Hi Ganesh.B, It looks like you are running into an issue in NiFi 1.14.0 that was resolved in 1.15.0 under the following Jira issue:
https://issues.apache.org/jira/browse/NIFI-8783 The default authorizers.xml includes a definition for the SingleUserAuthorizer, which can only be used together with the SingleUserLoginIdentityProvider. The workaround for NiFi 1.14.0 is to comment or remove the following section from authorizers.xml: <authorizer> <identifier>single-user-authorizer</identifier> <class>org.apache.nifi.authorization.single.user.SingleUserAuthorizer</class> </authorizer> Removing that configuration element from authorizers.xml should allow the OIDC configuration to load as expected in NiFi 1.14.0. Regards, David Handermann On Wed, Dec 8, 2021 at 4:54 AM Ganesh, B (Nokia - IN/Bangalore) < b.gan...@nokia.com> wrote: > Hi , > > > > We are using apache nifi 1.14 . We have 3 nodes in nifi cluster , cluster > is using external zookeeper for state management. > > We are using openId connect for the user authentication . following are > the relevant configuration in nifi.properties file . > > *nifi.security.user.authorizer=managed-authorizer* > > *nifi.security.allow.anonymous.authentication=false* > > *nifi.security.user.login.identity.provider=* > > *………….* > > *………..* > > *# OpenId Connect SSO Properties #* > > *nifi.security.user.oidc.discovery.url=https://<IPADDRES of KEYCLOAK > SERVER>/access/realms/nifi/.well-known/openid-configuration* > > *nifi.security.user.oidc.connect.timeout=5 secs* > > *nifi.security.user.oidc.read.timeout=5 secs* > > *nifi.security.user.oidc.client.id > <http://nifi.security.user.oidc.client.id>=nifi-client* > > *nifi.security.user.oidc.client.secret=<CLIENT ID SECRET >* > > *nifi.security.user.oidc.preferred.jwsalgorithm=RS256* > > > > *But we are observing * > > *org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': > Unsatisfied dependency expressed through method > 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is > org.springframework.beans.factory.BeanExpressionException: Expression > parsing failed; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied > dependency expressed through method 'setJwtAuthenticationProvider' > parameter 0; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'jwtAuthenticationProvider' defined in class path resource > [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.reflect.InvocationTargetException* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)* > > * at > org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)* > > * at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:944)* > > * at > org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)* > > * at > org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)* > > * at > org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:401)* > > * at > org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:292)* > > * at > org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)* > > * at > org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1068)* > > * at > org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572)* > > * at > org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:997)* > > * at > org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:746)* > > * at > org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)* > > * at > org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)* > > * at > org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414)* > > * at > org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:911)* > > * at > org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)* > > * at > org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)* > > * at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)* > > * at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)* > > * at > org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:426)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)* > > * at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)* > > * at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)* > > * at org.eclipse.jetty.server.Server.start(Server.java:423)* > > * at > org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)* > > * at > org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)* > > * at org.eclipse.jetty.server.Server.doStart(Server.java:387)* > > * at > org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)* > > * at > org.apache.nifi.web.server.JettyServer.start(JettyServer.java:1129)* > > * at org.apache.nifi.NiFi.<init>(NiFi.java:159)* > > * at org.apache.nifi.NiFi.<init>(NiFi.java:71)* > > * at org.apache.nifi.NiFi.main(NiFi.java:303)* > > *Caused by: org.springframework.beans.factory.BeanExpressionException: > Expression parsing failed; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied > dependency expressed through method 'setJwtAuthenticationProvider' > parameter 0; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'jwtAuthenticationProvider' defined in class path resource > [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.reflect.InvocationTargetException* > > * at > org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:169)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1631)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1324)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)* > > * ... 54 common frames omitted* > > *Caused by: > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied > dependency expressed through method 'setJwtAuthenticationProvider' > parameter 0; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'jwtAuthenticationProvider' defined in class path resource > [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.reflect.InvocationTargetException* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:768)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:720)* > > * at > org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1413)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:601)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)* > > * at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:671)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeansOfType(DefaultListableBeanFactory.java:659)* > > * at > org.springframework.security.config.annotation.web.configuration.AutowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers(AutowiredWebSecurityConfigurersIgnoreParents.java:51)* > > * at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method)* > > * at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)* > > * at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)* > > * at java.base/java.lang.reflect.Method.invoke(Method.java:566)* > > * at > org.springframework.expression.spel.support.ReflectiveMethodExecutor.execute(ReflectiveMethodExecutor.java:129)* > > * at > org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:139)* > > * at > org.springframework.expression.spel.ast.MethodReference.access$000(MethodReference.java:55)* > > * at > org.springframework.expression.spel.ast.MethodReference$MethodValueRef.getValue(MethodReference.java:387)* > > * at > org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:92)* > > * at > org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:112)* > > * at > org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:272)* > > * at > org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:166)* > > * ... 58 common frames omitted* > > *Caused by: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name 'jwtAuthenticationProvider' defined in class path > resource [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.reflect.InvocationTargetException* > > * at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:342)* > > * at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:113)* > > * at > org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:693)* > > * at > org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:198)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1354)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1204)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:564)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:524)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)* > > * at > org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)* > > * at > org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1380)* > > * at > org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1300)* > > * at > org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:760)* > > * ... 83 common frames omitted* > > *Caused by: org.springframework.beans.factory.BeanCreationException: Error > creating bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.reflect.InvocationTargetException* > > * at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:176)* > > * at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:101)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1884)* > > * at > org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1266)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:345)* > > * at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)* > > * at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:330)* > > * ... 98 common frames omitted* > > *Caused by: java.lang.reflect.InvocationTargetException: null* > > * at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native > Method)* > > * at > java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)* > > * at > java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)* > > * at java.base/java.lang.reflect.Method.invoke(Method.java:566)* > > * at > org.apache.nifi.authorization.AuthorizerFactoryBean.performMethodInjection(AuthorizerFactoryBean.java:413)* > > * at > org.apache.nifi.authorization.AuthorizerFactoryBean.createAuthorizer(AuthorizerFactoryBean.java:365)* > > * at > org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:161)* > > * at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:169)* > > * ... 104 common frames omitted* > > *Caused by: > org.apache.nifi.authorization.exception.AuthorizerCreationException: > SingleUserAuthorizer requires > org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider > to be configured* > > * at > org.apache.nifi.authorization.single.user.SingleUserAuthorizer.setProperties(SingleUserAuthorizer.java:69)* > > * ... 112 common frames omitted* > > *{"type":"log", "host":"nc1298node04", "level":"WARN", > "neid":"857fb9e4799f481da83e8286c07a8098", "system":"mynifi-nifi-0", > "time":"2021-12-08T10:28:08.369Z", "timezone":"UTC", "log":"[main] > org.eclipse.jetty.webapp.WebAppContext Failed startup of context > o.e.j.w.WebAppContext@1239c268{nifi-api,/nifi-api,file:///opt/nifi/work/jetty/nifi-web-api-1.14.0.war/webapp/,UNAVAILABLE}{./work/nar/extensions/nifi-server-nar-1.14.0.nar-unpacked/NAR-INF/bundled-dependencies/nifi-web-api-1.14.0.war}"}* > > > > Can you please help us to resolve this issue ? > > > > Thanks & Regards, > > Ganesh.B > > > > > > > > > > >
