HTTPS Endpoint in NiFi Flow

An HTTPS endpoint for receiving data in NiFi requires two processors and two controller services: HandleHttpRequest, HandleHttpResponse, SSLContextService, and HttpContextMap.

Note: The HandleHttpRequest processor in NiFi 0.6 does not have functional client authentication, but a fix will be implemented in the next version (see NIFI-1753).

SSL Context Service

• This service can be created during the set up of the HandleHttpRequest processor
• The following properties should be set:
  • Name = AgentSSLContextService
  • Keystore Filename = <Path to Keystore>
  • Keystore Password = <Keystore Password>
  • Keystore Type = JKS
  • SSL Protocol = TLS
• Since Client Authentication will be disabled in the HandleHttpRequest processor, the Truststore configurations are not necessary.

HTTP Context Map

• This service can be created during the set up of the HandleHttpRequest processor
• The name should be set to AgentSSLContextMap

HandleHttpRequest

• This processor receives HTTP requests
• The following properties should be set:
  • Listening Port = 4444
  • SSL Context Service = AgentSSLContextService
  • HTTP Context Map = AgentSSLContextMap
  • Allow GET = false
  • Allow POST = true
  • Allow PUT = false
  • Allow DELETE = false
  • Allow HEAD = false
  • Allow OPTIONS = false
  • Client Authentication = No Authentication

HandleHttpResponse

• This processor sends an HTTP response to the client
• For this example, only one is needed with a status code set to 200.
• The HTTP Context Map must be set to AgentSSLContextMap in order to link it to the HandleHttpRequest processor

Sample Client

• The Java client will need a Truststore containing the certificate used by the SSLContextService.
• The following Java code sample demonstrates the process for posting data to the NiFi flow:

//Set up SSL properties
System.setProperty("javax.net.ssl.trustStoreType","jks");
System.setProperty("javax.net.ssl.trustStore","agent_truststore.ts");
System.setProperty("javax.net.ssl.trustStorePassword","hadoop");
//System.setProperty("javax.net.debug","ssl"); //Verbose SSL logging

//Uncomment for client authentication
//System.setProperty("javax.net.ssl.keyStoreType","jks");
//System.setProperty("javax.net.ssl.keyStore","agent_keystore.jks");
//System.setProperty("javax.net.ssl.keyStorePassword","hadoop");

//Set up
connectionSSLSocketFactorysslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URLurl = new URL("https://"+NiFiHostname+":"+port);
HttpsURLConnectionconn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);

// Send POST
conn.setRequestMethod("POST");
conn.setReadTimeout(5000);
conn.setConnectTimeout(5000);
//Note: In NiFi HTTP headers are added as attributes with the following pattern: 
	//http.headers.{headerName}
conn.setRequestProperty("attr1","value");
conn.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(conn.getOutputStream());
wr.writeBytes("test123");
wr.flush();
wr.close();

//Get Response Code
intcode = conn.getResponseCode();
System.out.println(code);
conn.disconnect();