Skip to content
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.

Commit

Permalink
Merge pull request #916 from zalando/disable-oauth
Browse files Browse the repository at this point in the history
Disable OAuth when in NAKADI_OAUTH2_MODE=OFF
  • Loading branch information
adyach authored Nov 6, 2018
2 parents 02bf998 + a48f8f2 commit 80f23d7
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
2 changes: 0 additions & 2 deletions docs/_documentation/faq.md
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,6 @@ The default behavior when running the docker containers locally will be for OAut

If you are running a Nakadi server locally outside docker, you can disable token checks by setting the environment variable `NAKADI_OAUTH2_MODE` to `OFF` before starting the server.

Note that, even if OAuth is disabled using the `NAKADI_OAUTH2_MODE` environment variable, the current behavior will be to check a token if one is sent by a client so you might need to configure the client to also not send tokens.

#### I want to send arbitrary JSON, how do I avoid defining a JSON Schema?

The standard workaround is to define an event type with the following category and schema:
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
import org.springframework.http.converter.HttpMessageNotWritableException;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
Expand Down Expand Up @@ -201,4 +204,16 @@ private static Status fromStatusCode(final int code) throws UnknownStatusCodeExc
}
throw new UnknownStatusCodeException("Unknown status code: " + code);
}

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(final WebSecurity web) throws Exception {
if (settings.getAuthMode() == SecuritySettings.AuthMode.OFF) {
web.ignoring().anyRequest();
}
}
}

}

0 comments on commit 80f23d7

Please sign in to comment.