diff --git a/src/main/java/com/sipai/controller/report/RptCreateController.java b/src/main/java/com/sipai/controller/report/RptCreateController.java
index 6d4e1d65..f8e23e36 100644
--- a/src/main/java/com/sipai/controller/report/RptCreateController.java
+++ b/src/main/java/com/sipai/controller/report/RptCreateController.java
@@ -723,7 +723,14 @@ public class RptCreateController {
         RptCreate rptCreate = this.rptCreateService.selectById(id);
         if (rptCreate != null) {//报表生成
             try {
-                String base = this.rptCreateService.convertExceltoHtml(CommUtil.fixRptCreateFileName(rptCreate.getRptname() + rptCreate.getId()), sheetname, id, layerType, FileNameSpaceEnum.RptCreateFile.getNameSpace());
+                // 优先使用数据库中存储的文件路径，如果没有则构造路径（兼容旧数据）
+                String filePath;
+                if (rptCreate.getAbspath() != null && !rptCreate.getAbspath().isEmpty()) {
+                    filePath = rptCreate.getAbspath();
+                } else {
+                    filePath = CommUtil.fixRptCreateFileName(rptCreate.getRptname() + rptCreate.getId());
+                }
+                String base = this.rptCreateService.convertExceltoHtml(filePath, sheetname, id, layerType, FileNameSpaceEnum.RptCreateFile.getNameSpace());
                 //截取掉sheet名  目前只能先截取h2
                 String result = subRangeString(base, "<h2>", "</h2>");
                 result = result.replaceAll("<table class=\"t1\">", "<table class=\"t1\" id=\"t1\">");
diff --git a/src/main/java/com/sipai/security/tag/AuthorizeTag.java b/src/main/java/com/sipai/security/tag/AuthorizeTag.java
index 8e0d7e30..790e37c6 100644
--- a/src/main/java/com/sipai/security/tag/AuthorizeTag.java
+++ b/src/main/java/com/sipai/security/tag/AuthorizeTag.java
@@ -34,9 +34,16 @@ public class AuthorizeTag extends BodyTagSupport {
 	@SuppressWarnings("static-access")
 	@Override  
     public int doStartTag() {  
-		HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();  
+		ServletRequestAttributes requestAttributes = (ServletRequestAttributes)RequestContextHolder.getRequestAttributes();
+		if (requestAttributes == null) {
+			return this.SKIP_BODY;
+		}
+		HttpServletRequest request = requestAttributes.getRequest();  
 		SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
 				.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+		if (securityContextImpl == null || securityContextImpl.getAuthentication() == null) {
+			return this.SKIP_BODY;
+		}
 		try {
 			//获取当前登录名
 			String name = securityContextImpl.getAuthentication().getName();