Merge branch 'main' into ad_it_test

kafbat · Jan 1, 2025 · 892fa47 · 892fa47
2 parents 1c358bd + 582e9a9
commit 892fa47
Show file tree

Hide file tree

Showing 54 changed files with 1,435 additions and 292 deletions.
diff --git a/.java-version b/.java-version
@@ -0,0 +1 @@
+21
diff --git a/LICENSE b/LICENSE
@@ -187,7 +187,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright 2020 CloudHut
+   Copyright 2025 Kafbat
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
@@ -199,4 +199,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
diff --git a/api/src/main/java/io/kafbat/ui/config/ClustersProperties.java b/api/src/main/java/io/kafbat/ui/config/ClustersProperties.java
@@ -35,22 +35,31 @@ public class ClustersProperties {
   public static class Cluster {
     String name;
     String bootstrapServers;
+
+    TruststoreConfig ssl;
+
     String schemaRegistry;
     SchemaRegistryAuth schemaRegistryAuth;
     KeystoreConfig schemaRegistrySsl;
+
     String ksqldbServer;
     KsqldbServerAuth ksqldbServerAuth;
     KeystoreConfig ksqldbServerSsl;
+
     List<ConnectCluster> kafkaConnect;
-    MetricsConfigData metrics;
-    Map<String, Object> properties;
-    boolean readOnly = false;
+
     List<SerdeConfig> serde;
     String defaultKeySerde;
     String defaultValueSerde;
-    List<Masking> masking;
+
+    MetricsConfigData metrics;
+    Map<String, Object> properties;
+    boolean readOnly = false;
+
     Long pollingThrottleRate;
-    TruststoreConfig ssl;
+
+    List<Masking> masking;
+
     AuditProperties audit;
   }
 
@@ -99,6 +108,16 @@ public static class SchemaRegistryAuth {
   public static class TruststoreConfig {
     String truststoreLocation;
     String truststorePassword;
+    boolean verifySsl = true;
+  }
+
+  @Data
+  @NoArgsConstructor
+  @AllArgsConstructor
+  @ToString(exclude = {"keystorePassword"})
+  public static class KeystoreConfig {
+    String keystoreLocation;
+    String keystorePassword;
   }
 
   @Data
@@ -118,15 +137,6 @@ public static class KsqldbServerAuth {
     String password;
   }
 
-  @Data
-  @NoArgsConstructor
-  @AllArgsConstructor
-  @ToString(exclude = {"keystorePassword"})
-  public static class KeystoreConfig {
-    String keystoreLocation;
-    String keystorePassword;
-  }
-
   @Data
   public static class Masking {
     Type type;
@@ -182,6 +192,7 @@ private void flattenClusterProperties() {
     }
   }
 
+  @SuppressWarnings("unchecked")
   private Map<String, Object> flattenClusterProperties(@Nullable String prefix,
                                                        @Nullable Map<String, Object> propertiesMap) {
     Map<String, Object> flattened = new HashMap<>();

diff --git a/api/src/main/java/io/kafbat/ui/config/auth/AbstractAuthSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/AbstractAuthSecurityConfig.java
@@ -1,24 +1,53 @@
 package io.kafbat.ui.config.auth;
 
+import io.kafbat.ui.util.EmptyRedirectStrategy;
+import java.net.URI;
+import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
+import org.springframework.security.web.server.authentication.logout.RedirectServerLogoutSuccessHandler;
+
 abstract class AbstractAuthSecurityConfig {
 
   protected AbstractAuthSecurityConfig() {
 
   }
 
+  protected static final String LOGIN_URL = "/login";
+  protected static final String LOGOUT_URL = "/auth?logout";
+
   protected static final String[] AUTH_WHITELIST = {
-      "/css/**",
-      "/js/**",
-      "/media/**",
+      /* STATIC */
+      "/index.html",
+      "/assets/**",
+      "/manifest.json",
+      "/favicon.svg",
+      "/favicon/**",
+
+      "/static/**",
       "/resources/**",
+
+      /* ACTUATOR */
       "/actuator/health/**",
       "/actuator/info",
       "/actuator/prometheus",
-      "/auth",
+
+      /* AUTH */
       "/login",
       "/logout",
       "/oauth2/**",
-      "/static/**"
+      "/api/config/authentication",
+      "/api/authorization"
   };
 
+  protected RedirectServerAuthenticationSuccessHandler emptyRedirectSuccessHandler() {
+    final var authHandler = new RedirectServerAuthenticationSuccessHandler();
+    authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
+    return authHandler;
+  }
+
+  protected RedirectServerLogoutSuccessHandler redirectLogoutSuccessHandler() {
+    final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
+    logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
+    return logoutSuccessHandler;
+  }
+
 }
diff --git a/api/src/main/java/io/kafbat/ui/config/auth/BasicAuthSecurityConfig.java b/api/src/main/java/io/kafbat/ui/config/auth/BasicAuthSecurityConfig.java
@@ -1,13 +1,15 @@
 package io.kafbat.ui.config.auth;
 
 import io.kafbat.ui.util.EmptyRedirectStrategy;
+import io.kafbat.ui.util.StaticFileWebFilter;
 import java.net.URI;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.authentication.RedirectServerAuthenticationSuccessHandler;
@@ -20,32 +22,28 @@
 @Slf4j
 public class BasicAuthSecurityConfig extends AbstractAuthSecurityConfig {
 
-  public static final String LOGIN_URL = "/auth";
-  public static final String LOGOUT_URL = "/auth?logout";
-
   @Bean
   public SecurityWebFilterChain configure(ServerHttpSecurity http) {
     log.info("Configuring LOGIN_FORM authentication.");
 
-    final var authHandler = new RedirectServerAuthenticationSuccessHandler();
-    authHandler.setRedirectStrategy(new EmptyRedirectStrategy());
-
-    final var logoutSuccessHandler = new RedirectServerLogoutSuccessHandler();
-    logoutSuccessHandler.setLogoutSuccessUrl(URI.create(LOGOUT_URL));
-
-
-    return http.authorizeExchange(spec -> spec
+    var builder = http.authorizeExchange(spec -> spec
             .pathMatchers(AUTH_WHITELIST)
             .permitAll()
             .anyExchange()
             .authenticated()
         )
-        .formLogin(spec -> spec.loginPage(LOGIN_URL).authenticationSuccessHandler(authHandler))
+        .formLogin(form -> form
+            .loginPage(LOGIN_URL)
+            .authenticationSuccessHandler(emptyRedirectSuccessHandler())
+        )
         .logout(spec -> spec
-            .logoutSuccessHandler(logoutSuccessHandler)
+            .logoutSuccessHandler(redirectLogoutSuccessHandler())
             .requiresLogout(ServerWebExchangeMatchers.pathMatchers(HttpMethod.GET, "/logout")))
-        .csrf(ServerHttpSecurity.CsrfSpec::disable)
-        .build();
+        .csrf(ServerHttpSecurity.CsrfSpec::disable);
+
+    builder.addFilterAt(new StaticFileWebFilter(), SecurityWebFiltersOrder.LOGIN_PAGE_GENERATING);
+
+    return builder.build();
   }
 
 }