Hi Nicolas, This one is a bit of a Spring special. The actual cause here is that the Spring Bean that is being created from this file has silently failed, and thus the auto-wiring has failed as well. The result is you get this lovely misleading error. The normal reason for the bean not being created I found was because I made a typo in the configuration file(s).
Edward On Fri, Jul 19, 2019 at 10:21 AM Nicolas Delsaux <[email protected]> wrote: > Hi all > > Now I know how to connect to my LDAP directory, i now have a strange error > > > nifi-runner_1 | > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': > Unsatisfied dependency expressed through method > 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is > org.springframework.beans.factory.BeanExpressionException: Expression > parsing failed; nested exception is > org.springframework.beans.factory.UnsatisfiedDependencyException: Error > creating bean with name > 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied > dependency expressed through method 'setJwtAuthenticationProvider' > parameter 0; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'jwtAuthenticationProvider' defined in class path resource > [nifi-web-security-context.xml]: Cannot resolve reference to bean > 'authorizer' while setting constructor argument; nested exception is > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.Exception: The specified authorizer > 'ldap-user-group-provider' could not be found. > > [... let me just skip the uninteresting Spring stack ...] > > nifi-runner_1 | Caused by: > org.springframework.beans.factory.BeanCreationException: Error creating > bean with name 'authorizer': FactoryBean threw exception on object > creation; nested exception is java.lang.Exception: The specified authorizer > 'ldap-user-group-provider' could not be found. > nifi-runner_1 | at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) > nifi-runner_1 | at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) > nifi-runner_1 | at > org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) > nifi-runner_1 | at > org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) > nifi-runner_1 | at > org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) > nifi-runner_1 | at > org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) > nifi-runner_1 | ... 96 common frames omitted > nifi-runner_1 | Caused by: java.lang.Exception: The specified authorizer > 'ldap-user-group-provider' could not be found. > nifi-runner_1 | at > org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:175) > nifi-runner_1 | at > org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) > > From what I understand, it seems like the AuthorizerFactoryBean tries to > read my user-group-provider from the authorizers.xml file. > > > I have such an user group provider, which is a ldap one : > <authorizers> > <userGroupProvider> > <identifier>ldap-user-group-provider</identifier> > <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> > <property name="Authentication Strategy">LDAPS</property> > <property name="Manager DN">a_dn</property> > <property name="Manager Password">a_password</property> > <property name="TLS - Keystore"></property> > <property name="TLS - Keystore Password"></property> > <property name="TLS - Keystore Type"></property> > <property name="TLS - Truststore">/opt/certs/cacerts.jks</property> > <property name="TLS - Truststore Password">another</property> > <property name="TLS - Truststore Type">JKS</property> > <property name="TLS - Client Auth"></property> > <property name="TLS - Protocol">TLSv1</property> > <property name="TLS - Shutdown Gracefully"></property> > <property name="Referral Strategy">FOLLOW</property> > <property name="Connect Timeout">10 secs</property> > <property name="Read Timeout">10 secs</property> > <property name="Url">ldaps://myserver.mycompany.com:636</property> > <property name="Page Size"></property> > <property name="Sync Interval">30 mins</property> > <property name="User Search Base">ou=people,o=mycompany.com</property> > <property name="User Object Class">privPerson</property> > <property name="User Search Scope">SUBTREE</property> > <property name="User Search Filter"></property> > <property name="User Identity Attribute">uid</property> > <property name="User Group Name Attribute">This attribute doesn't exist > to make sure no grouping is done</property> > <property name="User Group Name Attribute - Referenced Group Attribute"></ > property> > <property name="Group Search Base"></property> > <property name="Group Object Class">group</property> > <property name="Group Search Scope">ONE_LEVEL</property> > <property name="Group Search Filter"></property> > <property name="Group Name Attribute"></property> > <property name="Group Member Attribute"></property> > <property name="Group Member Attribute - Referenced User Attribute"></ > property> > </userGroupProvider> > > So why can't it be loaded ? > > Because I don't see any other exception (typically, I would expect a > search fail exception, but it seems to work). >
