[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working
[ https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17819098#comment-17819098 ] Pradeep Agrawal commented on NIFI-12738: >From the >[commit|https://github.com/apache/ranger/commit/1dee2b377e20b811cc568f30ff789b50d8e241ec] > it seems javax.ws.rs.core.Cookie class is needed from ranger end. but its seem being excluded from Nifi end [commit.|https://github.com/apache/nifi/commit/dfa683af0e00cd631905d45365bc797fbdce66ee] This commit went before the above commit so that could be one reason. > Nifi registry ranger integration is not working > --- > > Key: NIFI-12738 > URL: https://issues.apache.org/jira/browse/NIFI-12738 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry >Affects Versions: 2.0.0-M2, 2.0.0 >Reporter: Zoltán Kornél Török >Priority: Critical > > h1. Bug description > I want to try recently released nifi 2 m2 release in an environment, > where we use ranger. Nifi registry ui was not able to load and I got the > following error in the log: > {code:java} > Caused by: > org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: > Failed to construct Authorizer. > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4() > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) > at > org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140) > ... 89 common frames omitted > Caused by: > org.apache.nifi.registry.security.exception.SecurityProviderCreationException: > Error creating RangerBasePlugin > at > org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260) > ... 110 common frames omitted > Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie > at java.base/java.lang.Class.forName0(Native Method) > at java.base/java.lang.Class.forName(Class.java:421) > at java.base/java.lang.Class.forName(Class.java:412) > at > org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:96) > at >
[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working
[ https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816179#comment-17816179 ] Joe Witt commented on NIFI-12738: - Via JIRA [this|https://issues.apache.org/jira/browse/RANGER-4038] appears to be the most recent discussion on the topic and indeed it starts to touch on Spring versions/Jetty (via jakarta) versions etc... That was March 2023. No other reflections found. It sounds like they remain committed to Java 8 at this point which in turn has the same knock-on effects we had to consider for the NiFi community. I recommend we pursue deprecation in 1.x/removal in 2.x and let this component by maintained/operated by downstream builders of NiFi. > Nifi registry ranger integration is not working > --- > > Key: NIFI-12738 > URL: https://issues.apache.org/jira/browse/NIFI-12738 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry >Affects Versions: 2.0.0-M2, 2.0.0 >Reporter: Zoltán Kornél Török >Priority: Critical > > h1. Bug description > I want to try recently released nifi 2 m2 release in an environment, > where we use ranger. Nifi registry ui was not able to load and I got the > following error in the log: > {code:java} > Caused by: > org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: > Failed to construct Authorizer. > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4() > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) > at > org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140) > ... 89 common frames omitted > Caused by: > org.apache.nifi.registry.security.exception.SecurityProviderCreationException: > Error creating RangerBasePlugin > at > org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260) > ... 110 common frames omitted > Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie > at java.base/java.lang.Class.forName0(Native Method) > at java.base/java.lang.Class.forName(Class.java:421) > at java.base/java.lang.Class.forName(Class.java:412) > at >
[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working
[ https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816178#comment-17816178 ] Joe Witt commented on NIFI-12738: - Did some investigation into Ranger's mailing lists on the topic of Jetty and/or Spring. They're on Jetty 9.x and Spring 5.x as of Nov which is the last reflection I see. Previous attempts by dependabot to move to Jetty 10 were not pursued. No sign of discussion there. Will now look into JIRA or Git to see if there is any signs of changes there. > Nifi registry ranger integration is not working > --- > > Key: NIFI-12738 > URL: https://issues.apache.org/jira/browse/NIFI-12738 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry >Affects Versions: 2.0.0-M2, 2.0.0 >Reporter: Zoltán Kornél Török >Priority: Critical > > h1. Bug description > I want to try recently released nifi 2 m2 release in an environment, > where we use ranger. Nifi registry ui was not able to load and I got the > following error in the log: > {code:java} > Caused by: > org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: > Failed to construct Authorizer. > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4() > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) > at > org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140) > ... 89 common frames omitted > Caused by: > org.apache.nifi.registry.security.exception.SecurityProviderCreationException: > Error creating RangerBasePlugin > at > org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:260) > ... 110 common frames omitted > Caused by: java.lang.NoClassDefFoundError: javax/ws/rs/core/Cookie > at java.base/java.lang.Class.forName0(Native Method) > at java.base/java.lang.Class.forName(Class.java:421) > at java.base/java.lang.Class.forName(Class.java:412) > at > org.apache.ranger.plugin.policyengine.RangerPluginContext.createAdminClient(RangerPluginContext.java:96) > at >
