diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/OAuthSecurityConfig.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/OAuthSecurityConfig.java
new file mode 100644
index 0000000000..f28e96ed82
--- /dev/null
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/config/OAuthSecurityConfig.java
@@ -0,0 +1,40 @@
+package com.provectus.kafka.ui.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+@Configuration
+@EnableWebFluxSecurity
+@ConditionalOnProperty(value = "auth.enabled", havingValue = "true")
+public class OAuthSecurityConfig {
+
+  private static final String[] AUTH_WHITELIST = {
+      "/css/**",
+      "/js/**",
+      "/media/**",
+      "/resources/**",
+      "/actuator/health",
+      "/actuator/info",
+      "/login",
+      "/logout",
+      "/oauth2/**"
+  };
+
+  @Bean
+  public SecurityWebFilterChain configure(ServerHttpSecurity http) {
+    return http.authorizeExchange()
+        .pathMatchers(AUTH_WHITELIST).permitAll()
+        .anyExchange().authenticated()
+        .and()
+        .oauth2Login()
+        .and()
+        .csrf().disable()
+        .build();
+  }
+
+}
+