1.0.28 ~ 23.5.24

12 months ago · 2f57b63bed
20 changed files with 433 additions and 112 deletions
--- a/fr-plugin-decision-integration-1.0.28.zip
+++ b/fr-plugin-decision-integration-1.0.28.zip
--- a/plugin.xml
+++ b/plugin.xml
@ -4,7 +4,7 @@
    <name><![CDATA[登录集成插件]]></name>
    <active>yes</active>
    <hidden>no</hidden>
-    <version>1.0.20</version>
+    <version>1.0.28</version>
    <env-version>10.0~</env-version>
    <jartime>2019-1-31</jartime>
    <vendor>JianYe.Wang</vendor>
@ -25,7 +25,12 @@
            [2022-02-22]<br/>1.0.17:将启动设计器按钮添加平台中/代码接口优化<br/>
            [2022-03-23]<br/>1.0.18:新增接口，单点场景可直接访问固定地址打开URL来唤醒设计器;key默认值设置为uuid<br/>
            [2022-04-01]<br/>1.0.19:调整WebResourceProvider接口；新增配置远程权限控制是否开启；调整用户平台类型添加逻辑<br/>
-            [2022-04-11]<br/>1.0.20:去除自定义登录页配置选项<br/>
+            [2022-04-11]<br/>1.0.20:去除自定义登录页配置选项；调整启动设计器按钮与平台主题颜色兼容<br/>
+            [2022-04-21]<br/>1.0.21:远程设计单点兼容历史版本<br/>
+            [2022-05-06]<br/>1.0.22:报表路径中文乱码问题<br/>
+            [2022-05-06]<br/>1.0.23:新增bi公共链接参数校验<br/>
+            [2022-05-06]<br/>1.0.24:跨域和登录请求跳过sso filter<br/>
+            [2023-01-06]<br/>1.0.27:模板预览token认证适配网页框控件<br/>
        ]]>
    </change-notes>
    <function-recorder class="com.fr.plugin.decision.integration.ControllerBridgeImpl"/>
@ -33,9 +38,12 @@
    <extra-decision>
        <ControllerRegisterProvider class="com.fr.plugin.decision.integration.ControllerBridgeImpl"/>
        <EmbedRequestFilterProvider class="com.fr.plugin.decision.integration.filter.RemoteFilter"/>
-        <EmbedRequestFilterProvider class="com.fr.plugin.decision.integration.filter.TplParaCheckFilter"/>
+        <EmbedRequestFilterProvider class="com.fr.plugin.decision.integration.filter.RequestCheckFilter"/>
        <EmbedRequestFilterProvider class="com.fr.plugin.decision.integration.filter.RequestSsoFilter"/>
        <WebResourceProvider class="com.fr.plugin.decision.integration.resource.PluginConfigWebResourceImpl"/>
        <WebResourceProvider class="com.fr.plugin.decision.integration.resource.WebStartWebResourceImpl"/>
    </extra-decision>
+    <extra-report>
+        <JavaScriptFileHandler class="com.fr.plugin.decision.integration.token.LoadTokenJSFileHandler"/>
+    </extra-report>
 </plugin>
--- a/src/main/java/com/fr/plugin/decision/integration/config/IntegrateConf.java
+++ b/src/main/java/com/fr/plugin/decision/integration/config/IntegrateConf.java
@ -21,6 +21,8 @@ import com.fr.plugin.decision.integration.utils.Constants;
 import com.fr.stable.StringUtils;
 import com.fr.third.fasterxml.jackson.annotation.JsonIgnoreProperties;