[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working
[ https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816174#comment-17816174 ] Joe Witt commented on NIFI-12738: - Unless we have strong indications that the Apache Ranger community plans to update to the latest of these key components soon then for the reasons noted above - I would encourage we deprecate the ranger nar entirely in the 1.x line and remove from the 2.x line. Usage/maintenance of the Ranger nar can live on in downstream users of this component. We are facing strong counter currents as it relates to open source components * Spring, Jetty, and many others moving forward to dependencies on Java 11, 17 and newer which has led us to move forward in NiFi to Java 21 * At the same time the vulnerability landscape for dependencies is not slowing down. * Meanwhile, there are many vendors that have to honor older Java version obligations such as Java 8 that make them updating their components something that cannot be done as quickly. We cannot reasonably optimize for all three cases at once but we can from a nifi community prioritize the first two. > Nifi registry ranger integration is not working > --- > > Key: NIFI-12738 > URL: https://issues.apache.org/jira/browse/NIFI-12738 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry >Affects Versions: 2.0.0-M2, 2.0.0 >Reporter: Zoltán Kornél Török >Priority: Critical > > h1. Bug description > I want to try recently released nifi 2 m2 release in an environment, > where we use ranger. Nifi registry ui was not able to load and I got the > following error in the log: > {code:java} > Caused by: > org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: > Failed to construct Authorizer. > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4() > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) > at > org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140) > ... 89 common frames omitted > Caused by: > org.apache.nifi.registry.security.exception.SecurityProviderCreationException: > Error creating RangerBasePlugin > at > org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$ManagedAuthorizerWrapper.onConfigured(AuthorizerFactory.java:817) >
[jira] [Commented] (NIFI-12738) Nifi registry ranger integration is not working
[ https://issues.apache.org/jira/browse/NIFI-12738?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17814355#comment-17814355 ] David Handermann commented on NIFI-12738: - Thanks for describing this issue [~taz1988]. According to the set of dependencies from the Ranger Plugin library version [2.4.0|https://central.sonatype.com/artifact/org.apache.ranger/ranger-plugins-common/overview], there appear to be a number of dependencies that are not compatible with the current versions in Apache NiFi 2.0.0-M2. This includes Servlet API 6, Jakarta REST API 3, and Jersey 3. The Cookie class reference in the stack trace refers {{javax.ws}} which is now {{jakarta.ws}} in newer versions. Although the NiFi unit tests pass, it is understandable that these incompatible dependencies cause runtime problems. Unless Ranger is actively working on upgrading these dependencies, which has a broad impact, it may be necessary to remove the Ranger integration from the main branch for now. If the plugin from the support branch works, that could serve as a basis for future work, pending upgrades from Ranger. However, if it is not working now, we may need to consider removing it to avoid these kinds of unexpected runtime issues. > Nifi registry ranger integration is not working > --- > > Key: NIFI-12738 > URL: https://issues.apache.org/jira/browse/NIFI-12738 > Project: Apache NiFi > Issue Type: Bug > Components: NiFi Registry >Affects Versions: 2.0.0-M2, 2.0.0 >Reporter: Zoltán Kornél Török >Priority: Critical > > h1. Bug description > I want to try recently released nifi 2 m2 release in an environment, > where we use ranger. Nifi registry ui was not able to load and I got the > following error in the log: > {code:java} > Caused by: > org.apache.nifi.registry.security.authorization.AuthorizerFactoryException: > Failed to construct Authorizer. > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory.getAuthorizer(AuthorizerFactory.java:267) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.CGLIB$getAuthorizer$4() > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$FastClass$$1.invoke() > at > org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:258) > at > org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:331) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$0.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:351) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:196) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123) > at > org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:385) > at > org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:184) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:765) > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:717) > at > org.apache.nifi.registry.security.authorization.AuthorizerFactory$$SpringCGLIB$$1.getAuthorizer() > at > java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103) > at java.base/java.lang.reflect.Method.invoke(Method.java:580) > at > org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:140) > ... 89 common frames omitted > Caused by: > org.apache.nifi.registry.security.exception.SecurityProviderCreationException: > Error creating RangerBasePlugin > at > org.apache.nifi.registry.ranger.RangerAuthorizer.onConfigured(RangerAuthorizer.java:178) > at >