nifi-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Gilman <matt.c.gil...@gmail.com>
Subject Re: Authentication error - access denied exporting template
Date Mon, 22 Feb 2016 15:04:47 GMT
Thanks for reporting this. The issue is specifically tied to downloading
resources (content or templates) and accessing UI extensions (like the
content viewer or custom UI) when logged in via LDAP. Using client
certificates should be working as expected.

This token issue is addressed in NIFI-1497 [1] and will be included in the
upcoming 0.5.1 release. Sorry for the inconvenience.

Matt

[1] https://issues.apache.org/jira/browse/NIFI-1497

On Mon, Feb 22, 2016 at 9:48 AM, Conrad Crampton <
conrad.crampton@secdata.com> wrote:

> Hi,
> I have a working NiFi installation on both my local machine and on a
> cluster. Both set up with certificates and https access and LDAP
> integration. All good.
> However, I have come across an issue where I can’t now export templates as
> I get an ‘access denied’ error in the UI, and in the nifi-user.log I get
> this stack trace…
>
> o.a.n.w.s.NiFiAuthenticationFilter Unable to authorize: An Authentication
> object was not found in the SecurityContext
> org.springframework.security.authentication.AuthenticationCredentialsNotFoundException:
> An Authentication object was not found in the SecurityContext
> at
> org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:378)
> ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:222)
> ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
> ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
> ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
> ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:99)
> [nifi-web-security-0.4.1.jar:0.4.1]
> at
> org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:60)
> [nifi-web-security-0.4.1.jar:0.4.1]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:99)
> [nifi-web-security-0.4.1.jar:0.4.1]
> at
> org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:60)
> [nifi-web-security-0.4.1.jar:0.4.1]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.apache.nifi.web.security.node.NodeAuthorizedUserFilter.doFilter(NodeAuthorizedUserFilter.java:112)
> [nifi-web-security-0.4.1.jar:0.4.1]
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
> [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
> [spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE]
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
> [spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.apache.nifi.web.filter.ThreadLocalFilter.doFilter(ThreadLocalFilter.java:38)
> [classes/:na]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529]
> at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:52)
> [classes/:na]
> at
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
> [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
> [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
> [jetty-security-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
> [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at org.eclipse.jetty.server.Server.handle(Server.java:499)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
> [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
> [jetty-io-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
> [jetty-util-9.2.11.v20150529.jar:9.2.11.v20150529]
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
> [jetty-util-9.2.11.v20150529.jar:9.2.11.v20150529]
> at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40]
> 2016-02-22 14:41:25,674 INFO [NiFi Web Server-230]
> o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: An
> Authentication object was not found in the SecurityContext
>
> Any suggestions? The resultant url for the export is
> https://localhost:9090/nifi-api/controller/templates/92427c50-2d9b-4a9b-83eb-4062c9c88d49
if
> that helps.
> I also have two tokens set in local storage of ‘jwt’ and '
> nifi-view-a96be08b-00c9-4ebb-ae11-84101cca90ad’.
>
> Thanks
> Conrad
>
>
> SecureData, combating cyber threats
>
> ------------------------------
>
> The information contained in this message or any of its attachments may be
> privileged and confidential and intended for the exclusive use of the
> intended recipient. If you are not the intended recipient any disclosure,
> reproduction, distribution or other dissemination or use of this
> communications is strictly prohibited. The views expressed in this email
> are those of the individual and not necessarily of SecureData Europe Ltd.
> Any prices quoted are only valid if followed up by a formal written quote.
>
> SecureData Europe Limited. Registered in England & Wales 04365896.
> Registered Address: SecureData House, Hermitage Court, Hermitage Lane,
> Maidstone, Kent, ME16 9NT
>

Mime
View raw message