[jira] [Comment Edited] (NIFI-12738) Nifi registry ranger integration is not working

Tue, 20 Feb 2024 23:07:03 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17819098#comment-17819098
 ] 

Pradeep Agrawal edited comment on NIFI-12738 at 2/21/24 7:06 AM:
-----------------------------------------------------------------

>From the 
>[commit|https://github.com/apache/ranger/commit/1dee2b377e20b811cc568f30ff789b50d8e241ec]
> it seems javax.ws.rs.core.Cookie class is needed from ranger end.

but seems its being excluded from Nifi end 
[commit.|https://github.com/apache/nifi/commit/dfa683af0e00cd631905d45365bc797fbdce66ee]
 This commit went before the above commit so that could be one reason.


was (Author: pradeep.agrawal):
>From the 
>[commit|https://github.com/apache/ranger/commit/1dee2b377e20b811cc568f30ff789b50d8e241ec]
> it seems javax.ws.rs.core.Cookie class is needed from ranger end. 

but its seem being excluded from Nifi end 
[commit.|https://github.com/apache/nifi/commit/dfa683af0e00cd631905d45365bc797fbdce66ee]
 This commit went before the above commit so that could be one reason.

> Nifi registry ranger integration is not working
> -----------------------------------------------
>
>                 Key: NIFI-12738
>                 URL: https://issues.apache.org/jira/browse/NIFI-12738
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: NiFi Registry
>    Affects Versions: 2.0.0-M2, 2.0.0
>            Reporter: Zoltán Kornél Török
>            Priority: Critical
>
> h1. Bug description
> I want to try recently released nifi 2 m2 release in an environment,
> where we use ranger. Nifi registry ui was not able to load and I got the 
> following error in the log:
> {code:java}
> Caused by: 
> org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: 
> Failed to construct Authorizer.
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4(<generated>)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke(<generated>)
>         at 
> org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258)
>         at 
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer(<generated>)
>         at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>         at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>         at 
> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>         at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
>         at 
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
>         at 
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385)
>         at 
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
>         at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184)
>         at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765)
>         at 
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer(<generated>)
>         at 
> java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
>         at java.base/java.lang.reflect.Method.invoke(Method.java:580)
>         at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140)
>         ... 89 common frames omitted
> Caused by: 
> org.apache.nifi.registry.security.exception.SecurityProviderCreationException:
>  Error creating RangerBasePlugin
>         at 
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817)
>         at 
> org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260)
>         ... 110 common frames omitted
> Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie
>         at java.base/java.lang.Class.forName0(Native Method)
>         at java.base/java.lang.Class.forName(Class.java:421)
>         at java.base/java.lang.Class.forName(Class.java:412)
>         at 
> org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:96)
>         at 
> org.apache.ranger.plugin.util.PolicyRefresher.<init>(PolicyRefresher.java:95)
>         at 
> org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:242)
>         at 
> org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:169)
>         ... 112 common frames omitted
> Caused by: java.lang.ClassNotFoundException: javax.ws.rs.core.Cookie
>         at 
> java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>         at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>         ... 119 common frames omitted {code}
> There were many recent library updates which cause that now some important 
> class is not available for ranger.
> If I check nifi from support branch I see the missing class was part of these 
> libraries:
> {code:java}
> find . -name '*.jar' | xargs grep  'javax/ws/rs/core/Cookie.class'
> Binary file ./ext/ranger/lib/jersey-bundle-1.19.3.jar matches
> Binary file ./ext/ranger/lib/jsr311-api-1.1.1.jar matches
> Binary file ./ext/ranger/lib/javax.ws.rs-api-2.1.1.jar matches {code}
> However in case of nifi-2 m2 now there is no any lib which contains this 
> dependency.
> h1. Workaround
> If I copy ranger plugin from nifi-1.x release, it seems working. However this 
> is not a life issurance for production use case.
> I also wonder how nifi range plugin works, it seems in that case the 
> following library still available:
> {code:java}
> ext/ranger/install/lib/jsr311-api-1.1.1.jar matches {code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to