From bf2982ab10871e43d7a5f5e8eb9d2006cd6bf280 Mon Sep 17 00:00:00 2001
From: Curtis W Ruck <ruckc@workspace.home.ruck.io>
Date: Fri, 10 Aug 2018 07:50:21 -0400
Subject: [PATCH] NIFI-5506 - add additional property to allow disabling
 wantClientAuth when used with other credential providers

---
 .../main/java/org/apache/nifi/util/NiFiProperties.java   | 9 +++++++++
 .../java/org/apache/nifi/web/server/JettyServer.java     | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 4d4f483fbdfb..a9767ff29765 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -174,6 +174,7 @@ public abstract class NiFiProperties {
     public static final String WEB_HTTPS_PORT = "nifi.web.https.port";
     public static final String WEB_HTTPS_PORT_FORWARDING = "nifi.web.https.port.forwarding";
     public static final String WEB_HTTPS_HOST = "nifi.web.https.host";
+    public static final String WEB_HTTPS_WANT_CLIENT_AUTH = "nifi.web.https.want.client.auth";
     public static final String WEB_HTTPS_NETWORK_INTERFACE_PREFIX = "nifi.web.https.network.interface.";
     public static final String WEB_WORKING_DIR = "nifi.web.jetty.working.directory";
     public static final String WEB_THREADS = "nifi.web.jetty.threads";
@@ -1030,6 +1031,14 @@ public InetSocketAddress getNodeApiAddress() {
 
     }
 
+    public boolean isClientAuthWanted() {
+        String value = getProperty(WEB_HTTPS_WANT_CLIENT_AUTH);
+        if(StringUtils.isBlank(value)) {
+            value = "false";
+        }
+        return Boolean.parseBoolean(value);
+    }
+
     /**
      * Returns the database repository path. It simply returns the value
      * configured. No directories will be created as a result of this operation.
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
index 971353b711e9..4d944d9753b8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/JettyServer.java
@@ -781,7 +781,7 @@ protected static void configureSslContextFactory(SslContextFactory contextFactor
         if (props.isClientAuthRequiredForRestApi()) {
             contextFactory.setNeedClientAuth(true);
         } else {
-            contextFactory.setWantClientAuth(true);
+            contextFactory.setWantClientAuth(props.isClientAuthWanted());
         }
 
         /* below code sets JSSE system properties when values are provided */