[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working

Fri, 09 Feb 2024 10:12:04 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816174#comment-17816174
 ] 

Joe Witt commented on NIFI-12738:
---------------------------------

Unless we have strong indications that the Apache Ranger community plans to 
update to the latest of these key components soon then for the reasons noted 
above - I would encourage we deprecate the ranger nar entirely in the 1.x line 
and remove from the 2.x line.  Usage/maintenance of the Ranger nar can live on 
in downstream users of this component.   

We are facing strong counter currents as it relates to open source components
* Spring, Jetty, and many others moving forward to dependencies on Java 11, 17 
and newer which has led us to move forward in NiFi to Java 21 
* At the same time the vulnerability landscape for dependencies is not slowing 
down. 
* Meanwhile, there are many vendors that have to honor older Java version 
obligations such as Java 8 that make them updating their components something 
that cannot be done as quickly.

We cannot reasonably optimize for all three cases at once but we can from a 
nifi community prioritize the first two. 

> Nifi registry ranger integration is not working
> -----------------------------------------------
>
>                 Key: NIFI-12738
>                 URL: https://issues.apache.org/jira/browse/NIFI-12738
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 2.0.0-M2, 2.0.0
>            Reporter: Zoltán Kornél Török
>            Priority: Critical
>
> h1. Bug description
> I want to try recently released nifi 2 m2 release in an environment,
> where we use ranger. Nifi registry ui was not able to load and I got the 
> following error in the log:
> {code:java}
> Caused by: 
> org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: 
> Failed to construct Authorizer.
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4(<generated>)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
>         at 
> org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
>         at 
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer(<generated>)
>         at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>         at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>         at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>         at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
>         at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
>         at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385)
>         at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
>         at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
>         at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer(<generated>)
>         at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>         at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>         at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140)
>         ... 89 common frames omitted
> Caused by: 
> org.apache.nifi.registry.security.exception.SecurityProviderCreationException:
>  Error creating RangerBasePlugin
>         at 
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260)
>         ... 110 common frames omitted
> Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie
>         at java.base/java.lang.Class.forName0(Native Method)
>         at java.base/java.lang.Class.forName(Class.java:421)
>         at java.base/java.lang.Class.forName(Class.java:412)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:96)
>         at 
> org.apache.ranger.plugin.util.PolicyRefresher.<init>(PolicyRefresher.java:95)
>         at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:242)
>         at 
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:169)
>         ... 112 common frames omitted
> Caused by: java.lang.ClassNotFoundException: javax.ws.rs.core.Cookie
>         at 
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>         ... 119 common frames omitted {code}
> There were many recent library updates which cause that now some important 
> class is not available for ranger.
> If I check nifi from support branch I see the missing class was part of these 
> libraries:
> {code:java}
> find . -name '*.jar' | xargs grep  'javax/ws/rs/core/Cookie.class'
> Binary file ./ext/ranger/lib/jersey-bundle-1.19.3.jar matches
> Binary file ./ext/ranger/lib/jsr311-api-1.1.1.jar matches
> Binary file ./ext/ranger/lib/javax.ws.rs-api-2.1.1.jar matches {code}
> However in case of nifi-2 m2 now there is no any lib which contains this 
> dependency.
> h1. Workaround
> If I copy ranger plugin from nifi-1.x release, it seems working. However this 
> is not a life issurance for production use case.
> I also wonder how nifi range plugin works, it seems in that case the 
> following library still available:
> {code:java}
> ext/ranger/install/lib/jsr311-api-1.1.1.jar matches {code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to