+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
@ -250,7 +252,7 @@ public class IntegrateConf extends DefaultConfiguration {
        StringBuffer buffer = new StringBuffer();
        buffer.append("<script>window.open('")
                .append("fanruan://").append(getDecisionUrl()).append("?GWToken?").append(getTokenByUserName(username))
-                .append(StringUtils.isEmpty(path)? "": ("?" + path))
+                .append(StringUtils.isEmpty(path)? "": ("?" + URLEncoder.encode(path, StandardCharsets.UTF_8.name())))
                .append("');(window.top==window)&&window.close();</script>");
        return buffer.toString();
    }
--- a/src/main/java/com/fr/plugin/decision/integration/controller/IntegratedController.java
+++ b/src/main/java/com/fr/plugin/decision/integration/controller/IntegratedController.java
@ -5,8 +5,8 @@ import com.fr.decision.authority.data.User;
 import com.fr.decision.webservice.CrossDomainResponse;
 import com.fr.decision.webservice.Response;
 import com.fr.decision.webservice.annotation.LoginStatusChecker;
+import com.fr.decision.webservice.utils.WebServiceUtils;
 import com.fr.decision.webservice.v10.login.LoginService;
-import com.fr.decision.webservice.v10.login.TokenResource;
 import com.fr.decision.webservice.v10.user.UserService;
 import com.fr.io.utils.ResourceIOUtils;
 import com.fr.log.FineLoggerFactory;
@ -15,6 +15,7 @@ import com.fr.plugin.decision.integration.service.IntegrateAuthService;
 import com.fr.plugin.decision.integration.service.IntegrateCustomService;
 import com.fr.plugin.decision.integration.utils.CommonUtils;
 import com.fr.plugin.decision.integration.utils.Constants;
+import com.fr.plugin.decision.integration.utils.LogUtils;
 import com.fr.stable.StableUtils;
 import com.fr.stable.StringUtils;
 import com.fr.third.fasterxml.jackson.databind.ObjectMapper;
@ -25,6 +26,8 @@ import com.fr.web.utils.WebUtils;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashMap;
 import java.util.Map;

@Controller
@ -61,7 +64,6 @@ public class IntegratedController {
     * @param third_token
     * @param callback
     * @return
-     * @throws Exception
     */
    @RequestMapping(
            value = {"/cross/login"},
@ -73,13 +75,36 @@ public class IntegratedController {
                                    HttpServletResponse response,
                                    @RequestParam(Constants.TOKEN_NAME) String third_token,
                                    @RequestParam(value = "callback", required = false, defaultValue = "callback") String callback
-    ) throws Exception {
+    ) {
+        try {
+            LogUtils.info("cross login accept token:{}", third_token);
+            String username = IntegrateAuthService.getInstance().getUserNameFromToken(third_token);
+            String fineAuthToken = LoginService.getInstance().login(request, response, username);
+            String domainResponse = CrossDomainResponse.create().callbackFuncName(callback)
+                    .parameter("accessToken", fineAuthToken)
+                    .parameter("url", IntegrateCustomService.getInstance().generateDefaultHomePageUrl(request))
+                    .parameter("status", "success")
+                    .createCrossDomainResponse();
+            LogUtils.info("cross login successful user:{} fine_auth_token:{}", username, fineAuthToken);
+            return domainResponse;
+        } catch (Exception e) {
+            return WebServiceUtils.getStackTraceInfo(e);
+        }
+    }
+
+    @RequestMapping(
+            value = {"/login/iframe"},
+            method = {RequestMethod.GET}
+    )
+    @ResponseBody
+    public String loginByIframe(HttpServletRequest request,
+                                    HttpServletResponse response,
+                                    @RequestParam(Constants.TOKEN_NAME) String third_token) throws Exception {
        String username = IntegrateAuthService.getInstance().getUserNameFromToken(third_token);
-        return CrossDomainResponse.create().callbackFuncName(callback)
-                .parameter("accessToken", LoginService.getInstance().login(request, response, username))
-                .parameter("url", IntegrateCustomService.getInstance().generateDefaultHomePageUrl(request))
-                .parameter("status", "success")
-                .createCrossDomainResponse();
+        String token = LoginService.getInstance().login(request, response, username);
+        return WebServiceUtils.parseWebPageResource("com/fr/plugin/decision/integration/login.html", new HashMap<String, Object>() {{
+            put("token", token);
+        }});
    }

    /**
@ -125,7 +150,7 @@ public class IntegratedController {
                                       @RequestParam(value = "path", required = false) String path) throws Exception {
        String username = LoginService.getInstance().getCurrentUserNameFromRequestCookie(request);
        if (StringUtils.isEmpty(username)) return StringUtils.EMPTY;
-        response.setContentType("text/html; charset=GB2312");
+        response.setContentType("text/html; charset=" + ServerConfig.getInstance().getServerCharset());
        return IntegrateConf.getInstance().getWebStartURL(username, path);
    }

