diff --git a/docs/_documentation/faq.md b/docs/_documentation/faq.md index 9844febdf0..46a0868fb9 100644 --- a/docs/_documentation/faq.md +++ b/docs/_documentation/faq.md @@ -83,8 +83,6 @@ The default behavior when running the docker containers locally will be for OAut If you are running a Nakadi server locally outside docker, you can disable token checks by setting the environment variable `NAKADI_OAUTH2_MODE` to `OFF` before starting the server. -Note that, even if OAuth is disabled using the `NAKADI_OAUTH2_MODE` environment variable, the current behavior will be to check a token if one is sent by a client so you might need to configure the client to also not send tokens. - #### I want to send arbitrary JSON, how do I avoid defining a JSON Schema? The standard workaround is to define an event type with the following category and schema: diff --git a/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java b/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java index 30c5b4c735..7d8a95ed17 100644 --- a/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java +++ b/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java @@ -10,6 +10,9 @@ import org.springframework.http.converter.HttpMessageNotWritableException; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; @@ -201,4 +204,16 @@ private static Status fromStatusCode(final int code) throws UnknownStatusCodeExc } throw new UnknownStatusCodeException("Unknown status code: " + code); } + + @Configuration + @EnableWebSecurity + public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { + @Override + public void configure(final WebSecurity web) throws Exception { + if (settings.getAuthMode() == SecuritySettings.AuthMode.OFF) { + web.ignoring().anyRequest(); + } + } + } + }