NIFI-10233 Corrected Anonymous Authentication for HTTP Access

- Enabled Standard Anonymous Authentication Filter when unencrypted HTTP is enabled Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes #6209.
2022-07-14 16:17:28 -05:00 · 2022-07-14 16:17:28 -05:00 · 047b3611bf
parent d0db4c44bb
commit 047b3611bf
2 changed files with 10 additions and 1 deletions
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@ -696,6 +696,15 @@ public class NiFiProperties extends ApplicationProperties {
        return sslPort;
    }

+    /**
+     * Is HTTP without TLS enabled based on configuring nifi.web.http.port property
+     *
+     * @return HTTP enabled status
+     */
+    public boolean isHttpEnabled() {
+        return getPort() != null;
+    }
+
    public boolean isHTTPSConfigured() {
        return getSslPort() != null;
    }
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@ -128,7 +128,7 @@ public class NiFiWebApiSecurityConfiguration {
            http.addFilterBefore(knoxAuthenticationFilter, AnonymousAuthenticationFilter.class);
        }

-        if (properties.isAnonymousAuthenticationAllowed()) {
+        if (properties.isAnonymousAuthenticationAllowed() || properties.isHttpEnabled()) {
            http.addFilterAfter(anonymousAuthenticationFilter, AnonymousAuthenticationFilter.class);
        }