subject:"\[jira\] \[Commented\] \(NIFI\-5146\) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues"

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-09 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469012#comment-16469012
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user asfgit closed the pull request at:

https://github.com/apache/nifi/pull/2683


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Affects Versions: 1.6.0
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>  Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-09 Thread ASF subversion and git services (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16469008#comment-16469008
 ] 

ASF subversion and git services commented on NIFI-5146:
---

Commit 7a4990e7fe7c38c95b4ee1436a822428ff1f5f98 in nifi's branch 
refs/heads/master from [~alopresto]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=7a4990e ]

NIFI-5146 Only support HTTP or HTTPS operation for NiFi API/UI

- Added logic to check for simultaneous configuration of HTTP and HTTPS 
connectors in JettyServer.
- Added test logging resources. Added unit tests.
- Refactored shared functionality to generic method which accepts lambdas.
  Fixed unit test with logging side effects.
- Added note about exclusive HTTP/HTTPS behavior to Admin Guide. Fixed typos.

This closes #2683.

Signed-off-by: Kevin Doran 


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Affects Versions: 1.6.0
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>  Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-08 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16468218#comment-16468218
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2683
  
@kevdoran Fixed the copy/paste error and added an explicit unit test to 
ensure that mistake is not made again. Thanks. 


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Affects Versions: 1.6.0
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>  Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-07 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466312#comment-16466312
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2683#discussion_r186512542
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
 ---
@@ -601,106 +601,144 @@ private void configureConnectors(final Server 
server) throws ServerConfiguration
 httpConfiguration.setRequestHeaderSize(headerSize);
 httpConfiguration.setResponseHeaderSize(headerSize);
 
-if (props.getPort() != null) {
-final Integer port = props.getPort();
-if (port < 0 || (int) Math.pow(2, 16) <= port) {
-throw new ServerConfigurationException("Invalid HTTP port: 
" + port);
-}
+// Check if both HTTP and HTTPS connectors are configured and fail 
if both are configured
+if (bothHttpAndHttpsConnectorsConfigured(props)) {
+logger.error("NiFi only supports one mode of HTTP or HTTPS 
operation, not both simultaneously. " +
+"Check the nifi.properties file and ensure that either 
the HTTP hostname and port or the HTTPS hostname and port are empty");
+startUpFailure(new IllegalStateException("Only one of the HTTP 
and HTTPS connectors can be configured at one time"));
+}
 
-logger.info("Configuring Jetty for HTTP on port: " + port);
+if (props.getSslPort() != null) {
+configureHttpsConnector(server, httpConfiguration);
+} else if (props.getPort() != null) {
+configureHttpConnector(server, httpConfiguration);
+} else {
+logger.error("Neither the HTTP nor HTTPS connector was 
configured in nifi.properties");
+startUpFailure(new IllegalStateException("Must configure HTTP 
or HTTPS connector"));
+}
+}
 
-final List serverConnectors = Lists.newArrayList();
+/**
+ * Configures an HTTPS connector and adds it to the server.
+ *
+ * @param server the Jetty server instance
+ * @param httpConfiguration the configuration object for the HTTPS 
protocol settings
+ */
+private void configureHttpsConnector(Server server, HttpConfiguration 
httpConfiguration) {
+String hostname = props.getProperty(NiFiProperties.WEB_HTTP_HOST);
--- End diff --

Good catch. Copied and pasted too many times. 


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Affects Versions: 1.6.0
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>  Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-07 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466280#comment-16466280
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user kevdoran commented on a diff in the pull request:

https://github.com/apache/nifi/pull/2683#discussion_r186499568
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
 ---
@@ -601,106 +601,144 @@ private void configureConnectors(final Server 
server) throws ServerConfiguration
 httpConfiguration.setRequestHeaderSize(headerSize);
 httpConfiguration.setResponseHeaderSize(headerSize);
 
