支持不登录也能查看报表 #2919

报表分享链接不登录也可访问 #2920
2025-10-14 06:20:23 +00:00 · 2024-08-24 16:56:36 +08:00
parent 930f969ded
commit 0b19569b8d
2 changed files with 65 additions and 0 deletions
--- a/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/SpringSecurityConfig.java
+++ b/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/SpringSecurityConfig.java
@@ -22,6 +22,29 @@ public class SpringSecurityConfig {
        http.csrf().disable()
                .authorizeRequests()
                .antMatchers("/login/**").permitAll()
+                // 放过静态资源
+                .antMatchers("/jmreport/**/cdn/**",
+                        "/jmreport/desreport_/**/*.js",
+                        "/jmreport/desreport_/**/*.css",
+                        "/jmreport/desreport_/**/*.png").permitAll()
+                // 不需要登录的接口
+                .antMatchers("/jmreport/excelQueryByTemplate",
+                        "/jmreport/img/**",
+                        "/jmreport/download/image",
+                        "/jmreport/verificationToken",
+                        "/jmreport/link/queryByIds",
+                        "/jmreport/test/getUserMsg",
+                        "/jmreport/test/getOrder",
+                        "/jmreport/auto/export/download/**").permitAll()
+                // 分享页面
+                .antMatchers("/jmreport/shareView/**",
+                        "/jmreport/checkParam/**",
+                        "/jmreport/share/verification",
+                        "/jmreport/getQueryInfo",
+                        "/jmreport/show",
+                        "/jmreport/addViewCount/**").permitAll()
+                // view页面
+                .antMatchers("/jmreport/view/**").access("@viewPageCustomAccess.check(request,authentication)")
                .anyRequest().authenticated()
                .and()
                .formLogin()
--- a/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/ViewPageCustomAccess.java
+++ b/jimureport-example/src/main/java/com/jeecg/modules/jmreport/config/ViewPageCustomAccess.java
@@ -0,0 +1,42 @@
+package com.jeecg.modules.jmreport.config;
+
+import org.jeecg.modules.jmreport.common.util.OkConvertUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.core.Authentication;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 自定义view页面access处理
+ * for: [TV360X-2206] 目前这个版本必须登录后才能看报表，如何设置不登录也能查看报表 #2919
+ * @author chenrui
+ * @date 2024/8/23 14:28
+ */
+@Component("viewPageCustomAccess")
+public class ViewPageCustomAccess {
+
+    @Value("${spring.security.open-view-page:false}")
+    boolean openViewPage = false;
+
+    public boolean check(HttpServletRequest request, Authentication authentication) {
+        Object principal = authentication.getPrincipal();
+        if (OkConvertUtils.isEmpty(principal) || "anonymousUser".equalsIgnoreCase(principal.toString())) {
+            // 未登录
+            if (openViewPage) {
+                // 配置文件设置了开放view页面
+                return true;
+            }
+            HttpServletRequest httpRequest = (HttpServletRequest) request;
+            String previousPage = httpRequest.getParameter("previousPage");
+            String jmLink = httpRequest.getParameter("jmLink");
+            if (OkConvertUtils.isNotEmpty(previousPage) && OkConvertUtils.isNotEmpty(jmLink) ) {
+                // 参数中有previousPage和jmLink
+                return true;
+            }
+            return false;
+        }
+        return true;
+    }
+}
+