AKHQ 0.23 Login issue

[FantFRS]

Hi,

Need your help please: Login not working for me:

WARN pGroup-1-9 u.LoginFailedEventListener Login failed reason CREDENTIALS_DO_NOT_MATCH, username unknown, message Credentials Do Not Match

It seems like it does not recognize username...

My conf:

micronaut:
  security:
    enabled: true
    endpoints:
      login:
        enabled: true
      logout:
        enabled: true
akhq:
  connections:
    kafkanonprod:
      properties:
        bootstrap.servers: "X.X.X.X:9092"
  security:
    default-group: default
    groups:
      admin: # unique key
      - name: admin
        roles:
          - topic/read
          - topic/insert
          - topic/delete
          - topic/config/update
          - node/read
          - node/config/update
          - topic/data/read
          - topic/data/insert
          - topic/data/delete
          - group/read
          - group/delete
          - group/offsets/update
          - registry/read
          - registry/insert
          - registry/update
          - registry/delete
          - registry/version/delete
          - acls/read
          - connect/read
          - connect/insert
          - connect/update
          - connect/delete
          - connect/state/update
        attributes:
          topics-filter-regexp: ".*"
      - name: default
    basic-auth:
      - username: admin # Username
        password: "xxxxxxxxxxxxxxxxxx" # Password in sha256
        groups: # Groups for the user
          - admin

[tchiotludo]

• Are you creating the password like explain here?
• do you see the -n in echo -n "password" | sha256sum that is really important?

[tchiotludo]

do the yaml below is indented like that? you have many indent issues as on the example

[FantFRS]

Thanks Ludovic.

Here's a screenshot of the yaml inside server:

[FantFRS]

I observed 2 different scenarios:

1 - After typing the good username/password on UI: No error message in logs but in UI: WRONG USERNAME OR PASSWORD

2 - After typing a wrong username /password: Error message logged and UI (WRONG USERNAME OR PASSWORD)
Log in the second case:
WARN pGroup-1-4 u.LoginFailedEventListener Login failed reason CREDENTIALS_DO_NOT_MATCH, username unknown, message Credentials Do Not Match

[tchiotludo]

groups: 
             - admin 

is not indented properly, please fix that

[FantFRS]

Done, fixed indentation but same problem 307 HTTP Response when login :(

[FantFRS]

API Auths:

{"loginEnabled":true,"formEnabled":true,"version":"0.23.0"}

Additional information and logs:

/usr/lib/jvm/java-11-openjdk-11.0.13.0.8-4.el8_5.x86_64/bin/java -Dmicronaut.config.files=application.yml -jar /home/userx/akhq/akhq-0.23.0-all.jar

 __  __ _                                  _
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
  Micronaut (v3.7.3)

2023-01-13 14:37:19,493 WARN  main       o.a.c.JwtSecurityWarning
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   ##############################################################
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   #                      SECURITY WARNING                      #
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   ##############################################################
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   You still use the default jwt secret.
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   This known secret can be used to impersonate anyone.
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   Please change 'micronaut.security.token.jwt.signatures.secret.generator.secret' configuration, or ask your administrator to do it !
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning   ##############################################################
2023-01-13 14:37:19,494 WARN  main       o.a.c.JwtSecurityWarning
2023-01-13 14:37:19,923 INFO  main       i.m.runtime.Micronaut      Startup completed in 1561ms. Server Running: http://xxxxxxxxxx:8080
2023-01-13 14:37:24,297 INFO  pGroup-1-3 org.akhq.log.access        [Date: 2023-01-13T14:37:24.296343+01:00] [Duration: 2 ms] [Url: GET /ui/login] [Status: 200] [Ip: /xxxxxxx] [User: Anonymous]
2023-01-13 14:37:25,206 INFO  Group-1-10 org.akhq.log.access        [Date: 2023-01-13T14:37:25.206363+01:00] [Duration: 0 ms] [Url: GET /ui/static/media/fontawesome-webfont.fee66e71.woff] [Status: 200] [Ip: /xxxxxxxxxx] [User: Anonymous]
2023-01-13 14:37:25,264 INFO  pGroup-1-3 org.akhq.log.access        [Date: 2023-01-13T14:37:25.263997+01:00] [Duration: 0 ms] [Url: GET /ui/static/media/fontawesome-webfont.b06871f2.ttf] [Status: 200] [Ip: /xxxxxxxxx] [User: Anonymous]
2023-01-13 14:37:30,333 INFO  pGroup-1-4 org.akhq.log.access        [Date: 2023-01-13T14:37:30.222614+01:00] [Duration: 110 ms] [Url: POST /login] [Status: 303] [Ip: /xxxxxxxxxxx] [User: Anonymous]
2023-01-13 14:37:30,346 INFO  r-thread-4 org.akhq.log.access        [Date: 2023-01-13T14:37:30.345335+01:00] [Duration: 1 ms] [Url: GET /api/me] [Status: 200] [Ip: /xxxxxxxxxxx] [User: Anonymous]

