When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since th

m0_68940359

已于 2024-08-28 10:37:01 修改

阅读量404

点赞数 15

文章标签： javascript 前端 vue.js

于 2024-08-27 10:16:45 首次发布

本文链接：https://blog.csdn.net/m0_68940359/article/details/141595884

版权

积木报表配置vue启动登录跨域配置

针对报表预览请求地址进行权限控制的话，自己写个spring拦截器

在若依的配置中跨域把

ResourcesConfig

将allowingOrigins换成allowedOriginPatterns即可

@Configuration
public class ResourcesConfig implements WebMvcConfigurer
{
    @Autowired
    private RepeatSubmitInterceptor repeatSubmitInterceptor;

    @Autowired
    private JmReportInterceptor jmReportInterceptor;

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry)
    {
        /** 本地文件上传路径 */
        registry.addResourceHandler(Constants.RESOURCE_PREFIX + "/**")
                .addResourceLocations("file:" + ZhongQingConfig.getProfile() + "/");

        /** swagger配置 */
        registry.addResourceHandler("/swagger-ui/**")
                .addResourceLocations("classpath:/META-INF/resources/webjars/springfox-swagger-ui/");

    }


    /**
     * 自定义拦截规则
     */
    @Override
    public void addInterceptors(InterceptorRegistry registry)
    {
        registry.addInterceptor(repeatSubmitInterceptor).addPathPatterns("/**");
        registry.addInterceptor(jmReportInterceptor).addPathPatterns("/jmreport/view/*");
    }

    /**
     * 跨域配置
     */
    @Bean
    public CorsFilter corsFilter()
    {
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        // 设置访问源地址
        config.addAllowedOriginPattern("*");
        // 设置访问源请求头
        config.addAllowedHeader("*");
        // 设置访问源请求方法
        config.addAllowedMethod("*");
        // 有效期 1800秒
        config.setMaxAge(1800L);
        // 添加映射路径，拦截一切请求
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", config);
        // 返回新的CorsFilter
        return new CorsFilter(source);
    }
}

积木报表拦截器如下

@Component
public class JmReportInterceptor implements HandlerInterceptor {

    @Autowired
    private TokenService tokenService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {

        String token = request.getParameter("token");
        LoginUser loginUser = tokenService.getLoginUser(token);
        if (loginUser != null) {
            //超管不需要鉴权
            if(loginUser.getUser() != null && loginUser.getUser().isAdmin()){
                return true;
            }else{
                //获取权限集合
                Set<String> permissions = loginUser.getPermissions();
                //如果拥有设计器的权限，则无需view权限，也可以通过校验
                if(permissions != null && permissions.contains("report:jimu:list")){
                    return true;
                }
                //其余情况，一般是通过报表菜单点击进来的，校验是否有对应报表的权限：report:jimu:view:{reportId}
                //http../jmreport/view/717968580806651904，则reportId = 717968580806651904
                String reportId = StringUtils.substringAfterLast(request.getRequestURI(), "/");
                String viewPerm = "report:jimu:view:" + reportId;
                if(permissions != null && permissions.contains(viewPerm)){
                    return true;
                }
            }
        }
        AjaxResult ajaxResult = AjaxResult.error("参数错误或没有该报表的访问权限！");
        ServletUtils.renderString(response, JSONObject.toJSONString(ajaxResult));
        return false;
    }
}

m0_68940359

关注

15
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
When allowCredentials is true, allowedOrigins cannot contain the special value “*“ since th

针对报表预览请求地址进行权限控制的话，自己写个spring拦截器。积木报表配置vue启动登录跨域配置。在若依的配置中跨域把。
复制链接

扫一扫