Nick, In 1.0.0 we've moved away from role based authorities in favor of fine grain access controls with a delegated authorizer. Whether an anonymous user is authorized would be a function of the configured authorizer. The authorizer is given details about the users request and it will make an access decision accordingly. I've created a JIRA [1] to update the bundled file based authorizer to optionally allow anonymous access.
Thanks. Matt [1] https://issues.apache.org/jira/browse/NIFI-2730 On Sat, Sep 3, 2016 at 3:56 PM, Nicholas Hughes < [email protected]> wrote: > In previous versions, it was possible to run the UI over HTTPS without > configuring users. In the most recent 0.x versions, I believe this was > accomplished through setting a "default" role for the Anonymous user in the > properties file. > > How is this done in 1.x? I've been reading through the Admin Guide and > playing with different settings, but I still can't seem to access the UI > anonymously over HTTPS. The most promising mention in the guide points > toward emptying the truststore properties: > > "nifi.security.truststore - Filename of the Truststore that will be used > to authorize those connecting to NiFi. If not set, all who attempt to > connect will be provided access as the *Anonymous* user." > > Given the past versions' expectation that the Anonymous user be defined a > role, I'm guessing that's the part that I'm missing. The properties file no > longer has a placeholder for setting the default role, so I assume that > function has moved into the new "authorizations" and/or "users" XML > files... but I'm not certain how to "hand jam" the proper information into > those files (or if that's even possible). > > Any assistance in setting up anonymous UI access over SSL is appreciated. > > -Nick > >