[StefThomas]

Hi,

I encountered the same issue, I couldn’t manage to get basic authentication to work.

I created the sha256 sum like this:

echo -n password |sha256sum

then I tried multiple values in the configuration: with or without simple quotes, with or without the final dash…

basic-auth:
- username: kafka-admin # Username
  password: cbbf241eebedba6fd5e657d3c560fc9dd63c0d3e0de6f817be60e86157ec872c # Password in sha256
  groups: # Groups for the user
     - admin
     - topic-reader

In the UI I had the message “Wrong Username or Password!”, and in the log I had this:

 2023-01-13 16:25:32,828 WARN  pGroup-1-5 .s.t.j.g.JwtTokenGenerator JOSEException while generating token The secret length must be at least 256 bits

After I put a longer string (46 chars long) for micronaut.server.security.token.jwt.signatures.secret.generator.secret the basic auth finally worked.

Additional information: the logger is configured like this:

logger:
  levels:
     org.akhq.configs: INFO
     io.micronaut: INFO
     io.micronaut.security.ldap: TRACE
     io.micronaut.configuration.security: TRACE

And I use OpenJDK 19 on a Rocky Linux 9 VM.

Also, I disabled the ldap part in the configuration. I haven’t test to reactivate it but I will next week.

The thing is, for the token length it says: "256 bits", so I thought a 32 chars string should be enough, but it’s obviously not the case.

Hope this helps.

[FantFRS]

Thanks StefThomas for your reply.

I tried with a longer password but same issue :(

[StefThomas]

I’m not talking about password length, but the token length.

[FantFRS]

I added trace mode and I think I'm close to find a solution; it's not a problem of username/password but a problem of redirection to the target maybe as I have HTTP 303 code:

INFO pGroup-1-4 org.akhq.log.access [Date: 2023-01-16T11:29:26.332803+01:00] [Duration: 5 ms] [Url: POST /login] [Status: 303]

[tooptoop4]

i'm having same issue

[FantFRS]

What browser do you use? Are you using proxy server behind it?

[tooptoop4]

chrome > proxy > ALB > EKS

[tooptoop4]

in my case adding in certs was need for LDAPS to work

[FantFRS]

I modified the first block:

 micronaut:
  security:
   enabled: true
   default-group: no-roles
   token:
      jwt:
        signatures:
          secret:
            generator:
              secret: "testTest"
   endpoints:
     login:
       enabled: true
       path: "http://localhost:8080/ui/login"
     logout:
       enabled: true
       path: "http://localhost:8080/ui/logout"
       get-allowed: true
   session:
     enabled: true
     login-success-target-url: "http://localhost:8080/ui"
     logout-target-url: "http://localhost:8080/ui"
     forbidden-target-url: "http://localhost:8080/ui/login/forbidden"
     unauthorized-target-url: "http://localhost:8080/ui/login/unauthorized"
     login-failure-target-url: "http://localhost:8080/ui/login/failed"****

I got this now:

2023-01-16 12:03:42,679 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.http.context.event.HttpRequestReceivedEvent[source=POST /login]
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) received demand: 1
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) release message from buffer to satisfy demand: 1
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) emitting next message: {"username":"kafka-admin","password":"http://xxxxxxxxxxxx:8080/ui/login"}
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) received demand: 1
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) release message from buffer to satisfy demand: 1
2023-01-16 12:03:42,709 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) complete. Calling onComplete()
2023-01-16 12:03:42,710 DEBUG pGroup-1-4 .s.n.RoutingInBoundHandler Response 307 - POST /login
2023-01-16 12:03:42,710 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 12:03:42,710 TRACE pGroup-1-4 .ApplicationEventPublisher Established event listeners [io.micronaut.runtime.http.scope.RequestCustomScope@18776d51] for event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 12:03:42,710 TRACE pGroup-1-4 .ApplicationEventPublisher Invoking event listener [io.micronaut.runtime.http.scope.RequestCustomScope@18776d51] for event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 12:03:42,719 TRACE pGroup-1-5 i.m.h.s.n.NettyHttpServer  Server xxxxxx:8080 Received Request: GET /api/me
2023-01-16 12:03:42,719 DEBUG pGroup-1-5 .s.n.RoutingInBoundHandler Request GET /api/me
2023-01-16 12:03:42,719 TRACE pGroup-1-5 .s.n.RoutingInBoundHandler Matched route GET - /api/me to controller class org.akhq.controllers.AkhqController
2023-01-16 12:03:42,720 DEBUG pGroup-1-5 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-01-16 12:03:42,720 DEBUG pGroup-1-5 s.t.r.DefaultTokenResolver Request GET, /api/me, no token found.

[StefThomas]

You should use ``` before and after your pasted code to preserve indentation, for readability.

[StefThomas]

pGroup-1-5 s.t.r.DefaultTokenResolver Request GET, /api/me, no token found.

jwt:
signatures:
secret:
generator:
secret: "testTest"

According to the few tests I made, the string "testTest" is too short.

I saw you tried a longer string here (?), so you have obviously another issue, but still.

[FantFRS]

Yes I tried a longer string in jwt and password too, something changed on the log; this I saw that the password takes the good value from the UI but the result is the same on UI: wrong username or password:

pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) emitting next message: {"username":"kafka-admin","password":"**11111111111222222222222333333333333334444444444444444555555555555555555666666666666A55555555555555555**"}
2023-01-16 14:36:23,342 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) received demand: 1
2023-01-16 14:36:23,342 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) release message from buffer to satisfy demand: 1
2023-01-16 14:36:23,342 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) complete. Calling onComplete()
2023-01-16 14:36:23,343 DEBUG pGroup-1-4 .s.n.RoutingInBoundHandler Response 307 - POST /login
2023-01-16 14:36:23,343 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 14:36:23,343 TRACE pGroup-1-4 .ApplicationEventPublisher Established event listeners [io.micronaut.runtime.http.scope.RequestCustomScope@7dd93f72] for event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 14:36:23,343 TRACE pGroup-1-4 .ApplicationEventPublisher Invoking event listener [io.micronaut.runtime.http.scope.RequestCustomScope@7dd93f72] for event: io.micronaut.http.context.event.HttpRequestTerminatedEvent[source=POST /login]
2023-01-16 14:36:23,353 TRACE pGroup-1-5 i.m.h.s.n.NettyHttpServer  Server xxxxxxxxxxxxxx:8080 Received Request: GET /api/me
2023-01-16 14:36:23,353 DEBUG pGroup-1-5 .s.n.RoutingInBoundHandler Request GET /api/me
2023-01-16 14:36:23,353 TRACE pGroup-1-5 .s.n.RoutingInBoundHandler Matched route GET - /api/me to controller class org.akhq.controllers.AkhqController
2023-01-16 14:36:23,354 DEBUG pGroup-1-5 .t.r.HttpHeaderTokenReader Looking for bearer token in Authorization header
2023-01-16 14:36:23,354 DEBUG pGroup-1-5 s.t.r.DefaultTokenResolver Request GET, /api/me, no token found.

[FantFRS]