--- a/src/main/java/com/fr/plugin/decision/integration/exception/TokenDecodeExpiredException.java
+++ b/src/main/java/com/fr/plugin/decision/integration/exception/TokenDecodeExpiredException.java
@ -2,6 +2,6 @@ package com.fr.plugin.decision.integration.exception;

 public class TokenDecodeExpiredException extends ThirdAuthException {
    public TokenDecodeExpiredException() {
-        super("Jwt token decode result is expired!");
+        super("third token parse result is expired!");
    }
 }
--- a/src/main/java/com/fr/plugin/decision/integration/filter/RemoteFilter.java
+++ b/src/main/java/com/fr/plugin/decision/integration/filter/RemoteFilter.java
@ -3,7 +3,7 @@ package com.fr.plugin.decision.integration.filter;
 import com.fr.data.NetworkHelper;
 import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider;
 import com.fr.decision.webservice.Response;
-import com.fr.decision.webservice.v10.remote.RemoteDesignStatusService;
+import com.fr.invoke.Reflect;
 import com.fr.plugin.decision.integration.config.IntegrateConf;
 import com.fr.plugin.decision.integration.service.IntegrateAuthService;
 import com.fr.plugin.decision.integration.utils.LogUtils;
@ -11,6 +11,7 @@ import com.fr.security.JwtUtils;
 import com.fr.security.SecurityToolbox;
 import com.fr.security.encryption.transmission.TransmissionEncryptors;
 import com.fr.stable.StringUtils;
+import com.fr.store.StateHubService;
 import com.fr.third.fasterxml.jackson.databind.ObjectMapper;
 import com.fr.web.utils.WebUtils;

@ -42,16 +43,19 @@ public class RemoteFilter extends AbstractEmbedRequestFilterProvider {
            return;
        }

-        LogUtils.info("RemoteFilter token auth success: {}", username);
-        ObjectMapper mapper = new ObjectMapper();
+        String token_user = null;
        try {
-            if (StringUtils.isNotBlank(IntegrateAuthService.getInstance().getUserNameFromToken(password))) {
+            token_user = IntegrateAuthService.getInstance().getUserNameFromToken(password);
+        } catch (Exception ignore) { }
+        if (StringUtils.isNotBlank(username) && StringUtils.equals(token_user, username)) {
+            try {
                String token = JwtUtils.createDefaultJWT(username);
-                RemoteDesignStatusService.loginStatusService().put(token, username, 1209600000);
-                WebUtils.printAsString(response, mapper.writeValueAsString(Response.ok(token)));
+                StateHubService stateHubService = Reflect.on("com.fr.decision.webservice.v10.remote.RemoteDesignStatusService").call("loginStatusService").get();
+                stateHubService.put(token, username, 1209600000);
+                WebUtils.printAsString(response, new ObjectMapper().writeValueAsString(Response.ok(token)));
+            } catch (Exception e) {
+                LogUtils.error(e.getMessage(), e);
            }
-        } catch (Exception e) {
-            LogUtils.error(e.getMessage(), e);
        }
    }
 }
--- a/src/main/java/com/fr/plugin/decision/integration/filter/RequestCheckFilter.java
+++ b/src/main/java/com/fr/plugin/decision/integration/filter/RequestCheckFilter.java
@ -0,0 +1,76 @@
+package com.fr.plugin.decision.integration.filter;
+
+import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider;
+import com.fr.decision.webservice.v10.login.LoginService;
+import com.fr.general.http.HttpRequest;
+import com.fr.general.http.HttpToolbox;
+import com.fr.json.JSONObject;
+import com.fr.plugin.decision.integration.config.IntegrateConf;
+import com.fr.plugin.decision.integration.utils.CommonUtils;
+import com.fr.plugin.decision.integration.utils.LogUtils;
+import com.fr.plugin.decision.integration.validation.BILinkValidate;
+import com.fr.plugin.decision.integration.validation.DashboardValidate;
+import com.fr.plugin.decision.integration.validation.TemplateValidate;
+import com.fr.plugin.decision.integration.validation.Validate;
+import com.fr.third.fasterxml.jackson.databind.ObjectMapper;
+import com.fr.third.org.apache.http.HttpEntity;
+import com.fr.third.org.apache.http.entity.StringEntity;
+import com.fr.web.utils.DefaultRequestParameterCollector;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class RequestCheckFilter extends AbstractEmbedRequestFilterProvider {
+
+    private Validate[] validates = new Validate[] {TemplateValidate.KEY, BILinkValidate.KEY, DashboardValidate.KEY};
+
+    @Override
+    public void filter(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
+
+        if (!IntegrateConf.getInstance().getParaCheckTurnOn()) return;
+
+        for (Validate v : validates) {
+            if (v.accept(request)) {
+                HashMap<String, Object> params = v.getCheckParameter(request);
+                params.putAll(getBaseParams(request));
+                if (!doCheck(params)) {
+                    LogUtils.debug("request check failed, now will show error page");
+                    CommonUtils.showErrorPage(response, "请登录系统访问报表", "");
+                }
+                break;
+            }
+        }
+    }
+
+    private HashMap<String, Object> getBaseParams(HttpServletRequest request) {
+        HashMap<String, Object> requestMap = new HashMap<>();
+        requestMap.putAll(DefaultRequestParameterCollector.getInstance().getParametersFromParameter(request));
+        requestMap.put("userId", LoginService.getInstance().getCurrentUserNameFromRequestCookie(request));
+        return requestMap;
+    }
+
+    private boolean doCheck(Map params) {
+        try {
+            HashMap<String, String> headerMap = new HashMap(1);
+            headerMap.put("Content-Type", "application/json");
+            HttpEntity entity = new StringEntity(new ObjectMapper().writeValueAsString(params), "utf-8");
+            LogUtils.debug("request check params:{}", params);
+            String result = HttpToolbox.executeAndParse(
+                    HttpRequest.custom()
+                            .url(IntegrateConf.getInstance().getParaCheckUrl())
+                            .post(entity)
+                            .headers(headerMap)
+                            .build());
+            LogUtils.debug("request check result:{}", result);
+            return new JSONObject(result).getBoolean("data");
+        } catch (Exception e) {
+            LogUtils.error(e.getMessage(), e);
+            return false;
+        }
+
+    }
+}
--- a/src/main/java/com/fr/plugin/decision/integration/filter/RequestSsoFilter.java
+++ b/src/main/java/com/fr/plugin/decision/integration/filter/RequestSsoFilter.java
@ -6,6 +6,7 @@ import com.fr.log.FineLoggerFactory;
 import com.fr.plugin.decision.integration.config.IntegrateConf;
 import com.fr.plugin.decision.integration.service.IntegrateAuthService;
 import com.fr.plugin.decision.integration.utils.CommonUtils;
+import com.fr.plugin.decision.integration.utils.LogUtils;
 import com.fr.stable.StringUtils;
 import com.fr.web.utils.WebUtils;

