支持不登录也能查看报表 #2919

报表分享链接不登录也可访问 #2920
jeecgboot · Aug 24, 2024 · 0b19569 · 0b19569
1 parent 930f969
commit 0b19569
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 0 deletions.
diff --git a/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/SpringSecurityConfig.java b/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/SpringSecurityConfig.java
@@ -22,6 +22,29 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
         http.csrf().disable()
                 .authorizeRequests()
                 .antMatchers("/login/**").permitAll()
+                // 放过静态资源
+                .antMatchers("/jmreport/**/cdn/**",
+                        "/jmreport/desreport_/**/*.js",
+                        "/jmreport/desreport_/**/*.css",
+                        "/jmreport/desreport_/**/*.png").permitAll()
+                // 不需要登录的接口
+                .antMatchers("/jmreport/excelQueryByTemplate",
+                        "/jmreport/img/**",
+                        "/jmreport/download/image",
+                        "/jmreport/verificationToken",
+                        "/jmreport/link/queryByIds",
+                        "/jmreport/test/getUserMsg",
+                        "/jmreport/test/getOrder",
+                        "/jmreport/auto/export/download/**").permitAll()
+                // 分享页面
+                .antMatchers("/jmreport/shareView/**",
+                        "/jmreport/checkParam/**",
+                        "/jmreport/share/verification",
+                        "/jmreport/getQueryInfo",
+                        "/jmreport/show",
+                        "/jmreport/addViewCount/**").permitAll()
+                // view页面
+                .antMatchers("/jmreport/view/**").access("@viewPageCustomAccess.check(request,authentication)")
                 .anyRequest().authenticated()
                 .and()
                 .formLogin()

diff --git a/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/ViewPageCustomAccess.java b/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/ViewPageCustomAccess.java
@@ -0,0 +1,42 @@
+package com.jeecg.modules.jmreport.config;
+
+import org.jeecg.modules.jmreport.common.util.OkConvertUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 自定义view页面access处理
+ * for: [TV360X-2206] 目前这个版本必须登录后才能看报表，如何设置不登录也能查看报表 #2919
+ * @author chenrui
+ * @date 2024/8/23 14:28
+ */
+@Component("viewPageCustomAccess")
+public class ViewPageCustomAccess {
+
+    @Value("${spring.security.open-view-page:false}")
+    boolean openViewPage = false;
+
+    public boolean check(HttpServletRequest request, Authentication authentication) {
+        Object principal = authentication.getPrincipal();
+        if (OkConvertUtils.isEmpty(principal) || "anonymousUser".equalsIgnoreCase(principal.toString())) {
+            // 未登录
+            if (openViewPage) {
+                // 配置文件设置了开放view页面
+                return true;
+            }
+            HttpServletRequest httpRequest = (HttpServletRequest) request;
+            String previousPage = httpRequest.getParameter("previousPage");
+            String jmLink = httpRequest.getParameter("jmLink");
+            if (OkConvertUtils.isNotEmpty(previousPage) && OkConvertUtils.isNotEmpty(jmLink) ) {
+                // 参数中有previousPage和jmLink
+                return true;
+            }
+            return false;
+        }
+        return true;
+    }
+}
+