[jira] [Commented] (NIFI-5019) ListenHTTP processor : Add basic authentication

Tue, 27 Mar 2018 09:29:59 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-5019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16415877#comment-16415877
 ] 

ASF GitHub Bot commented on NIFI-5019:
--------------------------------------

Github user bbende commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/2585#discussion_r177489251
  
    --- Diff: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java
 ---
    @@ -213,6 +260,8 @@ private void createHttpServerFromService(final 
ProcessContext context) throws Ex
             final Double maxBytesPerSecond = 
context.getProperty(MAX_DATA_RATE).asDataSize(DataUnit.B);
             final StreamThrottler streamThrottler = (maxBytesPerSecond == 
null) ? null : new LeakyBucketStreamThrottler(maxBytesPerSecond.intValue());
             final int returnCode = 
context.getProperty(RETURN_CODE).asInteger();
    +        final String authenticationUsername = 
trimToEmpty(context.getProperty(PROP_BASIC_AUTH_USERNAME).evaluateAttributeExpressions().getValue());
    +        final String authenticationPassword = 
trimToEmpty(context.getProperty(PROP_BASIC_AUTH_PASSWORD).evaluateAttributeExpressions().getValue());
    --- End diff --
    
    Should there be a custom validate that ensures that when username is set 
that password is also set?
    
    Also, should it be a requirement that an SSLContext is provided when using 
basic auth? 
    
    If not, then it seems very insecure for the external client to be 
submitting the basic auth credentials over plain http.


> ListenHTTP processor : Add basic authentication
> -----------------------------------------------
>
>                 Key: NIFI-5019
>                 URL: https://issues.apache.org/jira/browse/NIFI-5019
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Core Framework
>    Affects Versions: 1.6.0
>         Environment: All
>            Reporter: Sébastien Bouchex Bellomié
>            Priority: Minor
>
> The feature added basic authentication to the ListenHTTP processor.
> If username & password are left empty (default settings), the processor works 
> as previously.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to