[
https://issues.apache.org/jira/browse/NIFI-4127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16077097#comment-16077097
]
ASF GitHub Bot commented on NIFI-4127:
--------------------------------------
Github user pvillard31 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1978#discussion_r125993273
--- Diff: nifi-docs/src/main/asciidoc/administration-guide.adoc ---
@@ -464,6 464,17 @@ Another option for the UserGroupProvider is the
LdapUserGroupProvider. By defaul
* Group Name Attribute - Attribute to use to extract group name (i.e. cn).
Optional. If not set, the entire DN is used.
* Group Member Attribute - Attribute to use to define group membership
(i.e. member). Optional. If not set group membership will not be calculated
through the groups. Will rely on group member being defined through 'User Group
Name Attribute' if set.
Another option for the UserGroupProvider are composite implementations.
This means that multiple sources/implementations can be configured and
composed. For instance, an admin can configure users/groups to be loaded from a
file and an directory server. There are two composite implementations, one that
supports multiple UserGroupProviders and one that supports multiple
UserGroupProviders and a single configurable UserGroupProvider.
The CompositeUserGroupProvider will provide support for retrieving users
and groups from multiple sources.
--- End diff --
Hmm you're right but here is what I did: a first test with the configurable
provider and two LDAP servers, no collision, everything starting as expected.
Then, I stopped nifi, manually modified the file of the configurable provider
to add a user already existing in one of the LDAP providers. In that case, NiFi
failed to start with the following stack trace:
````
2017-07-06 21:19:53,484 WARN [main] org.apache.nifi.web.server.JettyServer
Failed to start web server... shutting down.
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'niFiWebApiSecurityConfiguration': Injection of autowired
dependencies failed; nested exception is
org.springframework.beans.factory.BeanCreationException: Could not autowire
method: public void
org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setJwtAuthenticationProvider(org.apache.nifi.web.security.jwt.JwtAuthenticationProvider);
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
'authorizer' while setting constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authorizer': FactoryBean threw exception on object creation; nested
exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException: Found
multiple users/user groups with identity 'test'.
at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at
org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839)
at
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538)
at
org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:876)
at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:532)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:839)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:344)
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1480)
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1442)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:799)
at
org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:261)
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:540)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:113)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.doStart(GzipHandler.java:290)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:131)
at org.eclipse.jetty.server.Server.start(Server.java:452)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:105)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:113)
at org.eclipse.jetty.server.Server.doStart(Server.java:419)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.apache.nifi.web.server.JettyServer.start(JettyServer.java:705)
at org.apache.nifi.NiFi.<init>(NiFi.java:160)
at org.apache.nifi.NiFi.main(NiFi.java:267)
Caused by: org.springframework.beans.factory.BeanCreationException: Could
not autowire method: public void
org.apache.nifi.web.NiFiWebApiSecurityConfiguration.setJwtAuthenticationProvider(org.apache.nifi.web.security.jwt.JwtAuthenticationProvider);
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
'authorizer' while setting constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authorizer': FactoryBean threw exception on object creation; nested
exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException: Found
multiple users/user groups with identity 'test'.
at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:661)
at
org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
... 41 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in class path
resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
'authorizer' while setting constructor argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean
with name 'authorizer': FactoryBean threw exception on object creation; nested
exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException: Found
multiple users/user groups with identity 'test'.
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
at
org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
at
org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1143)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1046)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:510)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1192)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1116)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1014)
at
org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:618)
... 43 common frames omitted
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception on object
creation; nested exception is
org.apache.nifi.authorization.exception.AuthorizerCreationException: Found
multiple users/user groups with identity 'test'.
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1585)
at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:317)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
... 58 common frames omitted
Caused by:
org.apache.nifi.authorization.exception.AuthorizerCreationException: Found
multiple users/user groups with identity 'test'.
at
org.apache.nifi.authorization.AuthorizerFactory$1.onConfigured(AuthorizerFactory.java:337)
at
org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:140)
at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
... 63 common frames omitted
2017-07-06 21:19:53,487 INFO [Thread-1] org.apache.nifi.NiFi Initiating
shutdown of Jetty web server...
````
If you tell me that no one should be manually updating the users file,
that's totally fine for me. Or maybe I misconfigured something?
> Create a CompositeUserGroupProvider
> -----------------------------------
>
> Key: NIFI-4127
> URL: https://issues.apache.org/jira/browse/NIFI-4127
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Matt Gilman
> Assignee: Matt Gilman
>
> Create a CompositeUserGroupProvider to support loading users/groups from
> multiple sources. This composite implementation should support
> {noformat}
> 0-1 ConfigurableUserGroupProvider
> 0-n UserGroupProviders
> {noformat}
> Only a single ConfigurableUserGroupProvider can be supplied to keep these
> sources/implementation details hidden from the end users. The
> CompositeUserGroupProvider must be configured with at least 1 underlying
> provider.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
