mcgilman commented on issue #4099: NIFI-7170: Add option to disable anonymous authentication URL: https://github.com/apache/nifi/pull/4099#issuecomment-612885579 @alopresto I think I agree with you and I'm happy to update this PR to reflect that. However, I just want to reiterate so there is no confusion. Technically, we already do what you just suggested. If it is anonymous, we need to authorize it as such. This is the case today. The intent of this JIRA/PR was to disable default anonymous authentication. In other words, when the incoming request contains no attempted authentication the user becomes the anonymous user. This PR changes that to be disabled by default. The NiFi admin would need to opt in to this behavior. The case I'm highlighting right now is when the incoming request is proxied by a trusted source. In this scenario, the request is authenticated and authorized. It just happens that the end-user is anonymous. So in that way, it differs from the original intent here. However, I believe this would be the expected behavior when the NiFi admin sets this new property. Please confirm we are on the same page and I'm happy to update.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services