[
https://issues.apache.org/jira/browse/NIFI-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15868476#comment-15868476
]
ASF GitHub Bot commented on NIFI-3480:
--------------------------------------
GitHub user andrewmlim opened a pull request:
https://github.com/apache/nifi/pull/1512
NIFI-3480 Fix incorrect Admin Guide documentation regarding anonymous…
… access
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/andrewmlim/nifi NIFI-3480
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/1512.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1512
----
commit 720420d1f23b019d57e925e79dcc4db08bab1323
Author: Andrew Lim <andrewlim.apa...@gmail.com>
Date: 2017-02-15T19:56:03Z
NIFI-3480 Fix incorrect Admin Guide documentation regarding anonymous access
----
> Fix incorrect Admin Guide documentation regarding anonymous access
> ------------------------------------------------------------------
>
> Key: NIFI-3480
> URL: https://issues.apache.org/jira/browse/NIFI-3480
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Documentation & Website
> Affects Versions: 1.1.1
> Reporter: Andy LoPresto
> Assignee: Andrew Lim
> Priority: Trivial
> Labels: documentation, security
>
> The Admin Guide *Security Configuration* section states
> {quote}
> {{nifi.security.truststore}}
> Filename of the Truststore that will be used to authorize those connecting to
> NiFi. If not set, all who attempt to connect will be provided access as the
> *Anonymous* user.
> {quote}
> This is incorrect and misleading. The only way to configure a secured
> instance with anonymous access is via LDAP or Kerberos and configuration of
> the authorizer to explicitly allow anonymous access. Configuring a secured
> instance with no truststore will simply refuse all incoming connections.
> With {{nifi.security.needClientAuth}} set to {{true}} or empty (default):
> {code}
> 2017-02-14 12:03:05,546 WARN [Thread-1]
> org.apache.nifi.web.server.JettyServer Failed to stop web server
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'flowService': FactoryBean threw exception on object creation;
> nested exception is org.springframework.beans.factory.BeanCreationException:
> Error creating bean with name 'flowController': FactoryBean threw exception
> on object creation; nested exception is
> org.apache.nifi.framework.security.util.SslContextCreationException: Need
> client auth is set to 'true', but no truststore properties are configured.
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
> ~[na:na]
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> ~[na:na]
> at
> org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
> ~[na:na]
> at
> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextDestroyed(ApplicationStartupContextListener.java:103)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:845)
> ~[na:na]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:546)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:826)
> ~[na:na]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:356)
> ~[na:na]
> at
> org.eclipse.jetty.webapp.WebAppContext.stopWebapp(WebAppContext.java:1410)
> ~[na:na]
> at
> org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1374)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:874)
> ~[na:na]
> at
> org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:272)
> ~[na:na]
> at
> org.eclipse.jetty.webapp.WebAppContext.doStop(WebAppContext.java:544) ~[na:na]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
> ~[na:na]
> at
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
> ~[na:na]
> at
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
> ~[na:na]
> at org.eclipse.jetty.server.Server.doStop(Server.java:482) ~[na:na]
> at
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
> ~[na:na]
> at org.apache.nifi.web.server.JettyServer.stop(JettyServer.java:854)
> ~[na:na]
> at org.apache.nifi.NiFi.shutdownHook(NiFi.java:188)
> [nifi-runtime-1.2.0-SNAPSHOT.jar:1.2.0-SNAPSHOT]
> at org.apache.nifi.NiFi$2.run(NiFi.java:89)
> [nifi-runtime-1.2.0-SNAPSHOT.jar:1.2.0-SNAPSHOT]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
> Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'flowController': FactoryBean threw exception on
> object creation; nested exception is
> org.apache.nifi.framework.security.util.SslContextCreationException: Need
> client auth is set to 'true', but no truststore properties are configured.
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
> ~[na:na]
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
> ~[na:na]
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
> ~[na:na]
> at
> org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
> ~[na:na]
> at
> org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:48)
> ~[na:na]
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
> ~[na:na]
> ... 33 common frames omitted
> Caused by:
> org.apache.nifi.framework.security.util.SslContextCreationException: Need
> client auth is set to 'true', but no truststore properties are configured.
> at
> org.apache.nifi.framework.security.util.SslContextFactory.createSslContext(SslContextFactory.java:66)
> ~[na:na]
> at
> org.apache.nifi.controller.FlowController.<init>(FlowController.java:440)
> ~[na:na]
> at
> org.apache.nifi.controller.FlowController.createStandaloneInstance(FlowController.java:375)
> ~[na:na]
> at
> org.apache.nifi.spring.FlowControllerFactoryBean.getObject(FlowControllerFactoryBean.java:74)
> ~[na:na]
> at
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
> ~[na:na]
> ... 40 common frames omitted
> 2017-02-14 12:03:05,547 INFO [Thread-1] org.apache.nifi.NiFi Jetty web server
> shutdown completed (nicely or otherwise).
> {code}
> With {{nifi.security.needClientAuth}} explicitly set to {{false}}: no errors
> in {{logs/nifi-app.log}} but the browser will not be able to make a
> connection and will get the {{ERR_CONNECTION_REFUSED}} response.
> The Admin Guide should be updated to reflect the correct information.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
