[
https://issues.apache.org/jira/browse/NIFI-2059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15347037#comment-15347037
]
ASF GitHub Bot commented on NIFI-2059:
--------------------------------------
Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/572#discussion_r68300354
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/ThreadPoolRequestReplicator.java
---
@@ -210,6 +212,15 @@ public AsyncClusterResponse
replicate(Set<NodeIdentifier> nodeIds, String method
final Map<String, String> updatedHeaders = new HashMap<>(headers);
updatedHeaders.put(RequestReplicator.CLUSTER_ID_GENERATION_SEED_HEADER,
UUID.randomUUID().toString());
updatedHeaders.put(RequestReplicator.REPLICATION_INDICATOR_HEADER,
"true");
+
+ // If the user is authenticated, add them as a proxied entity so
that when the receiving NiFi receives the request,
+ // it knows that we are acting as a proxy on behalf of the current
user.
+ final NiFiUser user = NiFiUserUtils.getNiFiUser();
+ if (user != null && !user.equals(NiFiUser.ANONYMOUS)) {
--- End diff --
Good call
> Secure cluster request replication
> ----------------------------------
>
> Key: NIFI-2059
> URL: https://issues.apache.org/jira/browse/NIFI-2059
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Matt Gilman
> Priority: Blocker
> Fix For: 1.0.0
>
>
> I attempted to stand up a secure cluster and was having issues with request
> replication. It appears that with the current approach every node will need
> to authorize every other node as a proxy and we need to ensure those requests
> are being replicated on behalf of the end user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
