Pierre Villard created NIFI-14595:
-------------------------------------
Summary: Bump to Spring Security 6.5.0 breaks content viewer
Key: NIFI-14595
URL: https://issues.apache.org/jira/browse/NIFI-14595
Project: Apache NiFi
Issue Type: Bug
Components: Core Framework
Reporter: Pierre Villard
Assignee: Pierre Villard
The bump of Spring Security to 6.5.0 is causing class loading issues in the
content viewer (possibly with Spring Boot that still relies on Spring Security
6.4). We can downgrade to 6.4.6 until all Spring components are better aligned
in terms of dependencies.
{code:java}
2025-05-23 13:43:31,857 WARN [NiFi Web Server-56]
o.e.jetty.ee10.servlet.ServletChannel
/nifi-standard-content-viewer-2.5.0-SNAPSHOT/
java.lang.ClassCastException: class
org.springframework.http.server.DefaultRequestPath cannot be cast to class
org.springframework.http.server.RequestPath
(org.springframework.http.server.DefaultRequestPath is in unnamed module of
loader org.apache.nifi.nar.NarClassLoader @20d19f2c;
org.springframework.http.server.RequestPath is in unnamed module of loader
org.eclipse.jetty.ee10.webapp.WebAppClassLoader @72237be8)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:974)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:633)
at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:723)
at
org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736)
at
org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1622)
at
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
at
org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365)
at
org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:101)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:125)
at
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.apache.nifi.web.security.log.AuthenticationUserFilter.doFilterInternal(AuthenticationUserFilter.java:57)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:158)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:96)
at
org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:58)
at
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
at
org.apache.nifi.web.security.csrf.CsrfCookieFilter.doFilterInternal(CsrfCookieFilter.java:43){code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
