From 4ed5f2dd101316c11cb205fdde69f64a07049a9e Mon Sep 17 00:00:00 2001
From: Anton Petrov <anpetrov@provectus.com>
Date: Tue, 7 Jul 2020 14:46:33 +0300
Subject: [PATCH] Add optional authentication (#67)

* Add optional authentication

* Add example config for Google OAuth
---
 kafka-ui-api/pom.xml                          |  8 +++++++
 .../ui/cluster/config/SecurityConfig.java     | 24 +++++++++++++++++++
 .../src/main/resources/application-gauth.yml  | 10 ++++++++
 .../src/main/resources/application-local.yml  |  4 +++-
 4 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 kafka-ui-api/src/main/java/com/provectus/kafka/ui/cluster/config/SecurityConfig.java
 create mode 100644 kafka-ui-api/src/main/resources/application-gauth.yml

diff --git a/kafka-ui-api/pom.xml b/kafka-ui-api/pom.xml
index 23b54c1087..c2d037a772 100644
--- a/kafka-ui-api/pom.xml
+++ b/kafka-ui-api/pom.xml
@@ -34,6 +34,14 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.provectus</groupId>
             <artifactId>kafka-ui-contract</artifactId>
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/cluster/config/SecurityConfig.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/cluster/config/SecurityConfig.java
new file mode 100644
index 0000000000..0276be9ad7
--- /dev/null
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/cluster/config/SecurityConfig.java
@@ -0,0 +1,24 @@
+package com.provectus.kafka.ui.cluster.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@Configuration
+@EnableWebFluxSecurity
+@ConditionalOnProperty(value = "auth.enabled", havingValue = "false")
+public class SecurityConfig {
+
+	@Bean
+	public SecurityWebFilterChain configure(ServerHttpSecurity http) {
+		return http.authorizeExchange()
+				.anyExchange().permitAll()
+				.and()
+				.csrf().disable()
+				.build();
+	}
+
+}
diff --git a/kafka-ui-api/src/main/resources/application-gauth.yml b/kafka-ui-api/src/main/resources/application-gauth.yml
new file mode 100644
index 0000000000..1f54fc5ce7
--- /dev/null
+++ b/kafka-ui-api/src/main/resources/application-gauth.yml
@@ -0,0 +1,10 @@
+auth:
+  enabled: true
+spring:
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: [put your client id here]
+            client-secret: [put your client secret here]
diff --git a/kafka-ui-api/src/main/resources/application-local.yml b/kafka-ui-api/src/main/resources/application-local.yml
index 16e8107e58..0b5e53052b 100644
--- a/kafka-ui-api/src/main/resources/application-local.yml
+++ b/kafka-ui-api/src/main/resources/application-local.yml
@@ -22,4 +22,6 @@ zookeeper:
   connection-timeout: 1000
 spring:
   jmx:
-    enabled: true
\ No newline at end of file
+    enabled: true
+auth:
+  enabled: false
\ No newline at end of file