For authorization it is not possible. If you implemented a custom authorizer that supported anonymous access that portion would be possible. No authorizer in 1.0.0 supported this.
For authentication it is possible but it's not as clear as it should be. Enabling username/password or kerb SPNEGO would support want client auth. However, these shouldn't need to be enable to achieve what your looking for. That's why I added the comment to the JIRA. Can you please add some commentary to the JIRA to describe you use case a bit further? With component based authorization, what sort of access are you interested in providing to anonymous users? Thanks Matt Sent from my iPhone > On Sep 4, 2016, at 7:48 AM, Nicholas Hughes <[email protected]> > wrote: > > Thanks Matt, > > Reading your last sentence and the JIRA ticket, I gather this is not possible > in 1.0.0 and the update to accommodate this configuration is forthcoming in a > future release. > > -Nick > > >> On Sun, Sep 4, 2016 at 12:18 AM, Matt Gilman <[email protected]> wrote: >> Nick, >> >> In 1.0.0 we've moved away from role based authorities in favor of fine grain >> access controls with a delegated authorizer. Whether an anonymous user is >> authorized would be a function of the configured authorizer. The authorizer >> is given details about the users request and it will make an access decision >> accordingly. I've created a JIRA [1] to update the bundled file based >> authorizer to optionally allow anonymous access. >> >> Thanks. >> >> Matt >> >> [1] https://issues.apache.org/jira/browse/NIFI-2730 >> >>> On Sat, Sep 3, 2016 at 3:56 PM, Nicholas Hughes >>> <[email protected]> wrote: >>> In previous versions, it was possible to run the UI over HTTPS without >>> configuring users. In the most recent 0.x versions, I believe this was >>> accomplished through setting a "default" role for the Anonymous user in the >>> properties file. >>> >>> How is this done in 1.x? I've been reading through the Admin Guide and >>> playing with different settings, but I still can't seem to access the UI >>> anonymously over HTTPS. The most promising mention in the guide points >>> toward emptying the truststore properties: >>> >>> "nifi.security.truststore - Filename of the Truststore that will be used to >>> authorize those connecting to NiFi. If not set, all who attempt to connect >>> will be provided access as the Anonymous user." >>> >>> Given the past versions' expectation that the Anonymous user be defined a >>> role, I'm guessing that's the part that I'm missing. The properties file no >>> longer has a placeholder for setting the default role, so I assume that >>> function has moved into the new "authorizations" and/or "users" XML >>> files... but I'm not certain how to "hand jam" the proper information into >>> those files (or if that's even possible). >>> >>> Any assistance in setting up anonymous UI access over SSL is appreciated. >>> >>> -Nick >
