Is there any way to get a better error ?
Le 19/07/2019 à 11:36, Edward Armes a écrit :
Hi Nicolas,
This one is a bit of a Spring special. The actual cause here is that
the Spring Bean that is being created from this file has silently
failed, and thus the auto-wiring has failed as well. The result is you
get this lovely misleading error. The normal reason for the bean not
being created I found was because I made a typo in the configuration
file(s).
Edward
On Fri, Jul 19, 2019 at 10:21 AM Nicolas Delsaux
<[email protected] <mailto:[email protected]>> wrote:
Hi all
Now I know how to connect to my LDAP directory, i now have a
strange error
nifi-runner_1 |
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
Unsatisfied dependency expressed through method
'setFilterChainProxySecurityConfigurer' parameter 1; nested
exception is
org.springframework.beans.factory.BeanExpressionException:
Expression parsing failed; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied
dependency expressed through method 'setJwtAuthenticationProvider'
parameter 0; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'jwtAuthenticationProvider' defined in
class path resource [nifi-web-security-context.xml]: Cannot
resolve reference to bean 'authorizer' while setting constructor
argument; nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is java.lang.Exception: The
specified authorizer 'ldap-user-group-provider' could not be found.
[... let me just skip the uninteresting Spring stack ...]
nifi-runner_1 | Caused by:
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'authorizer': FactoryBean threw exception
on object creation; nested exception is java.lang.Exception: The
specified authorizer 'ldap-user-group-provider' could not be found.
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323)
nifi-runner_1 | at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
nifi-runner_1 | at
org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
nifi-runner_1 | ... 96 common frames omitted
nifi-runner_1 | Caused by: java.lang.Exception: The specified
authorizer 'ldap-user-group-provider' could not be found.
nifi-runner_1 | at
org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:175)
nifi-runner_1 | at
org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178)
From what I understand, it seems like the AuthorizerFactoryBean
tries to read my user-group-provider from the authorizers.xml file.
I have such an user group provider, which is a ldap one :
<authorizers>
<userGroupProvider>
<identifier>ldap-user-group-provider</identifier>
<class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class>
<propertyname="Authentication Strategy">LDAPS</property>
<propertyname="Manager DN">a_dn</property>
<propertyname="Manager Password">a_password</property>
<propertyname="TLS - Keystore"></property>
<propertyname="TLS - Keystore Password"></property>
<propertyname="TLS - Keystore Type"></property>
<propertyname="TLS - Truststore">/opt/certs/cacerts.jks</property>
<propertyname="TLS - Truststore Password">another</property>
<propertyname="TLS - Truststore Type">JKS</property>
<propertyname="TLS - Client Auth"></property>
<propertyname="TLS - Protocol">TLSv1</property>
<propertyname="TLS - Shutdown Gracefully"></property>
<propertyname="Referral Strategy">FOLLOW</property>
<propertyname="Connect Timeout">10 secs</property>
<propertyname="Read Timeout">10 secs</property>
<propertyname="Url">ldaps://myserver.mycompany.com:636</property>
<propertyname="Page Size"></property>
<propertyname="Sync Interval">30 mins</property>
<propertyname="User Search Base">ou=people,o=mycompany.com
<http://mycompany.com></property>
<propertyname="User Object Class">privPerson</property>
<propertyname="User Search Scope">SUBTREE</property>
<propertyname="User Search Filter"></property>
<propertyname="User Identity Attribute">uid</property>
<propertyname="User Group Name Attribute">This attribute doesn't
exist to make sure no grouping is done</property>
<propertyname="User Group Name Attribute - Referenced Group
Attribute"></property>
<propertyname="Group Search Base"></property>
<propertyname="Group Object Class">group</property>
<propertyname="Group Search Scope">ONE_LEVEL</property>
<propertyname="Group Search Filter"></property>
<propertyname="Group Name Attribute"></property>
<propertyname="Group Member Attribute"></property>
<propertyname="Group Member Attribute - Referenced User
Attribute"></property>
</userGroupProvider>
So why can't it be loaded ?
Because I don't see any other exception (typically, I would expect
a search fail exception, but it seems to work).
