Re: The question of "403 Forbidden"
Hi Zhiyi Ni,
Thanks for contacting the developer list and describing the problem
details. I also replied on the Apache NiFi Slack thread [1], but responding
here for future reference.
It sounds like the HTTP client is receiving the HTTP 403 Forbidden response
as a result of Cross-Site Request Forgery Protection filtering, as
described in the Administrator's Guide section [2].
For programmatic REST API access, it is necessary to either send the Bearer
Token using the HTTP Authorization Header, without sending cookies, or send
a custom HTTP Header named Request-Token with a value that matches the
__Secure-Request-Token cookie.
Regards,
David Handermann
[1] https://apachenifi.slack.com/archives/C0L9VCD47/p1690797006846169
[2]
https://nifi.apache.org/docs/nifi-docs/html/administration-guide.html#csrf-protection
On Mon, Jul 31, 2023 at 7:09 AM Zhiyi Ni wrote:
> Hello, I have some questions and hope to get your help.
> According to the REST API, I performed the following operations in PostMan:
>
>
> 1. Request the following address to get access token
> |
> POST https://:/nifi-api/access/token
> with body:
> {
> "username": xxx,
> "password": xxx
> }
> |
>
> The request returned a cookie that allowed access to the REST API
>
>
> `__Secure-Authorization-Bearer=xxx;__Secure-Request-Token=`
>
>
>
>
> 2. When I visit the following address with this cookie to obtain basic
> information, I can get the expected response result
>
> |
> ①: GET https://:/nifi-api/process-groups/{group_id}
> ②: GET https://
> :/nifi-api/process-groups/{group_id}/processors
> |
>
>
>
>
> 3. But when I use this cookie to access the following address and try to
> create a new processor, there is a "403 Forbidden" exception
>
> |
> POST https://
> :/nifi-api/process-groups/{group_id}/processors
> with body:
> {
> "permissions": {
> "canRead": true,
> "canWrite": true
> },
> "component": {
> "name": "GET_IC_COPPER_RESOURCES_MINING",
> "type": "org.apache.nifi.processors.mongodb.GetMongo",
> "bundle": {
> "group": "org.apache.nifi",
> "artifact": "nifi-mongodb-nar",
> "version": "1.22.0"
> },
> "state": "STOPPED",
> "relationships": [
> {
> "name": "failure",
> "autoTerminate": true,
> "retry": false
> },
> {
> "name": "original",
> "autoTerminate": true,
> "retry": false
> },
> {
> "name": "success",
> ,
> "autoTerminate": false,
> "retry": false
> }
> ],
> "supportsParallelProcessing": true,
> "supportsEventDriven": false,
> "supportsBatching": false,
> "supportsSensitiveDynamicProperties": false,
> "persistsState": false,
> "restricted": false,
> "deprecated": false,
> "executionNodeRestricted": false,
> "multipleVersionsAvailable": false,
> "inputRequirement": "INPUT_ALLOWED",
> "config": {
> "properties": {
> "mongo-client-service": null,
> "Mongo URI": "mongodb://hostxx:portxx",
> "Mongo Database Name": "xxx",
> "Mongo Collection Name": "",
> "ssl-context-service": null,
> "ssl-client-auth": "REQUIRED",
> "json-type": "Standard",
> "use-pretty-printing": "true",
> "mongo-charset": "UTF-8",
> "mongo-date-format": "-MM-dd HH:mm:ss",
> "get-mongo-send-empty": "false"
> },
> "schedulingPeriod": "5 sec",
> "schedulingStrategy": "TIMER_DRIVEN",
> "executionNode": "PRIMARY",
> "penaltyDuration": "30 sec",
> "yieldDuration": "1 sec",
> "bulletinLevel": "WARN",
> "runDurationMillis": 0,
> "concurrentlySchedulableTaskCount": 1,
> "lossTolerant": false,
> "retryCount": 10,
> "retriedRelationships": [
>
> ],
> "backoffMechanism": "PENALIZE_FLOWFILE",
> "maxBackoffPeriod": "10 mins"
> },
> "validationErrors": [
>
> ],
> "validationStatus": "VALID",
> "extensionMissing": false
> },
> "inputRequirement": "INPUT_ALLOWED",
> "operatePermissions": {
> "canRead": true,
> "canWrite": true
> }
> }
> |
>
>
>
>
> And the response is:
>
> |
>
>
>
>
>
> Error 403 Forbidden
>
>
>
>
> HTTP ERROR 403 Forbidden
>
>
> URI:
>
> /nifi-api/process-groups/80a631d9-d4cf-134b-a6b7-1ef07a3de334/processors
>
>
> STATUS:
> 403
>
>
> MESSAGE:
> Forbidden
>
>
> SERVLET:
> jerseySpring
>
>
>
>
>
>
>
>
> |
>
>
>
>
> How to solve the "HTTP ERROR 403 Forbidden" encountered in step 3?
