Community Articles
Find and share helpful community-sourced technical articles.
Announcements
Alert: Please see the Cloudera blog for information on the Cloudera Response to CVE-2021-4428
Labels (1)
Cloudera Employee

An HTTPS endpoint for receiving data in NiFi requires two processors and two controller services: HandleHttpRequest, HandleHttpResponse, SSLContextService, and HttpContextMap.

Note: The HandleHttpRequest processor in NiFi 0.6 does not have functional client authentication, but a fix will be implemented in the next version (see NIFI-1753).

SSL Context Service

  • This service can be created during the set up of the HandleHttpRequest processor
  • The following properties should be set:
    • Name = AgentSSLContextService
    • Keystore Filename = <Path to Keystore>
    • Keystore Password = <Keystore Password>
    • Keystore Type = JKS
    • SSL Protocol = TLS
  • Since Client Authentication will be disabled in the HandleHttpRequest processor, the Truststore configurations are not necessary.

HTTP Context Map

  • This service can be created during the set up of the HandleHttpRequest processor
  • The name should be set to AgentSSLContextMap

HandleHttpRequest

  • This processor receives HTTP requests
  • The following properties should be set:
    • Listening Port = 4444
    • SSL Context Service = AgentSSLContextService
    • HTTP Context Map = AgentSSLContextMap
    • Allow GET = false
    • Allow POST = true
    • Allow PUT = false
    • Allow DELETE = false
    • Allow HEAD = false
    • Allow OPTIONS = false
    • Client Authentication = No Authentication

HandleHttpResponse

  • This processor sends an HTTP response to the client
  • For this example, only one is needed with a status code set to 200.
  • The HTTP Context Map must be set to AgentSSLContextMap in order to link it to the HandleHttpRequest processor

Sample Client

  • The Java client will need a Truststore containing the certificate used by the SSLContextService.
  • The following Java code sample demonstrates the process for posting data to the NiFi flow:
//Set up SSL properties
System.setProperty("javax.net.ssl.trustStoreType","jks");
System.setProperty("javax.net.ssl.trustStore","agent_truststore.ts");
System.setProperty("javax.net.ssl.trustStorePassword","hadoop");
//System.setProperty("javax.net.debug","ssl"); //Verbose SSL logging

//Uncomment for client authentication
//System.setProperty("javax.net.ssl.keyStoreType","jks");
//System.setProperty("javax.net.ssl.keyStore","agent_keystore.jks");
//System.setProperty("javax.net.ssl.keyStorePassword","hadoop");

//Set up
connectionSSLSocketFactorysslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
URLurl = new URL("https://"+NiFiHostname+":"+port);
HttpsURLConnectionconn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(sslsocketfactory);

// Send POST
conn.setRequestMethod("POST");
conn.setReadTimeout(5000);
conn.setConnectTimeout(5000);
//Note: In NiFi HTTP headers are added as attributes with the following pattern: 
	//http.headers.{headerName}
conn.setRequestProperty("attr1","value");
conn.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(conn.getOutputStream());
wr.writeBytes("test123");
wr.flush();
wr.close();

//Get Response Code
intcode = conn.getResponseCode();
System.out.println(code);
conn.disconnect();
9,452 Views
Don't have an account?
Version history
Last update:
‎04-11-2016 09:30 PM
Updated by:
Contributors
Top Kudoed Authors