当前位置: 首页 > article >正文

flowable 去掉自带的登录权限

article 2024/10/26 12:22:53

重写Security配置,使所有请求都可以通过Security验证。(/**/**)

如:

公共的Security配置

package com.central.workflow.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/**/**").permitAll()
                .anyRequest().authenticated()
                .and()
                .csrf().disable(); // 禁用CSRF保护

    }
}

package com.central.workflow.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

@Configuration
public class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");

        http.headers().frameOptions().disable();

        http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();

    }
}

flowable 6.6.0 以下版本

1. 找到项目maven目录

2.重写SecurityConfiguration

不能建相同包名,类名

package org.flowable.ui.modeler.conf;

package com.central.workflow.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

/**
 * 重构FlowableSecurity
 */
@Configuration
@EnableWebSecurity
public class FlowableSecurityConfiguration {

    @Configuration
    @Order(1)
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
            successHandler.setTargetUrlParameter("redirectTo");

            http.headers().frameOptions().disable();

            http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();

        }
    }

}

flowable 6.6.0版本以上版本(包括6.6.0)

1. 找到项目maven目录

2.重写ModelerSecurityConfiguration

在自己项目里面建相同包名,类名

package org.flowable.ui.modeler.conf;

package org.flowable.ui.modeler.conf;

import org.flowable.ui.common.security.SecurityConstants;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

/**
 * 说明:重构ModelerSecurity
 * from: fhadmin.cn
 */
@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
public class ModelerSecurityConfiguration {

    @Configuration
    @Order(SecurityConstants.MODELER_API_SECURITY_ORDER)
    public static class ModelerApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
    	
        @Override
        protected void configure(HttpSecurity http) throws Exception {
        	
        	SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
    		successHandler.setTargetUrlParameter("redirectTo");

    		http.headers().frameOptions().disable();
        	
        	http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();
        }

    }

}


http://www.kler.cn/news/365827.html

相关文章:

  • docker搭建mysql多主多从环境
  • Docker 部署 EMQX 一分钟极速部署
  • 修改huggingface的缓存目录以及镜像源
  • 大家都在用的HR招聘管理工具:国内Top5排名
  • [C++进阶数据结构]红黑树(半成品)
  • 通过页面添加国际化数据,实现vue的国际化
  • Scala的多态
  • 工作使用篇:如何在centos系统中安装anaconda
  • 【AI换装整合及教程】CatVTON:时尚与科技的完美融合
  • 【linux】服务器Ubuntu20.04安装cuda11.8教程
  • 从零到一:如何使用直播美颜SDK开发视频美颜平台
  • C# Window Form 基础
  • 初探Vue前端框架
  • 【等保测评】安全物理环境
  • 腾讯云DBA面试(一面)
  • 大语言模型训练方式探索(基于llma3模型)
  • ThinkPhp配置中间件解决跨域问题
  • C#WPF的XAML的语法详谈和特性
  • 【C/C++ Qt shared_ptr | make_shared | QSharedPointer 】绕圈圈
  • [Redis] Redis数据持久化
  • [项目详解][boost搜索引擎#2] 建立index | 安装分词工具cppjieba | 实现倒排索引
  • Element 的Table表格实现列合并(记得先排序、element-plus、列合并、线上已投入使用)
  • 同标签实现监听LocalStorage
  • python的文件常识
  • CTF-RE 从0到N:开始之前-c函数手册
  • 什么样的JSON编辑器才好用