@ -27,14 +28,39 @@ public class RequestSsoFilter extends AbstractEmbedRequestFilterProvider {
    @Override
    public void filter(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
        try {
+            // 跨域判断
+            if (IntegrateConf.getInstance().getCrossDomain()) {
+                String origin = request.getHeader(REQUEST_HEADER_ORIGIN);
+                if (StringUtils.isNotEmpty(origin)) {
+                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin);
+                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
+                    String headers = request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
+                    if (StringUtils.isNotEmpty(headers))
+                        response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, headers);
+                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, "*");
+                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, "3600");
+                }
+                /*if (request.getMethod().equals("OPTIONS")) {
+                    response.setStatus(HttpServletResponse.SC_OK);
+                }*/
+            }
+
            // url 携带 token 单点
            String token = WebUtils.getHTTPRequestParameter(request, "third_token");
            if (StringUtils.isNotEmpty(token)) {
+                if (request.getRequestURI().endsWith("/third/auth/cross/login")
+                        || request.getRequestURI().endsWith("third/auth/login")
+                        || request.getRequestURI().endsWith("third/auth/login/iframe")) {
+                    return;
+                }
+                LogUtils.info("Request carried third_token:{}", token);
                String userName = IntegrateAuthService.getInstance().getUserNameFromToken(token);
-                if (CommonUtils.isMobile(request) && !request.getRequestURI().endsWith("/third/auth/cross/login")) {
+                if (CommonUtils.isMobile(request)) {
                    String frToken = doLoginFR(request, response, userName);
-                    String originalURL = WebUtils.getOriginalURL(request).replaceAll("&?third_token=[^&]*", "");
-                    response.sendRedirect(originalURL + "&fine_auth_token=" + frToken);
+                    String redirect = WebUtils.getOriginalURL(request).replaceAll("third_token=[^&]*", "fine_auth_token=" + frToken);
+                    LogUtils.info("Request is mobile, now will redirect to:{}", redirect);
+                    response.sendRedirect(redirect);
+                    return;
                } else {
                    String curUserName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(request);
                    if (!LoginService.getInstance().isLogged(request) || !StringUtils.equals(userName, curUserName)) {
@ -49,22 +75,6 @@ public class RequestSsoFilter extends AbstractEmbedRequestFilterProvider {
                return;
            }

