nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Gilman (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (NIFI-2797) Authorization header not submitted when clicking Download from Templates window
Date Tue, 20 Sep 2016 16:36:20 GMT

    [ https://issues.apache.org/jira/browse/NIFI-2797?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15507032#comment-15507032
] 

Matt Gilman edited comment on NIFI-2797 at 9/20/16 4:36 PM:
------------------------------------------------------------

Someone has just submitted this same issue on the mailing list. Here's some additional details...

{noformat}
When using an authentication which will use the API tokens, download requests are processed
using a one-time password token (since they become part of the URL). These are only honored
for certain endpoints which do not appear correct. 

As a work-around, you could use clients certificates, download via a curl command, or use
View as it is not subject to the same endpoint check (when not clustered).
{noformat}


was (Author: mcgilman):
Someone was just submitted this same issue on the mailing list. Here's some additional details...

{noformat}
When using an authentication which will use the API tokens, download requests are processed
using a one-time password token (since they become part of the URL). These are only honored
for certain endpoints which do not appear correct. 

As a work-around, you could use clients certificates, download via a curl command, or use
View as it is not subject to the same endpoint check (when not clustered).
{noformat}

> Authorization header not submitted when clicking Download from Templates window
> -------------------------------------------------------------------------------
>
>                 Key: NIFI-2797
>                 URL: https://issues.apache.org/jira/browse/NIFI-2797
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.0.0
>            Reporter: Scott Wagner
>            Assignee: Matt Gilman
>             Fix For: 1.1.0
>
>
> I am running on a standalone instance of Apache NiFi.  It is configured to use a local
LDAP server for authentication, and I am logging in as a user with full permissions.
> When browsing the templates, and I click on the "Download" link, a new tab is opened
in the browser but the error message of {{Unable to perform the desired action due to insufficient
permissions. Contact the system administrator.}}
> Checking the link that is submitted via developer tools, I noticed that the Authorization
header is not being submitted.  If I use curl to get the URL that the browser is trying to
get but submit an Authorization header for my valid session, I am able to download the template
XML.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message