For the 0.x instance, can you elaborate on "it was not working"? You should be able to point set "Legacy Authorized Users File" in authorizers.xml to point to your old file, and leave the Initial Admin blank.
On Tue, Dec 20, 2016 at 2:17 PM, Russell Bateman <[email protected]> wrote: > Just getting time to return to this... > > Bryan > > First, I was trying to follow the admin guide for converting an existing > 0.x instance. It was not working. > > Second, however, I walked your tutorial successfully and created a secure > instance of NiFi (I'm not, at this moment, interested in creating a > cluster). I'm at least as interested in doing a native 1.x instance as > converting an old 0.x instance. > > Thanks, > > Russ > > > On 12/16/2016 04:05 PM, Bryan Bende wrote: > >> Russell, >> >> If you are starting with an existing 1.x installation then this post has a >> tutorial that should cover all the steps to secure the installation: >> >> http://bryanbende.com/development/2016/08/17/apache-nifi-1- >> 0-0-authorization-and-multi-tenancy >> >> The short version is you should not have to create users.xml or >> authorizations.xml, NiFi will do that for you the first time it starts >> secured based on your authorizers.xml. >> >> If you are converting an existing 0.x instance there is a way to auto >> convert that through a property in authorizers.xml, and it should be >> explained in the admin guide as well. >> >> Hope that helps. >> >> -Bryan >> >> On Fri, Dec 16, 2016 at 5:21 PM Russell Bateman <[email protected]> >> wrote: >> >> I'm working on securing NiFi 1.1.0 with SSL. As I'm following a tutorial >>> >>> [1] written for 0.x, I'm attempting to use the legacy option in >>> >>> /conf/authorizers.//xml/: >>> >>> >>> >>> <authorizer> >>> >>> <identifier>file-provider</identifier> >>> >>> <class>org.apache.nifi.authorization.FileAuthorizer</class> >>> >>> <property name="Authorizations >>> >>> File">./conf/authorizations.xml</property> >>> >>> <property name="Users File">./conf/users.xml</property> >>> >>> <property name="Initial Admin Identity"></property> >>> >>> * <property name="Legacy Authorized Users >>> >>> File">./conf/authorized-users.xml</property>* >>> >>> >>> >>> <!-- Provide the identity (typically a DN) of each node when >>> >>> clustered, see above description of Node Identity. >>> >>> <property name="Node Identity 1"></property> >>> >>> <property name="Node Identity 2"></property> >>> >>> --> >>> >>> </authorizer> >>> >>> >>> >>> >>> >>> I fixed complaints of missing /users.xml/ already by supplying >>> >>> /conf/users.xml/, no default for which exists: >>> >>> >>> >>> <?xml version="1.0" encoding="UTF-8" standalone="yes"?> >>> >>> <users/> >>> >>> >>> >>> >>> >>> It would appear that this is insufficient (/logs/nifi-app.log/): >>> >>> >>> >>> org.springframework.beans.factory.BeanCreationException: Error creating >>> >>> bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired >>> >>> dependencies failed; nested exception is >>> >>> org.springframework.beans.factory.BeanCreationException: Could not >>> >>> autowire method: public void >>> >>> >>> org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setX509A >>> uthenticationProvider(org.apache.nifi.web.security.x509. >>> X509AuthenticationProvider); >>> >>> nested exception is >>> >>> org.springframework.beans.factory.BeanCreationException: Error creating >>> >>> bean with name 'x509AuthenticationProvider' defined in class path >>> >>> resource [nifi-web-security-context.xml]: Cannot resolve reference to >>> >>> bean 'authorizer' while setting constructor argument; nested exception >>> >>> is org.springframework.beans.factory.BeanCreationException: Error >>> >>> creating bean with name 'authorizer': FactoryBean threw exception on >>> >>> object creation; nested exception is >>> >>> org.apache.nifi.authorization.exception.AuthorizerCreationException: >>> >>> javax.xml.bind.UnmarshalException >>> >>> - with linked exception: >>> >>> *[org.xml.sax.SAXParseException; systemId: >>> >>> file:/home/russ/dev/nifi/secure-nifi/nifi-1.1.0/./conf/users.xml; >>> >>> lineNumber: 2; columnNumber: 9; cvc-elt.1: Cannot find the declaration >>> >>> of element 'users'.]* >>> >>> >>> >>> I'm defining users by means of a 0.x /authorized-users.xml/ file, not >>> >>> the /users.xml/ file. There are no examples I can find of /users.xml/ >>> >>> and /authorizations.xml/, empty or otherwise, to compare with existing, >>> >>> functioning NiFi 0.x installations, so I can't tell if the whole legacy >>> >>> option just doesn't work anyway or if it's just that I've got stuff >>> >>> wrong still. >>> >>> >>> >>> Grateful for comments or samples of working /users.xml/ and >>> >>> /authoriz//ations.xml/. >>> >>> >>> >>> [1] http://www.batchiq.com/nifi-configuring-ssl-auth.html >>> >>> -- >>> >> Sent from Gmail Mobile >> >> >