-            // 跨域判断
-            if (IntegrateConf.getInstance().getCrossDomain()) {
-                String origin = request.getHeader("Origin");
-                if (StringUtils.isNotEmpty(origin)) {
-                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin);
-                    String headers = request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS);
-                    if (StringUtils.isNotEmpty(headers))
-                        response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, headers);
-                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, "*");
-                    response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, "3600");
-
-                }
-                /*if (request.getMethod().equals("OPTIONS")) {
-                    response.setStatus(HttpServletResponse.SC_OK);
-                }*/
-            }
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
        }
--- a/src/main/java/com/fr/plugin/decision/integration/filter/TplParaCheckFilter.java
+++ b/src/main/java/com/fr/plugin/decision/integration/filter/TplParaCheckFilter.java
@ -1,62 +0,0 @@
-package com.fr.plugin.decision.integration.filter;
-
-import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider;
-import com.fr.decision.webservice.v10.login.LoginService;
-import com.fr.general.http.HttpRequest;
-import com.fr.general.http.HttpToolbox;
-import com.fr.json.JSONObject;
-import com.fr.plugin.decision.integration.config.IntegrateConf;
-import com.fr.plugin.decision.integration.utils.CommonUtils;
-import com.fr.stable.ArrayUtils;
-import com.fr.stable.StringUtils;
-import com.fr.third.fasterxml.jackson.databind.ObjectMapper;
-import com.fr.third.org.apache.http.HttpEntity;
-import com.fr.third.org.apache.http.entity.StringEntity;
-import com.fr.web.utils.WebUtils;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.Map;
-
-public class TplParaCheckFilter extends AbstractEmbedRequestFilterProvider {
-
-    private String[] reportParameterNames = new String[]{"viewlet", "viewlets", "reportlet", "reportlets"};
-
-    @Override
-    public void filter(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
-        if (!needCheckParameter(request)) return;
-
-        HashMap<String, Object> requestMap = new HashMap<>();
-        for (String parameter : request.getParameterMap().keySet()) {
-            if (!ArrayUtils.contains(reportParameterNames, parameter))
-                requestMap.put(parameter, request.getParameter(parameter));
-        }
-        requestMap.put("userId", LoginService.getInstance().getCurrentUserNameFromRequestCookie(request));
-
-        try {
-            if (doCheckTplParameter(requestMap)) return;
-        } catch (Exception e) {
-        }
-        CommonUtils.showErrorPage(response, "请登录系统访问报表", "");
-    }
-
-    /**
-     * 请求是否需要校验预览参数
-     **/
-    private boolean needCheckParameter(HttpServletRequest request) {
-        return IntegrateConf.getInstance().getParaCheckTurnOn() &&
-                //LoginService.getInstance().isLogged(request) &&
-                StringUtils.isNotBlank(WebUtils.getReportTitleFromRequest(request));
-    }
-
-    private boolean doCheckTplParameter(Map requestMap) throws IOException {
-        HashMap headerMap = new HashMap();
-        headerMap.put("Content-Type", "application/json");
-        HttpEntity entity = new StringEntity(new ObjectMapper().writeValueAsString(requestMap), "utf-8");
-        String result = HttpToolbox.executeAndParse(HttpRequest.custom().url(IntegrateConf.getInstance().getParaCheckUrl()).post(entity).headers(headerMap).build());
-        return new JSONObject(result).getBoolean("data");
-    }
-}
--- a/src/main/java/com/fr/plugin/decision/integration/service/IntegrateAuthService.java
+++ b/src/main/java/com/fr/plugin/decision/integration/service/IntegrateAuthService.java
@ -2,26 +2,30 @@ package com.fr.plugin.decision.integration.service;