Re: Unable to Start NiFi Cluster After Upgrading to Version 1.21.0 from 1.16.0
Hello, We would need to see more information about the error besides that single line, there should be a whole stacktrace that we would need to see. Thanks, Bryan On Mon, Jul 31, 2023 at 9:49 AM Pallavi Metkar wrote: > Hi Team, > > I have upgraded the Apache NiFi cluster from 1.16.0 to 1.21.0. After > completing the upgrade NiFi is not working. > > I am getting below error for the same: > > o.a.n.f.r.ConflictResolvingExternalResourceProviderWorker Error during > polling for external resources > > I had tried to resolve the error but was not able to do so. > Can you please help? > > Thank you > > Regards > Pallavi >
Re: The question of "403 Forbidden"
Hello,
It looks like your user has READ permissions to the resource, but not WRITE
permissions. You will need to check your access policies related to the
processor and/or the parent process group hierarchy.
Thanks,
Bryan
On Mon, Jul 31, 2023 at 8:09 AM Zhiyi Ni wrote:
> Hello, I have some questions and hope to get your help.
> According to the REST API, I performed the following operations in PostMan:
>
>
> 1. Request the following address to get access token
> |
> POST https://:/nifi-api/access/token
> with body:
> {
> "username": xxx,
> "password": xxx
> }
> |
>
> The request returned a cookie that allowed access to the REST API
>
>
> `__Secure-Authorization-Bearer=xxx;__Secure-Request-Token=`
>
>
>
>
> 2. When I visit the following address with this cookie to obtain basic
> information, I can get the expected response result
>
> |
> ①: GET https://:/nifi-api/process-groups/{group_id}
> ②: GET https://
> :/nifi-api/process-groups/{group_id}/processors
> |
>
>
>
>
> 3. But when I use this cookie to access the following address and try to
> create a new processor, there is a "403 Forbidden" exception
>
> |
> POST https://
> :/nifi-api/process-groups/{group_id}/processors
> with body:
> {
> "permissions": {
> "canRead": true,
> "canWrite": true
> },
> "component": {
> "name": "GET_IC_COPPER_RESOURCES_MINING",
> "type": "org.apache.nifi.processors.mongodb.GetMongo",
> "bundle": {
> "group": "org.apache.nifi",
> "artifact": "nifi-mongodb-nar",
> "version": "1.22.0"
> },
> "state": "STOPPED",
> "relationships": [
> {
> "name": "failure",
> "autoTerminate": true,
> "retry": false
> },
> {
> "name": "original",
> "autoTerminate": true,
> "retry": false
> },
> {
> "name": "success",
> ,
> "autoTerminate": false,
> "retry": false
> }
> ],
> "supportsParallelProcessing": true,
> "supportsEventDriven": false,
> "supportsBatching": false,
> "supportsSensitiveDynamicProperties": false,
> "persistsState": false,
> "restricted": false,
> "deprecated": false,
> "executionNodeRestricted": false,
> "multipleVersionsAvailable": false,
> "inputRequirement": "INPUT_ALLOWED",
> "config": {
> "properties": {
> "mongo-client-service": null,
> "Mongo URI": "mongodb://hostxx:portxx",
> "Mongo Database Name": "xxx",
> "Mongo Collection Name": "",
> "ssl-context-service": null,
> "ssl-client-auth": "REQUIRED",
> "json-type": "Standard",
> "use-pretty-printing": "true",
> "mongo-charset": "UTF-8",
> "mongo-date-format": "-MM-dd HH:mm:ss",
> "get-mongo-send-empty": "false"
> },
> "schedulingPeriod": "5 sec",
> "schedulingStrategy": "TIMER_DRIVEN",
> "executionNode": "PRIMARY",
> "penaltyDuration": "30 sec",
> "yieldDuration": "1 sec",
> "bulletinLevel": "WARN",
> "runDurationMillis": 0,
> "concurrentlySchedulableTaskCount": 1,
> "lossTolerant": false,
> "retryCount": 10,
> "retriedRelationships": [
>
> ],
> "backoffMechanism": "PENALIZE_FLOWFILE",
> "maxBackoffPeriod": "10 mins"
> },
> "validationErrors": [
>
> ],
> "validationStatus": "VALID",
> "extensionMissing": false
> },
> "inputRequirement": "INPUT_ALLOWED",
> "operatePermissions": {
> "canRead": true,
> "canWrite": true
> }
> }
> |
>
>
>
>
> And the response is:
>
> |
>
>
>
>
>
> Error 403 Forbidden
>
>
>
>
> HTTP ERROR 403 Forbidden
>
>
> URI:
>
> /nifi-api/process-groups/80a631d9-d4cf-134b-a6b7-1ef07a3de334/processors
>
>
> STATUS:
> 403
>
>
> MESSAGE:
> Forbidden
>
>
> SERVLET:
> jerseySpring
>
>
>
>
>
>
>
>
> |
>
>
>
>
> How to solve the "HTTP ERROR 403 Forbidden" encountered in step 3?
