Member since
05-09-2017
8
Posts
3
Kudos Received
0
Solutions
05-12-2017
11:25 AM
But suppose there are 3 users and I created 3 different process groups for each of them. So when User 1 logs in he can see 3 process group but can edit and modify only 1 which belongs to him. But he still can see the rest of the two. I want to hide those 2 for him so he will see just his process group.
... View more
05-12-2017
10:35 AM
@Matt Clarke Okay. I understand. We are ready to make those significant changes. But can you guide us a little so that we are able to find a path and then follow it? Also, do you have any inputs on this? https://community.hortonworks.com/questions/102567/multiple-nifi-flows-in-one-nifi.html
... View more
05-12-2017
10:32 AM
1 Kudo
Is there any way to create multiple NiFi flows (the blank canvas which appears on the start)? For now, even if 2-3 users are logging in they all see the same NiFi flow. I want to create 2 NiFi flows so each user can see his own individual NiFi flow.
... View more
Labels:
- Labels:
-
Apache NiFi
05-09-2017
02:51 PM
@Matt Clarke That issue is solved as well. 😄 Now its running error free!! But I still wanted to ask one thing about the policies. Is there a way we can give users limited access to the processor and processor groups. For example, there are 2 users 1) TEST1 2) TEST2 TEST1 should be able to view/modify only the Processor, Template and Label options from the top menu. TEST2 should be able to view/modify only the Process Group, Remote Process Group, Template and Label options from the top menu. Is there a way I can achieve it?
... View more
05-09-2017
01:16 PM
@Matt Clarke Okay. I have solved it. My new users.xml looks like this - <tenants>
<groups/>
<users>
<user identifier="18ebdbd8-c906-390c-964c-ccda45bcee14" identity="cn=admin,dc=example,dc=com"/>
<user identifier="ed31ca3a-015b-1000-bb81-15fa225ef185" identity="cn=guest1,dc=example,dc=com"/>
</users>
</tenants> Now I am getting another error. I logged into the Nifi with the Initial User Identity (which is admin) and I created a new User and added the same user to the LDAP server. But when I am trying to login via the new user, its showing an error.
... View more
05-09-2017
10:34 AM
1 Kudo
I have installed and built the latest version of Nifi from - https://www.apache.org/dyn/closer.lua?path=/nifi/1.1.2/nifi-1.1.2-source-release.zip Here is my nifi.properties file - ( I am only including the lines of code which I have changed) # web properties #
nifi.web.https.port=9090
# security properties #
nifi.security.keystore=D:/certs/admin.jks
nifi.security.keystoreType=JKS
nifi.security.keystorePasswd=secret
nifi.security.keyPasswd=secret
nifi.security.truststore=D:/certs/truststore.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=password12345
nifi.security.needClientAuth=
nifi.security.user.authorizer=file-provider
nifi.security.user.login.identity.provider=ldap-provider
# Identity Mapping Properties #
nifi.security.identity.mapping.pattern.dn=^CN=(.*?), OU=(.*?), O=(.*?), L=(.*?), ST=(.*?), C=(.*?)$
nifi.security.identity.mapping.value.dn=$1@$2
Here is my login-identity-providers.xml file - <provider>
<identifier>ldap-provider</identifier>
<class>org.apache.nifi.ldap.LdapProvider</class>
<property name="Authentication Strategy">SIMPLE</property>
<property name="Manager DN">cn=admin,dc=example,dc=com</property>
<property name="Manager Password">secret</property>
<property name="TLS - Keystore">D:/certs/admin.jks</property>
<property name="TLS - Keystore Password">secret</property>
<property name="TLS - Keystore Type">JKS</property>
<property name="TLS - Truststore">D:/certs/truststore.jks</property>
<property name="TLS - Truststore Password">password12345</property>
<property name="TLS - Truststore Type">JKS</property>
<property name="TLS - Client Auth"></property>
<property name="TLS - Protocol">TLS</property>
<property name="TLS - Shutdown Gracefully"></property>
<property name="Referral Strategy">FOLLOW</property>
<property name="Connect Timeout">10 secs</property>
<property name="Read Timeout">10 secs</property>
<property name="Url">ldap://localhost:10389</property>
<property name="User Search Base">dc=example,dc=com</property>
<property name="User Search Filter">(cn=*)</property>
<property name="Identity Strategy">USE_DN</property>
<property name="Authentication Expiration">12 hours</property>
</provider> Here is my authorizers.xml file - <authorizer>
<identifier>file-provider</identifier>
<class>org.apache.nifi.authorization.FileAuthorizer</class>
<property name="Authorizations File">./conf/authorizations.xml</property>
<property name="Users File">./conf/users.xml</property>
<property name="Initial Admin Identity">cn=admin,dc=example,dc=com</property>
<property name="Legacy Authorized Users File"></property>
<!-- Provide the identity (typically a DN) of each node when clustered, see above description of Node Identity.
