Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-2730

File Authorizer - Support configurable anonymous access

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Core Framework, Extensions
    • Labels:
      None

      Description

      In 1.0.0 a delegated authorization model is used to make access decisions. Whether or not an anonymous user is allowed would be a function of the authorizer.

      Additionally, may need a framework property to indicate if we want to authenticate anonymous users.

        Activity

        Hide
        nicholasmhughes Nicholas Hughes added a comment -

        Require the ability to assign arbitrary access permissions to the Anonymous user when unauthenticated users hit the SSL secured UI. This functionality would be similar to the default roles assigned to Anonymous access in the most recent 0.x versions. Example: The web UI is SSL secured, but a user not presenting a certificate can have read-only access to the entire graph and maybe access to stop/start things inside of X process group. Permissions assigned to Anonymous should be decided by the Admin.

        Show
        nicholasmhughes Nicholas Hughes added a comment - Require the ability to assign arbitrary access permissions to the Anonymous user when unauthenticated users hit the SSL secured UI. This functionality would be similar to the default roles assigned to Anonymous access in the most recent 0.x versions. Example: The web UI is SSL secured, but a user not presenting a certificate can have read-only access to the entire graph and maybe access to stop/start things inside of X process group. Permissions assigned to Anonymous should be decided by the Admin.
        Hide
        bende Bryan Bende added a comment -

        If NiFi is configured with one-way SSL, and has no other identity provider configured, should we even be performing authorization?

        At that point we have no way of authenticating users, and TLS/SSL is just being used to encrypt the communication and verify the identity of NiFI.

        Show
        bende Bryan Bende added a comment - If NiFi is configured with one-way SSL, and has no other identity provider configured, should we even be performing authorization? At that point we have no way of authenticating users, and TLS/SSL is just being used to encrypt the communication and verify the identity of NiFI.

          People

          • Assignee:
            Unassigned
            Reporter:
            mcgilman Matt Gilman
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:

              Development