[jira] [Commented] (NIFI-14595) Bump to Spring Security 6.5.0 breaks content viewer

Fri, 23 May 2025 07:39:27 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-14595?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17953718#comment-17953718
 ] 

ASF subversion and git services commented on NIFI-14595:
--------------------------------------------------------

Commit 4f39ade39d97678d2b09f855d47f505dc3a76ec2 in nifi's branch 
refs/heads/main from Pierre Villard
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4f39ade39d ]

NIFI-14595 Downgraded Spring Security from 6.5.0 to 6.4.6 (#9970)

Signed-off-by: David Handermann <[email protected]>

> Bump to Spring Security 6.5.0 breaks content viewer
> ---------------------------------------------------
>
>                 Key: NIFI-14595
>                 URL: https://issues.apache.org/jira/browse/NIFI-14595
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The bump of Spring Security to 6.5.0 is causing class loading issues in the 
> content viewer (possibly with Spring Boot that still relies on Spring 
> Security 6.4). We can downgrade to 6.4.6 until all Spring components are 
> better aligned in terms of dependencies.
> {code:java}
> 2025-05-23 13:43:31,857 WARN [NiFi Web Server-56] 
> o.e.jetty.ee10.servlet.ServletChannel 
> /nifi-standard-content-viewer-2.5.0-SNAPSHOT/
> java.lang.ClassCastException: class 
> org.springframework.http.server.DefaultRequestPath cannot be cast to class 
> org.springframework.http.server.RequestPath 
> (org.springframework.http.server.DefaultRequestPath is in unnamed module of 
> loader org.apache.nifi.nar.NarClassLoader @20d19f2c; 
> org.springframework.http.server.RequestPath is in unnamed module of loader 
> org.eclipse.jetty.ee10.webapp.WebAppClassLoader @72237be8)
>       at 
> org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:974)
>       at 
> org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
>       at 
> org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:903)
>       at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:633)
>       at 
> org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:885)
>       at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:723)
>       at 
> org.eclipse.jetty.ee10.servlet.ServletHolder.handle(ServletHolder.java:736)
>       at 
> org.eclipse.jetty.ee10.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1622)
>       at 
> org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
>       at 
> org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:365)
>       at 
> org.springframework.security.web.access.intercept.AuthorizationFilter.doFilter(AuthorizationFilter.java:101)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:125)
>       at 
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.apache.nifi.web.security.log.AuthenticationUserFilter.doFilterInternal(AuthenticationUserFilter.java:57)
>       at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.springframework.security.oauth2.server.resource.web.authentication.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:158)
>       at 
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:96)
>       at 
> org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:58)
>       at 
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374)
>       at 
> org.apache.nifi.web.security.csrf.CsrfCookieFilter.doFilterInternal(CsrfCookieFilter.java:43){code}
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to