Hi,
I am currently working on calling the Nifi REST API to get the 'root'
process group and setting it as parent for a new process-group.
However I am getting the next messages:
Attempting GET request to: JerseyWebTarget {
https://127.0.0.1:8443/nifi-api/process-groups/root }
2018-02-26 11:06:55.341 DEBUG ???? --- [ main]
c.c.p.n.c.i.b.BootApiClient :
2018-02-26 11:06:55.341 DEBUG ???? --- [ main]
c.c.p.n.c.i.b.BootApiClient : Received 403 response from GET
to JerseyWebTarget { https://127.0.0.1:8443/nifi-api/process-groups/root }
com.civitaslearning.platform.nifi.client.invoker.boot.exception.NifiForbiddenException:
No applicable policies could be found. Contact the system administrator.
This is the content of my authorizations.xml file:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<authorizations>
<policies>
<policy identifier="f99bccd1-a30e-3e4a-98a2-dbc708edc67f"
resource="/flow" action="R">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="b8775bd4-704a-34c6-987b-84f2daf7a515"
resource="/restricted-components" action="W">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="627410be-1717-35b4-a06f-e9362b89e0b7"
resource="/tenants" action="R">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="15e4e0bd-cb28-34fd-8587-f8d15162cba5"
resource="/tenants" action="W">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="ff96062a-fa99-36dc-9942-0f6442ae7212"
resource="/policies" action="R">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="ad99ea98-3af6-3561-ae27-5bf09e1d969d"
resource="/policies" action="W">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="2e1015cb-0fed-3005-8e0d-722311f21a03"
resource="/controller" action="R">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="c6322e6c-4cc1-3bcc-91b3-2ed2111674cf"
resource="/controller" action="W">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="d2f2019f-0161-1000-201a-94a51ee94006"
resource="/process-groups/root" action="R">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
<policy identifier="d2f20292-0161-1000-e8d2-a8f874682f68"
resource="/process-groups/root" action="W">
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"/>
</policy>
</policies>
</authorizations>
And this is the content of authorizations.xml
<authorizers>
<accessPolicyProvider>
<identifier>file-access-policy-provider</identifier>
<class>org.apache.nifi.authorization.FileAccessPolicyProvider</class>
<property name="User Group
Provider">file-user-group-provider</property>
<property name="Authorizations
File">./conf/authorizations.xml</property>
<property name="Initial Admin Identity">CN=civitas,
OU=ApacheNifi</property>
<property name="Legacy Authorized Users File"></property>
<property name="Node Identity 1"></property>
</accessPolicyProvider>
<authorizer>
<identifier>managed-authorizer</identifier>
<class>org.apache.nifi.authorization.StandardManagedAuthorizer</class>
<property name="Access Policy
Provider">file-access-policy-provider</property>
</authorizer>
</authorizers>
And users.xml
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<tenants>
<groups/>
<users>
<user identifier="2ca01c6c-41bf-31b9-8101-5021367b7c51"
identity="CN=civitas, OU=ApacheNifi"/>
</users>
</tenants>
I already create a policy using the same user cert so I guess the DN is
valid.
Am I defining the policy or making the call in a wrong way?
Thanks in advance,
Daniel Hernandez
