diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy index 72e27767a4..f944f3a5b8 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/AuthConfig.groovy @@ -22,10 +22,12 @@ import com.netflix.spinnaker.security.User import groovy.util.logging.Slf4j import org.springframework.beans.factory.InitializingBean import org.springframework.beans.factory.annotation.Autowired +import org.springframework.beans.factory.annotation.Value import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.http.HttpMethod +import org.springframework.security.config.annotation.SecurityBuilder import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.core.Authentication import org.springframework.security.web.authentication.logout.LogoutSuccessHandler @@ -43,6 +45,9 @@ class AuthConfig { @Autowired PermissionRevokingLogoutSuccessHandler permissionRevokingLogoutSuccessHandler + @Value('${basicAuth.enabled:false}') + Boolean basicAuthEnabled + @Bean @ConditionalOnMissingBean(UserRolesProvider) UserRolesProvider defaultUserRolesProvider() { @@ -61,9 +66,7 @@ class AuthConfig { void configure(HttpSecurity http) throws Exception { // @formatter:off - http - .httpBasic() - .and() + SecurityBuilder result = http .authorizeRequests() .antMatchers(HttpMethod.OPTIONS, "/**").permitAll() .antMatchers(PermissionRevokingLogoutSuccessHandler.LOGGED_OUT_URL).permitAll() @@ -80,6 +83,11 @@ class AuthConfig { .csrf() .disable() // @formatter:on + + if (basicAuthEnabled) { + result.httpBasic() + } + } @Component