[
https://issues.apache.org/jira/browse/NIFI-15081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Gilman updated NIFI-15081:
-------------------------------
Fix Version/s: 2.7.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Deprecate Anonymous Authentication over HTTPS for Removal
> ---------------------------------------------------------
>
> Key: NIFI-15081
> URL: https://issues.apache.org/jira/browse/NIFI-15081
> Project: Apache NiFi
> Issue Type: Task
> Components: Core Framework, Security
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.7.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Earlier versions of Apache NiFi supported anonymous authentication over HTTPS
> in specific scenarios, relying on authorization to restrict access. NiFi
> 1.12.0 introduced an application property to allow anonymous authentication,
> which was disabled in the default distribution. This feature provided a
> temporary workaround for access to certain advanced user interface resources
> until NiFi 1.14.0, which removed the need for this workaround.
> NiFi continues to support HTTPS as the default and recommended configuration,
> with authentication and authorization required. NiFi also supports optional
> access with HTTP, without any authentication or authorization required. With
> these two modes supported, the application property to allow anonymous
> authentication over HTTPS should be deprecated for removal.
> As noted in the current Administrator's Guide, the default File Authorizer
> does not support access from anonymous users. With this status, and the
> default status of disabled for anonymous authentication, this feature should
> be considered for removal in the near future, after a release that includes a
> deprecation warning.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
