Add option to define some auth credentials to restrict access to the /db-scheduler-ui path

[afrancis-caregility]

Hi,
It would be great if you could add 1 or 2 runtime properties to setup authenticated access to the UI.
At least basic auth popup would be appreciated especially for applications exposed over the internet.

[kagkarlsson]

I think you should be able to add this yourself via for example a Spring Security filter

[driesva]

That's exactly what we did, we have a SecurityFilterChain protecting the db-scheduler-ui URLs.

One slight issue is that in case your session is expired, you do not actually notice it. Might be solved in the frontend by e.g.

    if (response.status == 401) {
        document.location.href = '/db-scheduler';
    }

(or kind of popup indicating you have to re-login)

Another thing related to security is authorization, currently it's an all or nothing approach. Either you have no access or full access. Ideally there would be read-only mode. Where you can just view the scheduling, but not alter it. With Spring Security there's a way to deny POST requests for certain roles. But ideally the buttons to alter tasks do not appear.

This read-only mode might maybe be useful even without Spring Security, e.g. via configuration db-scheduler-ui.read-only=true

[driesva]

I worked out my ideas in PR #129

Feel free to accept, improve or even reject it.