Spring boot 如何禁用ActivitiRESTHTTP
我们正在使用ActivitiV5.18和spring boot。要调用ActivitiRESTAPI,我们必须创建一个activiti用户以通过基本身份验证。据我所知,activiti安全性基于spring boot安全性,我们尝试了两种方法Spring boot 如何禁用ActivitiRESTHTTP,spring-boot,basic-authentication,activiti,Spring Boot,Basic Authentication,Activiti,我们正在使用ActivitiV5.18和spring boot。要调用ActivitiRESTAPI,我们必须创建一个activiti用户以通过基本身份验证。据我所知,activiti安全性基于spring boot安全性,我们尝试了两种方法 排除activiti spring引导安全自动配置 @EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class}) 创建一个类
@EnableAutoConfiguration(exclude = {org.activiti.spring.boot.SecurityAutoConfiguration.class})
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/","/static/**", "/resources/**","/resources/public/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic().disable()
.requiresChannel().anyRequest().requiresSecure();
// @formatter:on
}
}
有没有办法禁用activiti REST HTTP基本身份验证?您可以使用antMatchers对某些类型的请求(如HTTP-GET或/和HTTP-POST请求)禁用身份验证,如下所示:
.antMatchers(HttpMethod.GET, "/**").permitAll()
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authenticationProvider(authenticationProvider())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/**").permitAll()
.antMatchers(HttpMethod.POST, "/**").permitAll()
.antMatchers(HttpMethod.PUT, "/**").permitAll()
.antMatchers(HttpMethod.DELETE, "/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
通过他的命令,所有HTTP-GET方法都不会命中BasicAuthenticationFilter
。对于我的用例,我必须以这种方式排除HTTP选项请求。只需在activiti-webapp-rest2
中编辑org.activiti.rest.conf.SecurityConfiguration.java
,如下所示:
.antMatchers(HttpMethod.GET, "/**").permitAll()
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authenticationProvider(authenticationProvider())
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.csrf().disable()
.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
.antMatchers(HttpMethod.GET, "/**").permitAll()
.antMatchers(HttpMethod.POST, "/**").permitAll()
.antMatchers(HttpMethod.PUT, "/**").permitAll()
.antMatchers(HttpMethod.DELETE, "/**").permitAll()
.anyRequest().authenticated()
.and()
.httpBasic();
}
之后,您必须重建Activiti项目。重新部署war文件,然后应禁用基本身份验证。您可以使用idea使用此类进行配置:
对于OP来说,这可能会很晚,但这项工作可能仍然会帮助其他人
@EnableAutoConfiguration(排除={
org.activiti.spring.boot.RestApiAutoConfiguration.class,
org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration.class,
org.activiti.spring.boot.SecurityAutoConfiguration.class,
org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration.class
})
最近我也遇到了这个问题。我尝试了几条建议,花了很多时间,但都没有成功。但有一个非常简单的出路。如果在将Activiti rest与应用程序集成时不需要使用Activiti rest,那么只需使用依赖项即可
<dependency>
<groupId>org.activiti</groupId>
<artifactId>activiti-spring-boot-starter-rest-api</artifactId>
<version>${activiti.version}</version>
</dependency>
org.activiti
activiti spring启动程序rest api
${activiti.version}
出去。
希望它能帮助别人。我找不到提到这一点的文档。您好,我想使用华夫格和自定义身份验证impl,而不是activiti中的基本身份验证,因此我需要执行您编写的操作,然后在哪里进行我自己的身份验证并使用TRUE to validation函数进行回复?我应该将断点放在代码中的何处?对于自定义身份验证,实现自定义身份验证筛选器公共类CustomAuthenticationFilter extends AbstractAuthenticationProcessingFilter。在此筛选器中,您可以进行身份验证。在spring java配置中,将过滤器声明为bean:\@bean public CustomAuthenticationFilter customTokenAuthenticationFilter(){返回新的CustomAuthenticationFilter(“/**”)\@自动连线CustomAuthenticationFilter customTokenAuthenticationFilter;并使用.addFilterBefore(customTokenAuthenticationFilter,BasicAuthenticationFilter.class).httpBasic();要将过滤器添加到chain.Hi,spring配置文件在哪里?当托管在activiti-webapp-rest2-->org.activiti.rest.conf.SecurityConfiguration下的activiti rest?中时。java@Ben我有同样的问题,但没有解决。请帮帮我。谢谢