Unable to Start NiFi Cluster After Upgrading to Version 1.21.0 from 1.16.0
Hi Team, I have upgraded the Apache NiFi cluster from 1.16.0 to 1.21.0. After completing the upgrade NiFi is not working. I am getting below error for the same: o.a.n.f.r.ConflictResolvingExternalResourceProviderWorker Error during polling for external resources I had tried to resolve the error but was not able to do so. Can you please help? Thank you Regards Pallavi
The question of "403 Forbidden"
Hello, I have some questions and hope to get your help.
According to the REST API, I performed the following operations in PostMan:
1. Request the following address to get access token
|
POST https://:/nifi-api/access/token
with body:
{
"username": xxx,
"password": xxx
}
|
The request returned a cookie that allowed access to the REST API
`__Secure-Authorization-Bearer=xxx;__Secure-Request-Token=`
2. When I visit the following address with this cookie to obtain basic
information, I can get the expected response result
|
①: GET https://:/nifi-api/process-groups/{group_id}
②: GET
https://:/nifi-api/process-groups/{group_id}/processors
|
3. But when I use this cookie to access the following address and try to create
a new processor, there is a "403 Forbidden" exception
|
POST
https://:/nifi-api/process-groups/{group_id}/processors
with body:
{
"permissions": {
"canRead": true,
"canWrite": true
},
"component": {
"name": "GET_IC_COPPER_RESOURCES_MINING",
"type": "org.apache.nifi.processors.mongodb.GetMongo",
"bundle": {
"group": "org.apache.nifi",
"artifact": "nifi-mongodb-nar",
"version": "1.22.0"
},
"state": "STOPPED",
"relationships": [
{
"name": "failure",
"autoTerminate": true,
"retry": false
},
{
"name": "original",
"autoTerminate": true,
"retry": false
},
{
"name": "success",
,
"autoTerminate": false,
"retry": false
}
],
"supportsParallelProcessing": true,
"supportsEventDriven": false,
"supportsBatching": false,
"supportsSensitiveDynamicProperties": false,
"persistsState": false,
"restricted": false,
"deprecated": false,
"executionNodeRestricted": false,
"multipleVersionsAvailable": false,
"inputRequirement": "INPUT_ALLOWED",
"config": {
"properties": {
"mongo-client-service": null,
"Mongo URI": "mongodb://hostxx:portxx",
"Mongo Database Name": "xxx",
"Mongo Collection Name": "",
"ssl-context-service": null,
"ssl-client-auth": "REQUIRED",
"json-type": "Standard",
"use-pretty-printing": "true",
"mongo-charset": "UTF-8",
"mongo-date-format": "-MM-dd HH:mm:ss",
"get-mongo-send-empty": "false"
},
"schedulingPeriod": "5 sec",
"schedulingStrategy": "TIMER_DRIVEN",
"executionNode": "PRIMARY",
"penaltyDuration": "30 sec",
"yieldDuration": "1 sec",
"bulletinLevel": "WARN",
"runDurationMillis": 0,
"concurrentlySchedulableTaskCount": 1,
"lossTolerant": false,
"retryCount": 10,
"retriedRelationships": [
],
"backoffMechanism": "PENALIZE_FLOWFILE",
"maxBackoffPeriod": "10 mins"
},
"validationErrors": [
],
"validationStatus": "VALID",
"extensionMissing": false
},
"inputRequirement": "INPUT_ALLOWED",
"operatePermissions": {
"canRead": true,
"canWrite": true
}
}
|
And the response is:
|
Error 403 Forbidden
HTTP ERROR 403 Forbidden
URI:
/nifi-api/process-groups/80a631d9-d4cf-134b-a6b7-1ef07a3de334/processors
STATUS:
403
MESSAGE:
Forbidden
SERVLET:
jerseySpring
|
How to solve the "HTTP ERROR 403 Forbidden" encountered in step 3?
