[ 
https://issues.apache.org/jira/browse/NIFI-3480?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15870070#comment-15870070
 ] 

ASF subversion and git services commented on NIFI-3480:
-------------------------------------------------------

Commit 702a0dcf17d9a6e1372935ef0363fe59bd216a65 in nifi's branch 
refs/heads/master from [~andrewmlim]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=702a0dc ]

NIFI-3480 Fix incorrect Admin Guide documentation regarding anonymous access

This closes #1512


> Fix incorrect Admin Guide documentation regarding anonymous access
> ------------------------------------------------------------------
>
>                 Key: NIFI-3480
>                 URL: https://issues.apache.org/jira/browse/NIFI-3480
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Documentation & Website
>    Affects Versions: 1.1.1
>            Reporter: Andy LoPresto
>            Assignee: Andrew Lim
>            Priority: Trivial
>              Labels: documentation, security
>
> The Admin Guide *Security Configuration* section states
> {quote}
> {{nifi.security.truststore}}
> Filename of the Truststore that will be used to authorize those connecting to 
> NiFi. If not set, all who attempt to connect will be provided access as the 
> *Anonymous* user.
> {quote}
> This is incorrect and misleading. The only way to configure a secured 
> instance with anonymous access is via LDAP or Kerberos and configuration of 
> the authorizer to explicitly allow anonymous access. Configuring a secured 
> instance with no truststore will simply refuse all incoming connections. 
> With {{nifi.security.needClientAuth}} set to {{true}} or empty (default):
> {code}
> 2017-02-14 12:03:05,546 WARN [Thread-1] 
> org.apache.nifi.web.server.JettyServer Failed to stop web server
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'flowService': FactoryBean threw exception on object creation; 
> nested exception is org.springframework.beans.factory.BeanCreationException: 
> Error creating bean with name 'flowController': FactoryBean threw exception 
> on object creation; nested exception is 
> org.apache.nifi.framework.security.util.SslContextCreationException: Need 
> client auth is set to 'true', but no truststore properties are configured.
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
>  ~[na:na]
>       at 
> org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
>  ~[na:na]
>       at 
> org.apache.nifi.web.contextlistener.ApplicationStartupContextListener.contextDestroyed(ApplicationStartupContextListener.java:103)
>  ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.callContextDestroyed(ContextHandler.java:845)
>  ~[na:na]
>       at 
> org.eclipse.jetty.servlet.ServletContextHandler.callContextDestroyed(ServletContextHandler.java:546)
>  ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.stopContext(ContextHandler.java:826)
>  ~[na:na]
>       at 
> org.eclipse.jetty.servlet.ServletContextHandler.stopContext(ServletContextHandler.java:356)
>  ~[na:na]
>       at 
> org.eclipse.jetty.webapp.WebAppContext.stopWebapp(WebAppContext.java:1410) 
> ~[na:na]
>       at 
> org.eclipse.jetty.webapp.WebAppContext.stopContext(WebAppContext.java:1374) 
> ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doStop(ContextHandler.java:874)
>  ~[na:na]
>       at 
> org.eclipse.jetty.servlet.ServletContextHandler.doStop(ServletContextHandler.java:272)
>  ~[na:na]
>       at 
> org.eclipse.jetty.webapp.WebAppContext.doStop(WebAppContext.java:544) ~[na:na]
>       at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
>  ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
>  ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.stop(ContainerLifeCycle.java:143)
>  ~[na:na]
>       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStop(ContainerLifeCycle.java:161)
>  ~[na:na]
>       at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStop(AbstractHandler.java:73)
>  ~[na:na]
>       at org.eclipse.jetty.server.Server.doStop(Server.java:482) ~[na:na]
>       at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.stop(AbstractLifeCycle.java:89)
>  ~[na:na]
>       at org.apache.nifi.web.server.JettyServer.stop(JettyServer.java:854) 
> ~[na:na]
>       at org.apache.nifi.NiFi.shutdownHook(NiFi.java:188) 
> [nifi-runtime-1.2.0-SNAPSHOT.jar:1.2.0-SNAPSHOT]
>       at org.apache.nifi.NiFi$2.run(NiFi.java:89) 
> [nifi-runtime-1.2.0-SNAPSHOT.jar:1.2.0-SNAPSHOT]
>       at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
> Caused by: org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'flowController': FactoryBean threw exception on 
> object creation; nested exception is 
> org.apache.nifi.framework.security.util.SslContextCreationException: Need 
> client auth is set to 'true', but no truststore properties are configured.
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
>  ~[na:na]
>       at 
> org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1060)
>  ~[na:na]
>       at 
> org.apache.nifi.spring.StandardFlowServiceFactoryBean.getObject(StandardFlowServiceFactoryBean.java:48)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
>  ~[na:na]
>       ... 33 common frames omitted
> Caused by: 
> org.apache.nifi.framework.security.util.SslContextCreationException: Need 
> client auth is set to 'true', but no truststore properties are configured.
>       at 
> org.apache.nifi.framework.security.util.SslContextFactory.createSslContext(SslContextFactory.java:66)
>  ~[na:na]
>       at 
> org.apache.nifi.controller.FlowController.<init>(FlowController.java:440) 
> ~[na:na]
>       at 
> org.apache.nifi.controller.FlowController.createStandaloneInstance(FlowController.java:375)
>  ~[na:na]
>       at 
> org.apache.nifi.spring.FlowControllerFactoryBean.getObject(FlowControllerFactoryBean.java:74)
>  ~[na:na]
>       at 
> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
>  ~[na:na]
>       ... 40 common frames omitted
> 2017-02-14 12:03:05,547 INFO [Thread-1] org.apache.nifi.NiFi Jetty web server 
> shutdown completed (nicely or otherwise).
> {code}
> With {{nifi.security.needClientAuth}} explicitly set to {{false}}: no errors 
> in {{logs/nifi-app.log}} but the browser will not be able to make a 
> connection and will get the {{ERR_CONNECTION_REFUSED}} response. 
> The Admin Guide should be updated to reflect the correct information. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to