[jira] [Comment Edited] (NIFI-13003) Service does not start if OIDC Metadata URL is unavailable

Fri, 05 Apr 2024 08:13:21 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-13003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17834365#comment-17834365
 ] 

Igor Milavec edited comment on NIFI-13003 at 4/5/24 3:12 PM:
-------------------------------------------------------------

I understand and agree, but there should be some retry mechanism or (better) on 
demand loading so that such (transient) errors do not cause NiFi service not to 
start.

And debatably, logging on users is not the primary function of NiFi. :)


was (Author: JIRAUSER302515):
I understand and agree, but there should be some retry mechanism or (better) on 
demand loading so that such (transient) errors do not cause NiFi service not to 
start.

> Service does not start if OIDC Metadata URL is unavailable
> ----------------------------------------------------------
>
>                 Key: NIFI-13003
>                 URL: https://issues.apache.org/jira/browse/NIFI-13003
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 1.23.2
>         Environment: Ubuntu 20.04 LTS, OpenJDK 17
>            Reporter: Igor Milavec
>            Priority: Major
>
> The NiFi service fails to start if it cannot retrieve the OpenID Connect 
> metadata.
> The exception is:
>  
> {code:java}
> Context initialization 
> failedorg.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
>  Unsatisfied dependency expressed through method 'setFilterChains' parameter 
> 0; nested exception is 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'securityFilterChain' defined in 
> org.apache.nifi.web.security.configuration.WebSecurityConfiguration: 
> Unsatisfied dependency expressed through method 'securityFilterChain' 
> parameter 7; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'oAuth2LoginAuthenticationFilter' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter]:
>  Factory method 'oAuth2LoginAuthenticationFilter' threw exception; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'clientRegistrationRepository' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed    at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:774)
>        at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:727)
>        at 
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:119)
>     at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessProperties(AutowiredAnnotationBeanPostProcessor.java:399)
>        at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1431)
>       at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:619)
>        at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
>        at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
>    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
>   at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
>    at 
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:921)
>   at 
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
>   at 
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:399)
>        at 
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:278)
>       at 
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:103)
>      at 
> org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:1073)
>      at 
> org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:572)
>        at 
> org.eclipse.jetty.server.handler.ContextHandler.contextInitialized(ContextHandler.java:1002)
>  at 
> org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:765) 
> at 
> org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)
>  at 
> org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)  
> at 
> org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414) 
> at 
> org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:916)
>      at 
> org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
>       at 
> org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)       
> at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>        at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>      at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>     at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>        at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>      at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>     at 
> org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:426)
>       at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>        at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>      at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>     at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>        at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:117)
>      at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>     at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:169)
>        at org.eclipse.jetty.server.Server.start(Server.java:423)       at 
> org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:110)
>      at 
> org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:97)
>     at org.eclipse.jetty.server.Server.doStart(Server.java:387)     at 
> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
>   at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:818)   at 
> org.apache.nifi.NiFi.<init>(NiFi.java:172)   at 
> org.apache.nifi.NiFi.<init>(NiFi.java:83)    at 
> org.apache.nifi.NiFi.main(NiFi.java:332)Caused by: 
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error 
> creating bean with name 'securityFilterChain' defined in 
> org.apache.nifi.web.security.configuration.WebSecurityConfiguration: 
> Unsatisfied dependency expressed through method 'securityFilterChain' 
> parameter 7; nested exception is 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'oAuth2LoginAuthenticationFilter' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter]:
>  Factory method 'oAuth2LoginAuthenticationFilter' threw exception; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'clientRegistrationRepository' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed     at 
> org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:800)
>       at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:541)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352)
>      at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
>        at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
>        at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
>    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
>   at 
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
>         at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1609)
>  at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1573)
>     at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveMultipleBeans(DefaultListableBeanFactory.java:1462)
>       at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1349)
>        at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1311)
>  at 
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.resolveMethodArguments(AutowiredAnnotationBeanPostProcessor.java:766)
>        ... 54 common frames omittedCaused by: 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'oAuth2LoginAuthenticationFilter' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter]:
>  Factory method 'oAuth2LoginAuthenticationFilter' threw exception; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'clientRegistrationRepository' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658)
>       at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352)
>      at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
>        at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
>        at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
>    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
>   at 
> org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:276)
>         at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1391)
>        at 
> org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1311)
>  at 
> org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:887)
>  at 
> org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:791)
>       ... 70 common frames omittedCaused by: 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter]:
>  Factory method 'oAuth2LoginAuthenticationFilter' threw exception; nested 
> exception is org.springframework.beans.factory.BeanCreationException: Error 
> creating bean with name 'clientRegistrationRepository' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed     at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
>       at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
>       ... 84 common frames omittedCaused by: 
> org.springframework.beans.factory.BeanCreationException: Error creating bean 
> with name 'clientRegistrationRepository' defined in 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration: Bean 
> instantiation via factory method failed; nested exception is 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658)
>       at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:486)
>     at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1352)
>      at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1195)
>         at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
>        at 
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
>  at 
> org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
>        at 
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
>    at 
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
>         at 
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
>   at 
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.resolveBeanReference(ConfigurationClassEnhancer.java:362)
>     at 
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:334)
>        at 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration$$EnhancerBySpringCGLIB$$69945018.clientRegistrationRepository(<generated>)
>       at 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration.oAuth2LoginAuthenticationFilter(OidcSecurityConfiguration.java:200)
>      at 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration$$EnhancerBySpringCGLIB$$69945018.CGLIB$oAuth2LoginAuthenticationFilter$0(<generated>)
>    at 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration$$EnhancerBySpringCGLIB$$69945018$$FastClassBySpringCGLIB$$42f6cd8e.invoke(<generated>)
>   at 
> org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:244) 
>        at 
> org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331)
>        at 
> org.apache.nifi.web.security.configuration.OidcSecurityConfiguration$$EnhancerBySpringCGLIB$$69945018.oAuth2LoginAuthenticationFilter(<generated>)
>    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method)       at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
>      at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>      at java.base/java.lang.reflect.Method.invoke(Method.java:568)   at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154)
>       ... 85 common frames omittedCaused by: 
> org.springframework.beans.BeanInstantiationException: Failed to instantiate 
> [org.springframework.security.oauth2.client.registration.ClientRegistrationRepository]:
>  Factory method 'clientRegistrationRepository' threw exception; nested 
> exception is org.apache.nifi.web.security.oidc.OidcConfigurationException: 
> OpenID Connect Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed  at 
> org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
>       at 
> org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
>       ... 108 common frames omittedCaused by: 
> org.apache.nifi.web.security.oidc.OidcConfigurationException: OpenID Connect 
> Metadata URL 
> [https://login.microsoftonline.com/REDACTED/.well-known/openid-configuration] 
> retrieval failed{code}
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to