 import com.fr.cert.token.Claims;
+import com.fr.cert.token.Jwts;
+import com.fr.cert.token.SignatureAlgorithm;
 import com.fr.decision.base.util.UUIDUtil;
 import com.fr.decision.privilege.TransmissionTool;
 import com.fr.decision.webservice.bean.user.UserBean;
 import com.fr.decision.webservice.v10.user.UserService;
 import com.fr.io.utils.ResourceIOUtils;
-import com.fr.plugin.decision.integration.config.strategy.CreatePwdStrategy;
 import com.fr.plugin.decision.integration.bean.user.UserInfoBean;
 import com.fr.plugin.decision.integration.config.IntegrateConf;
+import com.fr.plugin.decision.integration.config.strategy.CreatePwdStrategy;
 import com.fr.plugin.decision.integration.config.strategy.user.impl.OnlyUserStrategy;
 import com.fr.plugin.decision.integration.exception.JwtKeyNullException;
 import com.fr.plugin.decision.integration.exception.JwtSubjectFormatException;
 import com.fr.plugin.decision.integration.exception.TokenDecodeExpiredException;
 import com.fr.plugin.decision.integration.exception.TokenNullException;
-import com.fr.plugin.decision.integration.utils.*;
+import com.fr.plugin.decision.integration.utils.AESUtils;
+import com.fr.plugin.decision.integration.utils.CommonUtils;
+import com.fr.plugin.decision.integration.utils.LogUtils;
+import com.fr.plugin.decision.integration.utils.UserUtils;
 import com.fr.report.ReportContext;
 import com.fr.report.constant.RoleType;
 import com.fr.report.data.RemoteDesignAuthority;
 import com.fr.report.util.RemoteDesignAuthHelper;
 import com.fr.report.util.RemoteUserInfo;
-import com.fr.security.JwtUtils;
 import com.fr.stable.StableUtils;
 import com.fr.stable.StringUtils;
 import com.fr.third.fasterxml.jackson.databind.ObjectMapper;
@ -29,6 +33,8 @@ import com.fr.transaction.Configurations;
 import com.fr.transaction.WorkerAdaptor;
 import com.fr.web.service.RemoteDesignAuthorityDataService;

+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.*;
@ -79,9 +85,14 @@ public class IntegrateAuthService {
    }

    private String decodeJwtToken(String thirdToken, String key) {
-        Claims claims = JwtUtils.parseJWT(thirdToken, key);
+        Claims claims = Jwts.parser()
+                .setSigningKey(key)
+                .parseClaimsJws(thirdToken)
+                .getBody();
        Date date = claims.getExpiration();
-        if (date != null && date.after(new Date())) {
+        Date now = new Date();
+        LogUtils.info("parse third_token result date:{} now:{}", date, now);
+        if (date != null && date.after(now)) {
            return claims.getSubject();
        }
        throw new TokenDecodeExpiredException();
@ -100,7 +111,7 @@ public class IntegrateAuthService {
        if (!config.getCreateUserTurnOn()) {
            if (CommonUtils.isJsonFormatStr(userInfoStr)) {
                return mapper.readValue(userInfoStr, UserInfoBean.class).getUsername();
-            };
+            }
            return userInfoStr;
        }

--- a/src/main/java/com/fr/plugin/decision/integration/token/LoadTokenJSFileHandler.java
+++ b/src/main/java/com/fr/plugin/decision/integration/token/LoadTokenJSFileHandler.java
@ -0,0 +1,22 @@
+package com.fr.plugin.decision.integration.token;
+
+import com.fr.plugin.context.PluginContexts;
+import com.fr.stable.fun.impl.AbstractJavaScriptFileHandler;
+
+/**
+ * @Author JianYe.Wang
+ * @Data 2022/7/21 11:12
+ * @Description 兼容报表访问地址通过URL传递fine_auth_token的形式
+ * @Version 10.0
+ **/
+public class LoadTokenJSFileHandler extends AbstractJavaScriptFileHandler {
+
+    @Override
+    public String[] pathsForFiles() {
+        if (!PluginContexts.currentContext().isAvailable()) {
+            return new String[0];
+        }
+
+        return new String[] {"com/fr/plugin/decision/integration/token/js/token.js"};
+    }
+}
--- a/src/main/java/com/fr/plugin/decision/integration/utils/CommonUtils.java
+++ b/src/main/java/com/fr/plugin/decision/integration/utils/CommonUtils.java
@ -7,6 +7,7 @@ import com.fr.intelligence.IntelligenceException;
 import com.fr.json.JSONObject;
 import com.fr.log.FineLoggerFactory;
 import com.fr.stable.StringUtils;
+import com.fr.third.springframework.core.NestedRuntimeException;
 import com.fr.web.utils.WebUtils;

 import javax.servlet.http.HttpServletRequest;
@ -72,6 +73,10 @@ public class CommonUtils {
            return Response.error(((IntelligenceException) ex).errorCode(), msg);
        }

+        if (ex instanceof NestedRuntimeException) {
+            msg = "Request data format exception!";
+        }
+
        return Response.error("", msg);
    }

