[
https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816178#comment-17816178
]
Joe Witt commented on NIFI-12738:
---------------------------------
Did some investigation into Ranger's mailing lists on the topic of Jetty and/or
Spring. They're on Jetty 9.x and Spring 5.x as of Nov which is the last
reflection I see. Previous attempts by dependabot to move to Jetty 10 were not
pursued. No sign of discussion there.
Will now look into JIRA or Git to see if there is any signs of changes there.
> Nifi registry ranger integration is not working
> -----------------------------------------------
>
> Key: NIFI-12738
> URL: https://issues.apache.org/jira/browse/NIFI-12738
> Project: Apache NiFi
> Issue Type: Bug
> Components: NiFi Registry
> Affects Versions: 2.0.0-M2, 2.0.0
> Reporter: Zoltán Kornél Török
> Priority: Critical
>
> h1. Bug description
> I want to try recently released nifi 2 m2 release in an environment,
> where we use ranger. Nifi registry ui was not able to load and I got the
> following error in the log:
> {code:java}
> Caused by:
> org.apache.nifi.registry.security.authorization.AuthorizerFactoryException:
> Failed to construct Authorizer.
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4(<generated>)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
> at
> org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
> at
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer(<generated>)
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
> at java.base/java.lang.reflect.Method.invoke(Method.java:580)
> at
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385)
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer(<generated>)
> at
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
> at java.base/java.lang.reflect.Method.invoke(Method.java:580)
> at
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140)
> ... 89 common frames omitted
> Caused by:
> org.apache.nifi.registry.security.exception.SecurityProviderCreationException:
> Error creating RangerBasePlugin
> at
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817)
> at
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260)
> ... 110 common frames omitted
> Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie
> at java.base/java.lang.Class.forName0(Native Method)
> at java.base/java.lang.Class.forName(Class.java:421)
> at java.base/java.lang.Class.forName(Class.java:412)
> at
> org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:96)
> at
> org.apache.ranger.plugin.util.PolicyRefresher.<init>(PolicyRefresher.java:95)
> at
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:242)
> at
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:169)
> ... 112 common frames omitted
> Caused by: java.lang.ClassNotFoundException: javax.ws.rs.core.Cookie
> at
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
> at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
> ... 119 common frames omitted {code}
> There were many recent library updates which cause that now some important
> class is not available for ranger.
> If I check nifi from support branch I see the missing class was part of these
> libraries:
> {code:java}
> find . -name '*.jar' | xargs grep 'javax/ws/rs/core/Cookie.class'
> Binary file ./ext/ranger/lib/jersey-bundle-1.19.3.jar matches
> Binary file ./ext/ranger/lib/jsr311-api-1.1.1.jar matches
> Binary file ./ext/ranger/lib/javax.ws.rs-api-2.1.1.jar matches {code}
> However in case of nifi-2 m2 now there is no any lib which contains this
> dependency.
> h1. Workaround
> If I copy ranger plugin from nifi-1.x release, it seems working. However this
> is not a life issurance for production use case.
> I also wonder how nifi range plugin works, it seems in that case the
> following library still available:
> {code:java}
> ext/ranger/install/lib/jsr311-api-1.1.1.jar matches {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