-if (props.getPort() != null) {
-final Integer port = props.getPort();
-if (port < 0 || (int) Math.pow(2, 16) <= port) {
-throw new ServerConfigurationException("Invalid HTTP port: 
" + port);
-}
+// Check if both HTTP and HTTPS connectors are configured and fail 
if both are configured
+if (bothHttpAndHttpsConnectorsConfigured(props)) {
+logger.error("NiFi only supports one mode of HTTP or HTTPS 
operation, not both simultaneously. " +
+"Check the nifi.properties file and ensure that either 
the HTTP hostname and port or the HTTPS hostname and port are empty");
+startUpFailure(new IllegalStateException("Only one of the HTTP 
and HTTPS connectors can be configured at one time"));
+}
 
-logger.info("Configuring Jetty for HTTP on port: " + port);
+if (props.getSslPort() != null) {
+configureHttpsConnector(server, httpConfiguration);
+} else if (props.getPort() != null) {
+configureHttpConnector(server, httpConfiguration);
+} else {
+logger.error("Neither the HTTP nor HTTPS connector was 
configured in nifi.properties");
+startUpFailure(new IllegalStateException("Must configure HTTP 
or HTTPS connector"));
+}
+}
 
-final List serverConnectors = Lists.newArrayList();
+/**
+ * Configures an HTTPS connector and adds it to the server.
+ *
+ * @param server the Jetty server instance
+ * @param httpConfiguration the configuration object for the HTTPS 
protocol settings
+ */
+private void configureHttpsConnector(Server server, HttpConfiguration 
httpConfiguration) {
+String hostname = props.getProperty(NiFiProperties.WEB_HTTP_HOST);
--- End diff --

Unless I'm missing something, this should be `NiFiProperties.WEB_HTTPS_HOST`


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Affects Versions: 1.6.0
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>  Labels: hostname, http, https, security
> Fix For: 1.7.0
>
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-07 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466174#comment-16466174
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user kevdoran commented on the issue:

https://github.com/apache/nifi/pull/2683
  
Will review...


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-07 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466140#comment-16466140
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

Github user alopresto commented on the issue:

https://github.com/apache/nifi/pull/2683
  
If NiFi is configured with both HTTP and HTTPS settings present, startup 
will fail and the error will look like the following:

```
2018-05-04 10:01:27,990 WARN [main] org.apache.nifi.web.server.JettyServer 
Both the HTTP and HTTPS connectors are configured in nifi.properties. Only one 
of these connectors should be configured. See the NiFi Admin Guide for more 
details
2018-05-04 10:01:27,990 WARN [main] org.apache.nifi.web.server.JettyServer 
HTTP connector:   http://:8080
2018-05-04 10:01:27,991 WARN [main] org.apache.nifi.web.server.JettyServer 
HTTPS connector: https://:8443
2018-05-04 10:01:27,991 ERROR [main] org.apache.nifi.web.server.JettyServer 
NiFi only supports one mode of HTTP or HTTPS operation, not both 
simultaneously. Check the nifi.properties file and ensure that either the HTTP 
hostname and port or the HTTPS hostname and port are empty
2018-05-04 10:01:27,994 WARN [main] org.apache.nifi.web.server.JettyServer 
Failed to start web server... shutting down.
java.lang.IllegalStateException: Only one of the HTTP and HTTPS connectors 
can be configured at one time
at 
org.apache.nifi.web.server.JettyServer.configureConnectors(JettyServer.java:608)
at org.apache.nifi.web.server.JettyServer.(JettyServer.java:153)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.apache.nifi.NiFi.(NiFi.java:150)
at org.apache.nifi.NiFi.(NiFi.java:71)
at org.apache.nifi.NiFi.main(NiFi.java:292)
2018-05-04 10:01:27,995 INFO [Thread-1] org.apache.nifi.NiFi Initiating 
shutdown of Jetty web server...
2018-05-04 10:01:27,996 INFO [Thread-1] org.apache.nifi.NiFi Jetty web 
server shutdown completed (nicely or otherwise).
```


> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-07 Thread ASF GitHub Bot (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466122#comment-16466122
 ] 

ASF GitHub Bot commented on NIFI-5146:
--

GitHub user alopresto opened a pull request:

https://github.com/apache/nifi/pull/2683

NIFI-5146

Thank you for submitting a contribution to Apache NiFi.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced 
 in the commit message?

