
|
LoginUser loginUser = buildLoginUserByToken(token, userType);
|
||||||
|
@ -88,11 +109,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 模拟登录用户,方便日常开发调试
|
* 模拟登录用户,方便日常开发调试
|
||||||
*
|
* <p>
|
||||||
* 注意,在线上环境下,一定要关闭该功能!!!
|
* 注意,在线上环境下,一定要关闭该功能!!!
|
||||||
*
|
*
|
||||||
* @param request 请求
|
* @param request 请求
|
||||||
* @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
|
* @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号
|
||||||
* @param userType 用户类型
|
* @param userType 用户类型
|
||||||
* @return 模拟的 LoginUser
|
* @return 模拟的 LoginUser
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -24,6 +24,20 @@ public class SecurityFrameworkUtils {
|
||||||
|
|
||||||
private SecurityFrameworkUtils() {}
|
private SecurityFrameworkUtils() {}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 积木报表内部请求获取token
|
||||||
|
*
|
||||||
|
* @param request
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
private static String getToken(HttpServletRequest request) {
|
||||||
|
String token = request.getParameter("token");
|
||||||
|
if (token == null) {
|
||||||
|
token = request.getHeader("X-Access-Token");
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 从请求中,获得认证 Token
|
* 从请求中,获得认证 Token
|
||||||
*
|
*
|
||||||
|
@ -32,6 +46,9 @@ public class SecurityFrameworkUtils {
|
||||||
* @return 认证 Token
|
* @return 认证 Token
|
||||||
*/
|
*/
|
||||||
public static String obtainAuthorization(HttpServletRequest request, String header) {
|
public static String obtainAuthorization(HttpServletRequest request, String header) {
|
||||||
|
if (request.getRequestURI().startsWith("/jmreport/")) {
|
||||||
|
return getToken(request);
|
||||||
|
}
|
||||||
String authorization = request.getHeader(header);
|
String authorization = request.getHeader(header);
|
||||||
if (!StringUtils.hasText(authorization)) {
|
if (!StringUtils.hasText(authorization)) {
|
||||||
return null;
|
return null;
|
||||||
|
|
|
@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.security.config;
|
||||||
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
||||||
|
|
||||||
|
@ -17,7 +18,7 @@ public class SecurityConfiguration {
|
||||||
return new AuthorizeRequestsCustomizer() {
|
return new AuthorizeRequestsCustomizer() {
|
||||||
@Override
|
@Override
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
||||||
registry.antMatchers("/jmreport/**").anonymous();
|
registry.antMatchers(HttpMethod.GET, "/jmreport/**").permitAll();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,12 +6,13 @@
|
||||||
</template>
|
</template>
|
||||||
<script>
|
<script>
|
||||||
import iFrame from "@/components/iFrame/index";
|
import iFrame from "@/components/iFrame/index";
|
||||||
|
import {getAccessToken} from "@/utils/auth";
|
||||||
export default {
|
export default {
|
||||||
name: "JimuReport",
|
name: "JimuReport",
|
||||||
components: { iFrame },
|
components: { iFrame },
|
||||||
data() {
|
data() {
|
||||||
return {
|
return {
|
||||||
url: process.env.VUE_APP_BASE_API + "/jmreport/list"
|
url: process.env.VUE_APP_BASE_API + "/jmreport/list?token=" + getAccessToken(),
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue