Hi Zhiyi Ni, Thanks for contacting the developer list and describing the problem details. I also replied on the Apache NiFi Slack thread [1], but responding here for future reference.
It sounds like the HTTP client is receiving the HTTP 403 Forbidden response as a result of Cross-Site Request Forgery Protection filtering, as described in the Administrator's Guide section [2]. For programmatic REST API access, it is necessary to either send the Bearer Token using the HTTP Authorization Header, without sending cookies, or send a custom HTTP Header named Request-Token with a value that matches the __Secure-Request-Token cookie. Regards, David Handermann [1] https://apachenifi.slack.com/archives/C0L9VCD47/p1690797006846169 [2] https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#csrf-protection On Mon, Jul 31, 2023 at 7:09 AM Zhiyi Ni <nizy...@163.com> wrote: > Hello, I have some questions and hope to get your help. > According to the REST API, I performed the following operations in PostMan: > > > 1. Request the following address to get access token > | > POST https://<nifi-host>:<nifi-port>/nifi-api/access/token > with body: > { > "username": xxx, > "password": xxx > } > | > > The request returned a cookie that allowed access to the REST API > > > `__Secure-Authorization-Bearer=xxxxxxxxxxxxxxxxxxx;__Secure-Request-Token=xxxxxxxx` > > > > > 2. When I visit the following address with this cookie to obtain basic > information, I can get the expected response result > > | > ①: GET https://<nifi-host>:<nifi-port>/nifi-api/process-groups/{group_id} > ②: GET https:// > <nifi-host>:<nifi-port>/nifi-api/process-groups/{group_id}/processors > | > > > > > 3. But when I use this cookie to access the following address and try to > create a new processor, there is a "403 Forbidden" exception > > | > POST https:// > <nifi-host>:<nifi-port>/nifi-api/process-groups/{group_id}/processors > with body: > { > "permissions": { > "canRead": true, > "canWrite": true > }, > "component": { > "name": "GET_IC_COPPER_RESOURCES_MINING", > "type": "org.apache.nifi.processors.mongodb.GetMongo", > "bundle": { > "group": "org.apache.nifi", > "artifact": "nifi-mongodb-nar", > "version": "1.22.0" > }, > "state": "STOPPED", > "relationships": [ > { > "name": "failure", > "autoTerminate": true, > "retry": false > }, > { > "name": "original", > "autoTerminate": true, > "retry": false > }, > { > "name": "success", > , > "autoTerminate": false, > "retry": false > } > ], > "supportsParallelProcessing": true, > "supportsEventDriven": false, > "supportsBatching": false, > "supportsSensitiveDynamicProperties": false, > "persistsState": false, > "restricted": false, > "deprecated": false, > "executionNodeRestricted": false, > "multipleVersionsAvailable": false, > "inputRequirement": "INPUT_ALLOWED", > "config": { > "properties": { > "mongo-client-service": null, > "Mongo URI": "mongodb://hostxx:portxx", > "Mongo Database Name": "xxx", > "Mongo Collection Name": "xxxx", > "ssl-context-service": null, > "ssl-client-auth": "REQUIRED", > "json-type": "Standard", > "use-pretty-printing": "true", > "mongo-charset": "UTF-8", > "mongo-date-format": "yyyy-MM-dd HH:mm:ss", > "get-mongo-send-empty": "false" > }, > "schedulingPeriod": "5 sec", > "schedulingStrategy": "TIMER_DRIVEN", > "executionNode": "PRIMARY", > "penaltyDuration": "30 sec", > "yieldDuration": "1 sec", > "bulletinLevel": "WARN", > "runDurationMillis": 0, > "concurrentlySchedulableTaskCount": 1, > "lossTolerant": false, > "retryCount": 10, > "retriedRelationships": [ > > ], > "backoffMechanism": "PENALIZE_FLOWFILE", > "maxBackoffPeriod": "10 mins" > }, > "validationErrors": [ > > ], > "validationStatus": "VALID", > "extensionMissing": false > }, > "inputRequirement": "INPUT_ALLOWED", > "operatePermissions": { > "canRead": true, > "canWrite": true > } > } > | > > > > > And the response is: > > | > <html> > > > <head> > <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1" /> > <title>Error 403 Forbidden</title> > </head> > > > <body> > <h2>HTTP ERROR 403 Forbidden</h2> > <table> > <tr> > <th>URI:</th> > > <td>/nifi-api/process-groups/80a631d9-d4cf-134b-a6b7-1ef07a3de334/processors</td> > </tr> > <tr> > <th>STATUS:</th> > <td>403</td> > </tr> > <tr> > <th>MESSAGE:</th> > <td>Forbidden</td> > </tr> > <tr> > <th>SERVLET:</th> > <td>jerseySpring</td> > </tr> > </table> > > > </body> > > > </html> > | > > > > > How to solve the "HTTP ERROR 403 Forbidden" encountered in step 3?