Any ideas please, still have the login issue :(

2023-01-19 17:51:49,277 DEBUG pGroup-1-4 i.m.s.f.SecurityFilter     Authorized request POST /login. The rule provider org.akhq.modules.SecuredAnnotationRuleWithDefault authorized the request.
2023-01-19 17:51:49,277 TRACE pGroup-1-4 i.m.c.DefaultBeanContext   Looking up existing bean for key: Content-Type: application/json HttpContentSubscriberFactory
2023-01-19 17:51:49,277 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.http.context.event.HttpRequestReceivedEvent[source=POST /login]
2023-01-19 17:51:49,277 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: IDLE) received demand: 2
2023-01-19 17:51:49,277 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher Demand received for next message (state = DEMANDING). Calling context.read()
2023-01-19 17:51:49,277 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) release message from buffer to satisfy demand: 2
2023-01-19 17:51:49,277 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) emitting next message: {"username":"user","password":"Azerty123456!"}
2023-01-19 17:51:49,278 TRACE pGroup-1-4 j.c.p.JacksonCoreProcessor Received upstream bytes of length: 50
2023-01-19 17:51:49,278 TRACE pGroup-1-4 j.c.p.JacksonCoreProcessor Materialized new JsonNode call onNext...
2023-01-19 17:51:49,278 TRACE pGroup-1-4 j.c.p.JacksonCoreProcessor More input required to parse JSON. Demanding more.
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher Demand received for next message (state = BUFFERING). Calling context.read()
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher Demand received for next message (state = DEMANDING). Calling context.read()
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) release message from buffer to satisfy demand: 1
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.h.n.r.HandlerPublisher HandlerPublisher (state: BUFFERING) complete. Calling onComplete()
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.c.DefaultBeanContext   Looking up existing bean for key: T
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.a.c.InterceptorChain   Intercepted method [Publisher login(UsernamePasswordCredentials usernamePasswordCredentials,HttpRequest request)] invocation on target: io.micronaut.security.endpoints.$LoginController$Definition$Intercepted@3115975b
2023-01-19 17:51:49,278 TRACE pGroup-1-4 i.m.a.c.InterceptorChain   Proceeded to next interceptor [io.micronaut.validation.ValidatingInterceptor@522684dc] in chain for method invocation: Publisher login(UsernamePasswordCredentials usernamePasswordCredentials,HttpRequest request)
2023-01-19 17:51:49,278 DEBUG pGroup-1-4 .b.DefaultBeanIntrospector Found BeanIntrospection for type: class io.micronaut.security.authentication.UsernamePasswordCredentials,
2023-01-19 17:51:49,278 DEBUG pGroup-1-4 i.m.s.a.Authenticator      org.akhq.modules.BasicAuthAuthenticationProvider
2023-01-19 17:51:49,279 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.security.event.LoginSuccessfulEvent[source=io.micronaut.security.authentication.ServerAuthentication@17dc4d56]
2023-01-19 17:51:49,279 DEBUG pGroup-1-4 ccessRefreshTokenGenerator Skipped refresh token generation because no io.micronaut.security.token.validator.RefreshTokenValidator implementation is present
2023-01-19 17:51:49,279 DEBUG pGroup-1-4 .g.c.JWTClaimsSetGenerator Setting expiration to 3600
2023-01-19 17:51:49,279 DEBUG pGroup-1-4 .g.c.JWTClaimsSetGenerator Generated claim set: {sub=user, nbf=1674147109, connectsFilterRegexp=[^test.*$], roles=[topic/read, topic/insert, topic/delete, topic/config/update, node/read, node/config/update, topic/data/read, topic/data/insert, topic/data/delete, group/read, group/delete, group/offsets/update, registry/read, registry/insert, registry/update, registry/delete, registry/version/delete, acls/read, connect/read, connect/insert, connect/update, connect/delete, connect/state/update], iss=akhq, exp=1674150709, iat=1674147109, consumerGroupsFilterRegexp=[consumer.*], topicsFilterRegexp=[test.*, test\.reader.*]}
2023-01-19 17:51:49,280 DEBUG pGroup-1-4 .ApplicationEventPublisher Publishing event: io.micronaut.security.token.event.AccessTokenGeneratedEvent[source=eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIiwibmJmIjoxNjc0MTQ3MTA5LCJjb25uZWN0c0ZpbHRlclJlZ2V4cCI6WyJedGVzdC4qJCJdLCJyb2xlcyI6WyJ0b3BpYy9yZWFkIiwidG9waWMvaW5zZXJ0IiwidG9waWMvZGVsZXRlIiwidG9waWMvY29uZmlnL3VwZGF0ZSIsIm5vZGUvcmVhZCIsIm5vZGUvY29uZmlnL3VwZGF0ZSIsInRvcGljL2RhdGEvcmVhZCIsInRvcGljL2RhdGEvaW5zZXJ0IiwidG9waWMvZGF0YS9kZWxldGUiLCJncm91cC9yZWFkIiwiZ3JvdXAvZGVsZXRlIiwiZ3JvdXAvb2Zmc2V0cy91cGRhdGUiLCJyZWdpc3RyeS9yZWFkIiwicmVnaXN0cnkvaW5zZXJ0IiwicmVnaXN0cnkvdXBkYXRlIiwicmVnaXN0cnkvZGVsZXRlIiwicmVnaXN0cnkvdmVyc2lvbi9kZWxldGUiLCJhY2xzL3JlYWQiLCJjb25uZWN0L3JlYWQiLCJjb25uZWN0L2luc2VydCIsImNvbm5lY3QvdXBkYXRlIiwiY29ubmVjdC9kZWxldGUiLCJjb25uZWN0L3N0YXRlL3VwZGF0ZSJdLCJpc3MiOiJha2hxIiwiZXhwIjoxNjc0MTUwNzA5LCJpYXQiOjE2NzQxNDcxMDksImNvbnN1bWVyR3JvdXBzRmlsdGVyUmVnZXhwIjpbImNvbnN1bWVyLioiXSwidG9waWNzRmlsdGVyUmVnZXhwIjpbInRlc3QuKiIsInRlc3RcXC5yZWFkZXIuKiJdfQ.53-ZOY03C9tqO2TommGC3Oj-QTI5O1tzBmk09w3lBzg]
2023-01-19 17:51:49,280 INFO  pGroup-1-4 org.akhq.log.access        [Date: 2023-01-19T17:51:49.277384+01:00] [Duration: 3 ms] [Url: POST /login] [Status: 303]

