方法一(此方法來源於網上,未嘗試過):
1.把birt viewer项目和现有项目整合在一起(为了让birt viewer项目能获取到现有项目的session)
2.修改BIRT VIEWER SERVLET类,该类源码在org.eclipse.birt.report.servlet.BirtEngineServlet下面,找到函数经行修改,红色为新增部分
/**
* Local authentication.
*
* @param request
* incoming http request
* @param response
* http response
* @return
*/
protected boolean __authenticate( HttpServletRequest request,
HttpServletResponse response )
{
//报表权限,没有登录访问不了
if(request.getSession().getAttribute("user")==null)
{
return false;
}
return true;
}
3.将该类编译后放进BIRT包里面。
方法二(by MikeyD):
We used the following approach to only allow authorized users to access a report.
First our application sets a session cookie (named: OUR_REPORT) that contains a md5 hash code. This hash code was generated on the following example string: "sample_report.rptdesignmikey22" (report name+user name+hour)
The url that calls the birt report contains the standard parameters and an additional one we called __user: http://somehost/birt/frameset?__showtitle=false&__report=sample_report.rptdesign&Customer=2&Week=2009-02&__user=mikey
Within the BIRT report we read the report name (sample_report.rptdesign) and the user (mikey) from the URL. Together with the current hour we create a md5 has code within BIRT. Now we read the md5 hash code from the session cookie and compare it with our own md5 hash. If they are equal we set our access_flag variable to 0, otherwise we set it to 1.
In the report itself the visibility of objects depends on the flag: if flag=1 we hide all output and show a text indicating the user has no access.
This approach prevents users to access reports by simply changing the URL to something else (i.e. change the user). The example described uses hour as a variable component, but one could look for other variables as well.
This is the script we added to the BeforeFactory of the report:
importPackage( Packages.javax.servlet.http );
var request = reportContext.getHttpServletRequest();
var cookies = request.getCookies();
var flag = 0;
var cookiestring="";
var tm = new Date();
hour = tm.getUTCHours().toString();
prev_hour = (tm.getUTCHours()-1).toString();
//if the hour is one digit, we need to add a leading 0 because this is also used in PHP
if (hour.length==1) {hour='0'+hour};
if (prev_hour.length==1) {prev_hour='0'+prev_hour};
//search for the correct cookie, being OUR_REPORT
for (i=0; i< cookies.length; i++)
{
if(cookies[i].getName().equals("OUR_REPORT")){
cookiestring=cookies[i].getValue();
}
}
//read the url values
var request = reportContext.getHttpServletRequest();
user=request.getParameter("__user");
repname=request.getParameter("__report");
urlstring=md5(repname+user+hour);
prev_urlstring=md5(repname+user+prev_hour);
//set the flag to allow the report components to hide if flag=1 (= no access)
if (cookiestring!=urlstring)
{
if (cookiestring!=prev_urlstring) {flag=1}
};
reportContext.setGlobalVariable('access_flag', flag);
Finally to make this work we added the attached MD5.js script to the resources of the BIRT report.
Download
--------------------------------------------------------------------
本人補充:
(1)報表中建立一個變量'access_flag'
(2)給變量值reportContext.setGlobalVariable('access_flag', flag);
(3)設置組件是否顯示
方法一:
if(reportContext.getGlobalVariable('access_flag') == 0)
{
document.getElementID("txtTest").style.display = "none";
}
方法二:if(vars["access_flag"]==1){false;}else{true;}
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