<property name="Node Identity 1"></property>
<property name="Node Identity 2"></property>
-->
</authorizer>
Here is my authorizations.xml file - ( which I think got created automatically ) <authorizations>
<policies>
<policy identifier="d6ac5ac9-ebba-39a4-9cf1-82512024f54e" resource="/flow" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="0491115d-1370-3150-bda1-b508f76cf46e" resource="/data/process-groups/235cdab7-015b-1000-230b-5ddc1ccd163a" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="9d0e4654-f454-32de-beeb-87fe18b9b620" resource="/data/process-groups/235cdab7-015b-1000-230b-5ddc1ccd163a" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="95c78216-6f30-3047-aa66-b257aab05585" resource="/process-groups/235cdab7-015b-1000-230b-5ddc1ccd163a" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="c53bfe10-cfb0-38ac-a872-78804dfb9b37" resource="/process-groups/235cdab7-015b-1000-230b-5ddc1ccd163a" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="2af89f82-dba7-32d3-8152-19b5cacb8990" resource="/restricted-components" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="9e3268eb-e878-3b65-a876-c5d04553dd57" resource="/tenants" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="76dbbe39-170c-3093-a722-2990fb518d7c" resource="/tenants" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="8718dde6-5b40-3caa-a890-63c870df2a9e" resource="/policies" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="c59895a4-abf8-3696-96ef-a5fce1f7412d" resource="/policies" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="b7aa3a14-7211-389b-9642-36007222cdae" resource="/controller" action="R">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
<policy identifier="1d2c6d76-87f6-3650-ab79-8c8eb359c66e" resource="/controller" action="W">
<user identifier="99412284-acd9-3945-931b-362691f189ff"/>
</policy>
</policies>
</authorization Here is my users.xml file - ( which was created automatically as well ) <tenants>
<groups/>
<users>
<user identifier="99412284-acd9-3945-931b-362691f189ff" identity="cn=admin,dc=example,dc=org"/>
</users>
</tenants>
Here is my nifi-user.log file - 2017-05-09 15:40:46,110 INFO [main] o.a.nifi.authorization.FileAuthorizer Authorizations file loaded at Tue May 09 15:40:46 IST 2017
2017-05-09 15:41:46,300 INFO [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZG1pbiIsImlzcyI6IkxkYXBQcm92aWRlciIsImF1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjoxLCJleHAiOjE0OTQzNjU0OTksImlhdCI6MTQ5NDMyMjI5OX0.ZdIEUokAW4eH6rAuo3aQyjGmhbzkUU4sr6Xp0TyBkKg) GET https://localhost:9090/nifi-api/flow/current-user (source ip: 127.0.0.1)
2017-05-09 15:41:46,967 INFO [NiFi Web Server-18] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for admin
2017-05-09 15:41:47,024 INFO [NiFi Web Server-18] o.a.n.w.a.c.AccessDeniedExceptionMapper admin does not have permission to access the requested resource. Returning Forbidden response.
2017-05-09 15:41:57,247 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJjbj1hZG1pbixkYz1leGFtcGxlLGRjPWNvbSIsImlzcyI6IkxkYXBQcm92aWRlciIsImF1ZCI6IkxkYXBQcm92aWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwia2lkIjozMywiZXhwIjoxNDk0MzY3OTE1LCJpYXQiOjE0OTQzMjQ3MTZ9.4GhlxE7JQYJ31hbITmD9Hu4cXo9nCfmsBdlMM3HKimY) GET https://localhost:9090/nifi-api/flow/current-user (source ip: 127.0.0.1)
2017-05-09 15:41:57,249 INFO [NiFi Web Server-17] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for cn=admin,dc=example,dc=com
2017-05-09 15:41:57,250 INFO [NiFi Web Server-17] o.a.n.w.a.c.AccessDeniedExceptionMapper cn=admin,dc=example,dc=com does not have permission to access the requested resource. Returning Forbidden response.
I am using LDAP local server from Apache Directory Studio. Here is how I have configured the user on LDAP - (These are the contents of the LDIF file) dn: cn=admin,dc=example,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: dmin
cn: admin
sn: admin
userPassword:: e1NTSEF9elczck83ZFVhZHpyRzF1UTlrRHVGRkJ6Tm5sQTNPbzdpbnpqQkE9P
Q==
I am facing a problem with the Authorization.
... View more
Labels:
- Labels:
-
Apache NiFi