--- a/src/main/java/com/fr/plugin/decision/integration/validation/BILinkValidate.java
+++ b/src/main/java/com/fr/plugin/decision/integration/validation/BILinkValidate.java
@ -0,0 +1,24 @@
+package com.fr.plugin.decision.integration.validation;
+
+import com.fr.base.ServerConfig;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * @Author JianYe.Wang
+ * @Data 2022/6/16 9:38
+ * @Description TODO
+ * @Version 10.0
+ **/
+public class BILinkValidate extends DashboardValidate {
+
+    public static final Validate KEY = new BILinkValidate();
+
+    @Override
+    protected Pattern getPattern() {
+        return Pattern.compile("(?<=" + ServerConfig.getInstance().getServletName() + "/link/).*");
+    }
+}
--- a/src/main/java/com/fr/plugin/decision/integration/validation/DashboardValidate.java
+++ b/src/main/java/com/fr/plugin/decision/integration/validation/DashboardValidate.java
@ -0,0 +1,36 @@
+package com.fr.plugin.decision.integration.validation;
+
+import com.fr.base.ServerConfig;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * @author Jianye
+ * @version 10.0
+ * @data 2022/8/24 17:26
+ **/
+public class DashboardValidate implements Validate {
+
+    public static final DashboardValidate KEY = new DashboardValidate();
+
+    @Override
+    public boolean accept(HttpServletRequest request) {
+        return getPattern().matcher(request.getRequestURI()).find();
+    }
+
+    @Override
+    public HashMap<String, Object> getCheckParameter(HttpServletRequest request) {
+        HashMap<String, Object> param = new HashMap<>();
+        Matcher m = getPattern().matcher(request.getRequestURI());
+        m.find();
+        param.put("dashboard", m.group());
+        return param;
+    }
+
+    protected Pattern getPattern() {
+        return Pattern.compile("(?<=" + ServerConfig.getInstance().getServletName() + "/v5/design/report/).*?(?=/edit|/view)");
+    }
+}
--- a/src/main/java/com/fr/plugin/decision/integration/validation/TemplateValidate.java
+++ b/src/main/java/com/fr/plugin/decision/integration/validation/TemplateValidate.java
@ -0,0 +1,30 @@
+package com.fr.plugin.decision.integration.validation;
+
+import com.fr.stable.StringUtils;
+import com.fr.web.utils.WebUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+
+/**
+ * @Author JianYe.Wang
+ * @Data 2022/6/16 9:34
+ * @Description TODO
+ * @Version 10.0
+ **/
+public class TemplateValidate implements Validate{
+
+    public static final Validate KEY = new TemplateValidate();
+
+    @Override
+    public boolean accept(HttpServletRequest request) {
+        return StringUtils.isNotEmpty(WebUtils.getReportTitleFromRequest(request));
+    }
+
+    @Override
+    public HashMap<String, Object> getCheckParameter(HttpServletRequest request) {
+        HashMap<String, Object> param = new HashMap<>();
+        param.put("reportlet", WebUtils.getReportTitleFromRequest(request));
+        return param;
+    }
+}
--- a/src/main/java/com/fr/plugin/decision/integration/validation/Validate.java
+++ b/src/main/java/com/fr/plugin/decision/integration/validation/Validate.java
@ -0,0 +1,18 @@
+package com.fr.plugin.decision.integration.validation;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+
+/**
+ * @Author JianYe.Wang
+ * @Data 2022/6/16 9:31
+ * @Description TODO
+ * @Version 10.0
+ **/
+public interface Validate {
+
+    boolean accept(HttpServletRequest request);
+
+    HashMap<String, Object> getCheckParameter(HttpServletRequest request);
+
+}
--- a/src/main/resources/com/fr/plugin/decision/integration/login.html
+++ b/src/main/resources/com/fr/plugin/decision/integration/login.html
@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+<script>
+    function addCookie(name, value, path, time) {
+        var cookie = name + "=" + encodeURI(value);
+        if (time && time > 0) {
+            var now = new Date;
+            now.setTime(now.getTime() + 3600 * time * 1e3);
+            cookie = cookie + "; expires=" + now.toUTCString()
+        }
+        path && (cookie = cookie + "; path=" + path);
+        if ('https:' === location.protocol) {
+            cookie = cookie + ";SameSite=None;Secure";
+        }
+        document.cookie = cookie;
+    }
+    window.onload = function () {
+        console.log("onload");
+        addCookie("fine_auth_token", "${token}", "/");