- [x] Does your PR title start with NIFI- where  is the JIRA number 
you are trying to resolve? Pay particular attention to the hyphen "-" character.

- [x] Has your PR been rebased against the latest commit within the target 
branch (typically master)?

- [ ] Is your initial contribution a single, squashed commit?

### For code changes:
- [x] Have you ensured that the full suite of tests is executed via mvn 
-Pcontrib-check clean install at the root nifi folder?
- [x] Have you written or updated unit tests to verify your changes?
- [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)? 
- [ ] If applicable, have you updated the LICENSE file, including the main 
LICENSE file under nifi-assembly?
- [ ] If applicable, have you updated the NOTICE file, including the main 
NOTICE file found under nifi-assembly?
- [ ] If adding new Properties, have you added .displayName in addition to 
.name (programmatic access) for each of the new properties?

### For documentation related changes:
- [x] Have you ensured that format looks appropriate for the output in 
which it is rendered?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.


You can merge this pull request into a Git repository by running:

$ git pull https://github.com/alopresto/nifi NIFI-5146

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/2683.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #2683


commit 52d47c089973f8d8b56c528f6cbfd3500188da69
Author: Andy LoPresto 
Date:   2018-05-03T23:02:19Z

NIFI-5146 Added logic to check for simultaneous configuration of HTTP and 
HTTPS connectors in JettyServer.

commit c4630a8081f5399d672dae1b10840990ca17f787
Author: Andy LoPresto 
Date:   2018-05-05T01:16:34Z

NIFI-5146 Added test logging resources.
Added unit tests.

commit e3e0d6540d1cd26057025d4fa18cacc61d5946bc
Author: Andy LoPresto 
Date:   2018-05-05T03:26:01Z

NIFI-5146 Refactored shared functionality to generic method which accepts 
lambdas.
Fixed unit test with logging side effects.

commit 7bd5be9297a0adeb202f28a781d24d0a174b20fe
Author: Andy LoPresto 
Date:   2018-05-07T16:40:58Z

NIFI-5146 Added note about exclusive HTTP/HTTPS behavior to Admin Guide.
Fixed typos.




> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to als

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

2018-05-03 Thread Andy LoPresto (JIRA)


[ 
https://issues.apache.org/jira/browse/NIFI-5146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16462722#comment-16462722
 ] 

Andy LoPresto commented on NIFI-5146:
-

I agree with Aldrin that simultaneous support of HTTP and HTTPS interfaces does 
not make sense. This was a legacy design decision for an edge case which is no 
longer supported. All current documentation indicates one or the other should 
be selected. 

I will implement a check during Jetty startup which ensures that only one mode 
is configured and prevents startup with both configured. 

> Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues
> ---
>
> Key: NIFI-5146
> URL: https://issues.apache.org/jira/browse/NIFI-5146
> Project: Apache NiFi
>  Issue Type: Improvement
>Reporter: Aldrin Piri
>Assignee: Andy LoPresto
>Priority: Major
>
> The host header whitelisting evaluation is only done when NiFi is configured 
> in secure mode, determined by the setting of an HTTPS port.  (see 
> https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java#L161
>  and 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L190).]
> However, in the case where both are enabled, the HTTP port is not enumerated 
> in possible combinations and explicit inclusions of a given socket that would 
> be HTTP is stripped via 
> [https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java#L143.]
> It is possible that concurrently running HTTP and HTTPS no longer makes 
> sense, in which case we could evaluate the relevant properties and prevent 
> startup for an unintended configuration.  Alternatively, we would need to 
> adjust the custom hostname interpretation to also include consideration for 
> the HTTP port.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

[jira] [Commented] (NIFI-5146) Ability to configure HTTP and HTTPS simultaneously causes HostHeader issues

9 matches

Site Navigation

Mail list logo

Footer information