nbcio-boot因为升级mybatis-plus到3.5.3.1和JSQLParser 到4.6，引起的在线报表配置报错。

         导致主页显示不出任务东西。

sql语句如下：

     select DATE_FORMAT(c.days, '%Y%m') x, count(num) y from (select DATE_FORMAT(b.DEPLOY_TIME_, '%Y-%m-%d') AS days , count(a.KEY_) as num from (select DEPLOYMENT_ID_,KEY_,MAX(VERSION_) from act_re_procdef GROUP BY KEY_) a LEFT JOIN act_re_deployment b on a.DEPLOYMENT_ID_ = b.ID_ GROUP BY DATE_FORMAT(b.DEPLOY_TIME_, '%Y-%m-%d') ORDER BY b.DEPLOY_TIME_) c GROUP BY x ORDER BY x desc

   在没有升级前是正常的，升级后出现问题，报错如下：

• java.lang.ClassCastException: net.sf.jsqlparser.statement.select.SubSelect cannot be cast to net.sf.jsqlparser.schema.Table
  at org.jeecg.modules.online.config.c.a.a(OnlReportQueryBlackListHandler.java:118)
  at org.jeecg.modules.online.config.c.a.getQueryTableInfo(OnlReportQueryBlackListHandler.java:88)
  at org.jeecg.common.util.security.AbstractQueryBlackListHandler.isPass(AbstractQueryBlackListHandler.java:44)
  at org.jeecg.modules.online.cgreport.service.a.b.executeSelectSqlRoute(OnlCgreportAPIService.java:90)
  at org.jeecg.modules.online.cgreport.service.a.b.getData(OnlCgreportAPIService.java:80)
  at org.jeecg.modules.online.cgreport.service.a.b.getDataById(OnlCgreportAPIService.java:54)
  at org.jeecg.modules.online.cgreport.a.a.b(OnlCgreportAPI.java:207)
  at org.jeecg.modules.online.cgreport.a.a.a(OnlCgreportAPI.java:92)
  at org.jeecg.modules.online.cgreport.a.a$$FastClassBySpringCGLIB$$a976ee88.invoke()
  at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
  at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:793)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
  at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:763)
  at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89)
  at org.jeecg.common.aspect.PermissionDataAspect.arround(PermissionDataAspect.java:66)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      看错误是OnlReportQueryBlackListHandler里面的错误，但因为online部分源代码没有开放，所以也看不到哪里出现错误了。

      开始以为是jsqlparser的问题，到官方jsqlparser的相关资料与github上看也没看出什么，后来看jeecg-boot官方有相关的资料。

      后面根据网上资料，应该还是新的安全黑名单机制出现了问题了，所以在AbstractQueryBlackListHandler类里的isPass修改如下：

/**
     * 校验sql语句 成功返回true
     * @param sql
     * @return
     */
    public boolean isPass(String sql) {
        //List<QueryTable> list = this.getQueryTableInfo(sql.toLowerCase());
    	List<QueryTable> list = null;
        //【jeecg-boot/issues/4040】在线报表不支持子查询，解析报错 #4040
        try {
            list = this.getQueryTableInfo(sql.toLowerCase());
        } catch (Exception e) {
            log.warn("校验sql语句，解析报错：{}",e.getMessage());
        }

        if(list==null){
            return true;
        }
        log.info("--获取sql信息--", list.toString());
        boolean flag = true;
        for (QueryTable table : list) {
            String name = table.getName();
            String fieldString = ruleMap.get(name);
            // 有没有配置这张表
            if (fieldString != null) {
                if ("*".equals(fieldString) || table.isAll()) {
                    flag = false;
                    log.warn("sql黑名单校验，表【"+name+"】禁止查询");
                    break;
                } else if (table.existSameField(fieldString)) {
                    flag = false;
                    break;
                }

            }
        }
        return flag;
    }

  正常后显示如下主页：