+        addCookie("fine_remember_login", "-1", "/");
+
+        window.parent.postMessage({
+            type: "fr_sso",
+            data: true
+        }, "*");
+    }
+</script>
+</body>
+</html>
--- a/src/main/resources/com/fr/plugin/decision/integration/token/js/token.js
+++ b/src/main/resources/com/fr/plugin/decision/integration/token/js/token.js
@ -0,0 +1,65 @@
+!(function () {
+    var params = FR.generateUrlParam(window.location.href);
+    var token_key = "fine_auth_token";
+    var param_key = "__parameters__";
+    var token;
+
+    // url 直接传入
+    !token && params.hasOwnProperty(token_key) && (token = params[token_key]);
+
+    // 超级链接到模板
+    if (!token) {
+        var hp;
+        try {
+            if (params.hasOwnProperty(param_key) && (hp = JSON.parse(decodeURIComponent(decodeURIComponent(params[param_key])))).hasOwnProperty(token_key)) {
+                token = hp[token_key];
+            }
+        } catch (e) {
+            console.error(e);
+        }
+    }
+
+    if (token) {
+        console.log("Load fine_auth_token from parameter successful!");
+        var _ajax = FR.ajax;
+        FR.ajax = function (i) {
+            i.data || ( i.data = {});
+            i.data[token_key] = token;
+            _ajax.call(this, i);
+        };
+
+        var _hyperLinkByGet = FR.doHyperlinkByGet4Reportlet;
+        FR.doHyperlinkByGet4Reportlet = function (i) {
+            i.para || ( i.para = {});
+            i.para[token_key] = token;
+            _hyperLinkByGet.call(this, i);
+        };
+
+        // 网页框
+        let _changeIframe = FR.IframeEditor.prototype._changeIframe;
+        FR.IframeEditor.prototype._changeIframe = function (src) {
+            src += (((src.indexOf("?") > -1) ? "&":"?") + token_key + "=" + token);
+            _changeIframe.call(this, src);
+        }
+
+        // 网页框插件
+        if (FR.RHIframe) {
+            let _changeIframe = FR.RHIframe.prototype._changeIframe;
+            FR.RHIframe.prototype._changeIframe = function (src) {
+                src += (((src.indexOf("?") > -1) ? "&":"?") + token_key + "=" + token);
+                _changeIframe.call(this, src);
+            }
+        }
+
+        // 导出请求
+        var _openUrlByForm = FR.openUrlByForm;
+        FR.openUrlByForm = function (src) {
+            src += (((src.indexOf("?") > -1) ? "&":"?") + token_key + "=" + token);
+            _openUrlByForm.call(this, src);
+        }
+
+    } else {
+        console.log("Load fine_auth_token from parameter failed!");
+    }
+
+})();
--- a/src/main/resources/com/fr/plugin/decision/integration/web/js/pane.js
+++ b/src/main/resources/com/fr/plugin/decision/integration/web/js/pane.js
@ -221,7 +221,7 @@
                                cls: "dec-font-weight-bold",
                                text: "校验地址",
                                title: "校验地址",
-                                editorWidth: 180,
+                                editorWidth: 300,
                                value: self.model.config.paraCheckUrl,
                                ref: function (_ref) {
                                    self.paraCheckUrl = _ref
--- a/src/main/resources/com/fr/plugin/decision/integration/web/js/web_start.js
+++ b/src/main/resources/com/fr/plugin/decision/integration/web/js/web_start.js
@ -1,10 +1,23 @@
 !(function () {
    BI.config("dec.constant.header.items", function (items) {
+        var customColors;
+        switch (Dec.system.styleConfig.colorScheme) {
+            case 0:
+                customColors = BI.Constants.getConstant("dec.constant.look.color.scheme.light");
+                break;
+            case 1:
+                customColors = BI.Constants.getConstant("dec.constant.look.color.scheme.dark");
+                break;
+            case 2:
+                customColors = Dec.system.styleConfig.customColors;
+                break;
+        }
+        var color = customColors[5], bgColor = customColors[1];
        return BI.concat([{
            type: "bi.button",
            text: "启动设计器",
-            ghost: true,
-            css: {color: "white"},
+            //ghost: true,
+            css: {color: color, "background-color": bgColor, "border-color": bgColor},
            handler: function () {
                Dec.Utils.getWebStartInfo(function (res) {
                    if (res.data) {