nifi/nifi-assembly
exceptionfactory a652280fbb NIFI-8766 Implemented RS512 Algorithm for JWT Signing
- Replaced per-user symmetric-key HS256 with shared and rotated RSA asymmetric-key RS512 implementation
- Added nifi.security.user.jws.key.rotation.period property for RSA Key Pair rotation
- Added JSON Web Tokens section to Administration Guide
- Implemented persistent storage of RSA Public Keys for verification using Local State Manager
- Implemented JWT revocation on logout with persistence using Local State Manager
- Refactored JWT implementation using Spring Security OAuth2 and Nimbus JWT
- Refactored Spring Security Provider configuration using Java instead of XML
- Removed H2 storage of per-user keys
- Upgraded nimbus-jose-jwt from 7.9 to 9.11.2

NIFI-8766 Corrected AuthenticationException handling in AccessResource.getAccessStatus

- Added nifi.user.security.jws.key.rotation.period to default nifi.properties
- Updated logging statements and clarified configuration and method documentation

NIFI-8766 Changed Algorithm to PS512 and updated documentation

Signed-off-by: Nathan Gough <thenatog@gmail.com>

This closes #5262.
2021-08-19 12:26:12 -04:00
..
src/main/assembly MINIFI-554: Move OSUtils to nifi-bootstrap-utils for MiNiFi and NiFi 2021-05-10 08:39:10 -05:00
LICENSE NIFI-8630 Upgraded javax.mail 1.4.7 to jakarta.mail 2.0.1 for PutEmail 2021-06-25 19:18:16 +02:00
NOTICE NIFI-8766 Implemented RS512 Algorithm for JWT Signing 2021-08-19 12:26:12 -04:00
README.md NIFI-6809 Make use of ASF shortened URL to point to community SLack invite link. 2019-10-25 09:09:28 -04:00
pom.xml NIFI-8973 Implement KerberosUserService API and keytab, password, and ticket cache implementations 2021-08-18 19:54:56 -05:00

README.md

Apache NiFi

Apache NiFi is an easy to use, powerful, and reliable system to process and distribute data.

Table of Contents

Features

Apache NiFi was made for dataflow. It supports highly configurable directed graphs of data routing, transformation, and system mediation logic. Some of its key features include:

  • Web-based user interface
    • Seamless experience for design, control, and monitoring
  • Highly configurable
    • Loss tolerant vs guaranteed delivery
    • Low latency vs high throughput
    • Dynamic prioritization
    • Flows can be modified at runtime
    • Back pressure
  • Data Provenance
    • Track dataflow from beginning to end
  • Designed for extension
    • Build your own processors and more
    • Enables rapid development and effective testing
  • Secure
    • SSL, SSH, HTTPS, encrypted content, etc...
    • Pluggable role-based authentication/authorization

Getting Started

To start NiFi:

Getting Help

If you have questions, you can reach out to our mailing list: dev@nifi.apache.org (archive). For more interactive discussions, community members can often be found in the following locations:

Requirements

  • JDK 1.8 or higher

License

Except as otherwise noted this software is licensed under the Apache License, Version 2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Export Control

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:

Apache NiFi uses BouncyCastle, Jasypt, JCraft Inc., and the built-in java cryptography libraries for SSL, SSH, and the protection of sensitive configuration parameters. See http://bouncycastle.org/about.html http://www.jasypt.org/faq.html http://jcraft.com/c-info.html http://www.oracle.com/us/products/export/export-regulations-345813.html for more details on each of these libraries cryptography features.