David Handermann created NIFI-15081:
---------------------------------------
Summary: Deprecate Anonymous Authentication over HTTPS for Removal
Key: NIFI-15081
URL: https://issues.apache.org/jira/browse/NIFI-15081
Project: Apache NiFi
Issue Type: Task
Components: Core Framework, Security
Reporter: David Handermann
Assignee: David Handermann
Earlier versions of Apache NiFi supported anonymous authentication over HTTPS
in specific scenarios, relying on authorization to restrict access. NiFi 1.12.0
introduced an application property to allow anonymous authentication, which was
disabled in the default distribution. This feature provided a temporary
workaround for access to certain advanced user interface resources until NiFi
1.14.0, which removed the need for this workaround.
NiFi continues to support HTTPS as the default and recommended configuration,
with authentication and authorization required. NiFi also supports optional
access with HTTP, without any authentication or authorization required. With
these two modes supported, the application property to allow anonymous
authentication over HTTPS should be deprecated for removal.
As noted in the current Administrator's Guide, the default File Authorizer does
not support access from anonymous users. With this status, and the default
status of disabled for anonymous authentication, this feature should be
considered for removal in the near future, after a release that includes a
deprecation warning.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
