Thanks Matt, Reading your last sentence and the JIRA ticket, I gather this is not possible in 1.0.0 and the update to accommodate this configuration is forthcoming in a future release.
-Nick On Sun, Sep 4, 2016 at 12:18 AM, Matt Gilman <[email protected]> wrote: > Nick, > > In 1.0.0 we've moved away from role based authorities in favor of fine > grain access controls with a delegated authorizer. Whether an anonymous > user is authorized would be a function of the configured authorizer. The > authorizer is given details about the users request and it will make an > access decision accordingly. I've created a JIRA [1] to update the bundled > file based authorizer to optionally allow anonymous access. > > Thanks. > > Matt > > [1] https://issues.apache.org/jira/browse/NIFI-2730 > > On Sat, Sep 3, 2016 at 3:56 PM, Nicholas Hughes < > [email protected]> wrote: > >> In previous versions, it was possible to run the UI over HTTPS without >> configuring users. In the most recent 0.x versions, I believe this was >> accomplished through setting a "default" role for the Anonymous user in the >> properties file. >> >> How is this done in 1.x? I've been reading through the Admin Guide and >> playing with different settings, but I still can't seem to access the UI >> anonymously over HTTPS. The most promising mention in the guide points >> toward emptying the truststore properties: >> >> "nifi.security.truststore - Filename of the Truststore that will be used >> to authorize those connecting to NiFi. If not set, all who attempt to >> connect will be provided access as the *Anonymous* user." >> >> Given the past versions' expectation that the Anonymous user be defined a >> role, I'm guessing that's the part that I'm missing. The properties file no >> longer has a placeholder for setting the default role, so I assume that >> function has moved into the new "authorizations" and/or "users" XML >> files... but I'm not certain how to "hand jam" the proper information into >> those files (or if that's even possible). >> >> Any assistance in setting up anonymous UI access over SSL is appreciated. >> >> -Nick >> >> >
