I'm working on securing NiFi 1.1.0 with SSL. As I'm following a tutorial
[1] written for 0.x, I'm attempting to use the legacy option in
/conf/authorizers.//xml/:
<authorizer>
<identifier>file-provider</identifier>
<class>org.apache.nifi.authorization.FileAuthorizer</class>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="Users File">./conf/users.xml</property>
<property name="Initial Admin Identity"></property>
* <property name="Legacy Authorized Users
File">./conf/authorized-users.xml</property>*
<!-- Provide the identity (typically a DN) of each node when
clustered, see above description of Node Identity.
<property name="Node Identity 1"></property>
<property name="Node Identity 2"></property>
-->
</authorizer>
I fixed complaints of missing /users.xml/ already by supplying
/conf/users.xml/, no default for which exists:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<users/>
It would appear that this is insufficient (/logs/nifi-app.log/):
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired
dependencies failed; nested exception is
org.springframework.beans.factory.BeanCreationException: Could not
autowire method: public void
org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setX509AuthenticationProvider(org.apache.nifi.web.security.x509.X509AuthenticationProvider);
nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'x509AuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to
bean 'authorizer' while setting constructor argument; nested exception
is org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on
object creation; nested exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException:
javax.xml.bind.UnmarshalException
- with linked exception:
*[org.xml.sax.SAXParseException; systemId:
file:/home/russ/dev/nifi/secure-nifi/nifi-1.1.0/./conf/users.xml;
lineNumber: 2; columnNumber: 9; cvc-elt.1: Cannot find the declaration
of element 'users'.]*
I'm defining users by means of a 0.x /authorized-users.xml/ file, not
the /users.xml/ file. There are no examples I can find of /users.xml/
and /authorizations.xml/, empty or otherwise, to compare with existing,
functioning NiFi 0.x installations, so I can't tell if the whole legacy
option just doesn't work anyway or if it's just that I've got stuff
wrong still.
Grateful for comments or samples of working /users.xml/ and
/authoriz//ations.xml/.
[1] http://www.batchiq.com/nifi-configuring-ssl-auth.html
