[jira] [Commented] (NIFI-15081) Deprecate Anonymous Authentication over HTTPS for Removal

Fri, 17 Oct 2025 17:00:52 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-15081?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18029104#comment-18029104
 ] 

ASF subversion and git services commented on NIFI-15081:
--------------------------------------------------------

Commit a9a4338fbbc2bb1d3a409b12bbf471e6cd2ee270 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=a9a4338fbb ]

NIFI-15081 Deprecated Anonymous Authentication over HTTPS for Removal (#10408)



> Deprecate Anonymous Authentication over HTTPS for Removal
> ---------------------------------------------------------
>
>                 Key: NIFI-15081
>                 URL: https://issues.apache.org/jira/browse/NIFI-15081
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Core Framework, Security
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Earlier versions of Apache NiFi supported anonymous authentication over HTTPS 
> in specific scenarios, relying on authorization to restrict access. NiFi 
> 1.12.0 introduced an application property to allow anonymous authentication, 
> which was disabled in the default distribution. This feature provided a 
> temporary workaround for access to certain advanced user interface resources 
> until NiFi 1.14.0, which removed the need for this workaround.
> NiFi continues to support HTTPS as the default and recommended configuration, 
> with authentication and authorization required. NiFi also supports optional 
> access with HTTP, without any authentication or authorization required. With 
> these two modes supported, the application property to allow anonymous 
> authentication over HTTPS should be deprecated for removal.
> As noted in the current Administrator's Guide, the default File Authorizer 
> does not support access from anonymous users. With this status, and the 
> default status of disabled for anonymous authentication, this feature should 
> be considered for removal in the near future, after a release that includes a 
> deprecation warning.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to