[ https://issues.apache.org/jira/browse/NIFI-2059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15347037#comment-15347037 ]
ASF GitHub Bot commented on NIFI-2059: -------------------------------------- Github user markap14 commented on a diff in the pull request: https://github.com/apache/nifi/pull/572#discussion_r68300354 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/replication/ThreadPoolRequestReplicator.java --- @@ -210,6 +212,15 @@ public AsyncClusterResponse replicate(Set<NodeIdentifier> nodeIds, String method final Map<String, String> updatedHeaders = new HashMap<>(headers); updatedHeaders.put(RequestReplicator.CLUSTER_ID_GENERATION_SEED_HEADER, UUID.randomUUID().toString()); updatedHeaders.put(RequestReplicator.REPLICATION_INDICATOR_HEADER, "true"); + + // If the user is authenticated, add them as a proxied entity so that when the receiving NiFi receives the request, + // it knows that we are acting as a proxy on behalf of the current user. + final NiFiUser user = NiFiUserUtils.getNiFiUser(); + if (user != null && !user.equals(NiFiUser.ANONYMOUS)) { --- End diff -- Good call > Secure cluster request replication > ---------------------------------- > > Key: NIFI-2059 > URL: https://issues.apache.org/jira/browse/NIFI-2059 > Project: Apache NiFi > Issue Type: Bug > Components: Core Framework > Reporter: Matt Gilman > Priority: Blocker > Fix For: 1.0.0 > > > I attempted to stand up a secure cluster and was having issues with request > replication. It appears that with the current approach every node will need > to authorize every other node as a proxy and we need to ensure those requests > are being replicated on behalf of the end user. -- This message was sent by Atlassian JIRA (v6.3.4#6332)