Hi Nicolas, Could you share the full content of your authorizers.xml file? Sometimes it's just a matter of references not being in the right "order".
Le ven. 19 juil. 2019 à 11:59, Edward Armes <[email protected]> a écrit : > I wasn't able to find any single good way, I don't know if switching the > logs down to debug or trace might give you a bit more info though . In the > end I just went through a worked it out by hand using a combination of > manual checking against an alternative tool (i.e. an LDAP browser), file > format checkers, or just commenting things out by hand. > > I did sometimes find that white space character (new line etc...) can > occasionally cause a problem with the Spring loading. > > Edward > > On Fri, Jul 19, 2019 at 10:45 AM Nicolas Delsaux <[email protected]> > wrote: > >> Is there any way to get a better error ? >> Le 19/07/2019 à 11:36, Edward Armes a écrit : >> >> Hi Nicolas, >> >> This one is a bit of a Spring special. The actual cause here is that the >> Spring Bean that is being created from this file has silently failed, and >> thus the auto-wiring has failed as well. The result is you get this lovely >> misleading error. The normal reason for the bean not being created I found >> was because I made a typo in the configuration file(s). >> >> Edward >> >> On Fri, Jul 19, 2019 at 10:21 AM Nicolas Delsaux <[email protected]> >> wrote: >> >>> Hi all >>> >>> Now I know how to connect to my LDAP directory, i now have a strange >>> error >>> >>> >>> nifi-runner_1 | >>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>> creating bean with name >>> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration': >>> Unsatisfied dependency expressed through method >>> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is >>> org.springframework.beans.factory.BeanExpressionException: Expression >>> parsing failed; nested exception is >>> org.springframework.beans.factory.UnsatisfiedDependencyException: Error >>> creating bean with name >>> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied >>> dependency expressed through method 'setJwtAuthenticationProvider' >>> parameter 0; nested exception is >>> org.springframework.beans.factory.BeanCreationException: Error creating >>> bean with name 'jwtAuthenticationProvider' defined in class path resource >>> [nifi-web-security-context.xml]: Cannot resolve reference to bean >>> 'authorizer' while setting constructor argument; nested exception is >>> org.springframework.beans.factory.BeanCreationException: Error creating >>> bean with name 'authorizer': FactoryBean threw exception on object >>> creation; nested exception is java.lang.Exception: The specified authorizer >>> 'ldap-user-group-provider' could not be found. >>> >>> [... let me just skip the uninteresting Spring stack ...] >>> >>> nifi-runner_1 | Caused by: >>> org.springframework.beans.factory.BeanCreationException: Error creating >>> bean with name 'authorizer': FactoryBean threw exception on object >>> creation; nested exception is java.lang.Exception: The specified authorizer >>> 'ldap-user-group-provider' could not be found. >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:185) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1640) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:323) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) >>> nifi-runner_1 | ... 96 common frames omitted >>> nifi-runner_1 | Caused by: java.lang.Exception: The specified >>> authorizer 'ldap-user-group-provider' could not be found. >>> nifi-runner_1 | at >>> org.apache.nifi.authorization.AuthorizerFactoryBean.getObject(AuthorizerFactoryBean.java:175) >>> nifi-runner_1 | at >>> org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:178) >>> >>> From what I understand, it seems like the AuthorizerFactoryBean tries to >>> read my user-group-provider from the authorizers.xml file. >>> >>> >>> I have such an user group provider, which is a ldap one : >>> <authorizers> >>> <userGroupProvider> >>> <identifier>ldap-user-group-provider</identifier> >>> <class>org.apache.nifi.ldap.tenants.LdapUserGroupProvider</class> >>> <property name="Authentication Strategy">LDAPS</property> >>> <property name="Manager DN">a_dn</property> >>> <property name="Manager Password">a_password</property> >>> <property name="TLS - Keystore"></property> >>> <property name="TLS - Keystore Password"></property> >>> <property name="TLS - Keystore Type"></property> >>> <property name="TLS - Truststore">/opt/certs/cacerts.jks</property> >>> <property name="TLS - Truststore Password">another</property> >>> <property name="TLS - Truststore Type">JKS</property> >>> <property name="TLS - Client Auth"></property> >>> <property name="TLS - Protocol">TLSv1</property> >>> <property name="TLS - Shutdown Gracefully"></property> >>> <property name="Referral Strategy">FOLLOW</property> >>> <property name="Connect Timeout">10 secs</property> >>> <property name="Read Timeout">10 secs</property> >>> <property name="Url">ldaps://myserver.mycompany.com:636</property> >>> <property name="Page Size"></property> >>> <property name="Sync Interval">30 mins</property> >>> <property name="User Search Base">ou=people,o=mycompany.com</property> >>> <property name="User Object Class">privPerson</property> >>> <property name="User Search Scope">SUBTREE</property> >>> <property name="User Search Filter"></property> >>> <property name="User Identity Attribute">uid</property> >>> <property name="User Group Name Attribute">This attribute doesn't exist >>> to make sure no grouping is done</property> >>> <property name="User Group Name Attribute - Referenced Group Attribute" >>> ></property> >>> <property name="Group Search Base"></property> >>> <property name="Group Object Class">group</property> >>> <property name="Group Search Scope">ONE_LEVEL</property> >>> <property name="Group Search Filter"></property> >>> <property name="Group Name Attribute"></property> >>> <property name="Group Member Attribute"></property> >>> <property name="Group Member Attribute - Referenced User Attribute"></ >>> property> >>> </userGroupProvider> >>> >>> So why can't it be loaded ? >>> >>> Because I don't see any other exception (typically, I would expect a >>> search fail exception, but it seems to work). >>> >>
