flowable 去掉自带的登录权限

重写Security配置，使所有请求都可以通过Security验证。（/**/**）

如：

公共的Security配置

package com.central.workflow.config;import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;@Configuration
public class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().csrf().disable(); // 禁用CSRF保护}
}

或

package com.central.workflow.config;import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;@Configuration
public class CustomSecurityConfiguration extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();successHandler.setTargetUrlParameter("redirectTo");http.headers().frameOptions().disable();http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();}
}

flowable 6.6.0 以下版本

1. 找到项目maven目录

2.重写SecurityConfiguration

不能建相同包名，类名

package org.flowable.ui.modeler.conf;

package com.central.workflow.config;import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;/*** 重构FlowableSecurity*/
@Configuration
@EnableWebSecurity
public class FlowableSecurityConfiguration {@Configuration@Order(1)public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();successHandler.setTargetUrlParameter("redirectTo");http.headers().frameOptions().disable();http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();}}}

3.可选配置

/* Licensed under the Apache License, Version 2.0 (the "License");* you may not use this file except in compliance with the License.* You may obtain a copy of the License at**      http://www.apache.org/licenses/LICENSE-2.0** Unless required by applicable law or agreed to in writing, software* distributed under the License is distributed on an "AS IS" BASIS,* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.* See the License for the specific language governing permissions and* limitations under the License.*/
package com.central.workflow.config;import org.flowable.ui.common.service.idm.RemoteIdmService;
import org.flowable.ui.modeler.properties.FlowableModelerAppProperties;
import org.flowable.ui.modeler.servlet.ApiDispatcherServletConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
import org.springframework.web.servlet.DispatcherServlet;@Configuration
@EnableConfigurationProperties({FlowableModelerAppProperties.class})
@ComponentScan(basePackages = {// "org.flowable.ui.modeler.conf",// 不引入 conf"org.flowable.ui.modeler.repository", //"org.flowable.ui.modeler.service", // 流程设计服务// "org.flowable.ui.admin.repository", //// "org.flowable.ui.admin.service", // 流程部署服务// "org.flowable.ui.modeler.security", //授权方面的都不需要// "org.flowable.ui.common.conf", // flowable 开发环境内置的数据库连接// "org.flowable.ui.common.filter", // IDM 方面的过滤器// "org.flowable.ui.idm.conf", // IDM 配置"org.flowable.ui.common.service","org.flowable.ui.common.repository",
//        "org.flowable.ui.common.security",//授权方面的都不需要"org.flowable.ui.common.tenant"},excludeFilters = {@ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, value = RemoteIdmService.class), // 移除RemoteIdmService
})
public class FlowableConfig {@SuppressWarnings({"rawtypes", "unchecked"})@Beanpublic ServletRegistrationBean modelerApiServlet(ApplicationContext applicationContext) {AnnotationConfigWebApplicationContext dispatcherServletConfiguration = new AnnotationConfigWebApplicationContext();dispatcherServletConfiguration.setParent(applicationContext);dispatcherServletConfiguration.register(ApiDispatcherServletConfiguration.class);DispatcherServlet servlet = new DispatcherServlet(dispatcherServletConfiguration);ServletRegistrationBean registrationBean = new ServletRegistrationBean(servlet, "/**/**");registrationBean.setName("Flowable Modeler App API Servlet");registrationBean.setLoadOnStartup(1);registrationBean.setAsyncSupported(true);return registrationBean;}
}

flowable 6.6.0版本以上版本（包括6.6.0）

1. 找到项目maven目录

2.重写ModelerSecurityConfiguration

在自己项目里面建相同包名，类名

package org.flowable.ui.modeler.conf;

package org.flowable.ui.modeler.conf;import org.flowable.ui.common.security.SecurityConstants;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;/*** 说明：重构ModelerSecurity* from： fhadmin.cn*/
@Configuration(proxyBeanMethods = false)
@EnableWebSecurity
public class ModelerSecurityConfiguration {@Configuration@Order(SecurityConstants.MODELER_API_SECURITY_ORDER)public static class ModelerApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {@Overrideprotected void configure(HttpSecurity http) throws Exception {SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();successHandler.setTargetUrlParameter("redirectTo");http.headers().frameOptions().disable();http.csrf().disable().authorizeRequests().antMatchers("/**/**").permitAll().anyRequest().authenticated().and().httpBasic();}}}