[FantFRS]

I Resolved this issue!
Tests were made inside bounce server (using proxy); I think it was a problem of redirection.
When tested outside of this server, authentification works.

Thank you for your help.

[resboul]

Not resolved for me. anonymous user is still here.
[Date: 2023-04-19T10:54:33.686799+02:00] [Duration: 433 ms] [Url: GET /api/dev00/topic/last-record] [Status: 200] [Ip: /..**.20] [User: Anonymous]
with this confiig:

### @version: 0.24.0
micronaut:
  security:
    default-group: no-roles
    enabled: true
    oauth2:
      enabled: false
  server:
    ssl:
      enabled: true
      port: 8087
      key-store:
        path: file:/app/akhq/akhq-0.24.0/conf/akhq.p12
        password: "mypass"
        type: PKCS12

[FantFRS]

Could you replace your block by this (it's working for me; I'm using SSL)

micronaut:
  ssl:
    enabled: true
    key-store:
      path: file:/xxx/xx/xxxxxxx.p12
      password: xxxxxxxxxxxx
      type: PKCS12
  security:
    enabled: true
    token:
      jwt:
        enabled: true
        bearer:
          enabled: true
        signatures:
          secret:
            generator:
              secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    endpoints:
      login:
        enabled: true
      logout:
        enabled: true

[resboul]

yes tested. redirection to /ui/login still not working

Is it related to this:
Take care that basic auth will use session store in the server memory. If your instance is behind a reverse proxy or a loadbalancer, you will need to forward the session cookie named SESSION and / or use

CF: https://artifacthub.io/packages/helm/akhq/akhq/0.2.4

[resboul]

Hello

this is working now.

@Version: 0.24.0

micronaut:
security:
enabled: true
default-group: no-roles
endpoints:
login:
enabled: true
logout:
enabled: true
oauth2:
enabled: false
server:
ssl:
enabled: true
port: 8080
key-store:
path: file:/app/akhq/akhq-0.24.0/conf/akhq.p12
password: ""
type: PKCS12
akhq:
connections:
conn1:
properties:
bootstrap.servers: ""
security.protocol: SSL
ssl.truststore.location: "/app/akhq/akhq-0.24.0/conf/.p12"
ssl.truststore.password: ""
ssl.keystore.location: "/app/akhq/akhq-0.24.0/conf/.p12"
ssl.keystore.password: ""
ssl.key.password: ""
schema-registry:
url: "****"

security:
enabled: true
default-group: default
groups:
default: no-roles
proj1-gr1:
name: proj1-gr1
roles:
- topic/read
- topic/insert
.
.
.