[jira] [Created] (NIFI-5752) Load balancing fails with wildcard certs

Thu, 25 Oct 2018 03:40:19 -0700 

Kotaro Terada created NIFI-5752:
-----------------------------------

             Summary: Load balancing fails with wildcard certs
                 Key: NIFI-5752
                 URL: https://issues.apache.org/jira/browse/NIFI-5752
             Project: Apache NiFi
          Issue Type: Bug
    Affects Versions: 1.8.0
            Reporter: Kotaro Terada


Load balancing fails when we construct a secure cluster with wildcard certs.

For example, assume that we have a valid wildcard cert for {{*.example.com}} 
and a cluster consists of {{nf1.example.com}}, {{nf2.example.com}}, and 
{{nf3.example.com}} . We cannot transfer a FlowFile between nodes for load 
balancing because of the following authorization error:

{noformat}
2018-10-25 19:05:13,520 WARN [Load Balance Server Thread-2] 
o.a.n.c.q.c.s.ClusterLoadBalanceAuthorizer Authorization failed for Client ID's 
[*.example.com] to Load Balance data because none of the ID's are known Cluster 
Node Identifiers
2018-10-25 19:05:13,521 ERROR [Load Balance Server Thread-2] 
o.a.n.c.q.c.s.ConnectionLoadBalanceServer Failed to communicate with Peer 
/xxx.xxx.xxx.xxx:xxxxx
org.apache.nifi.controller.queue.clustered.server.NotAuthorizedException: 
Client ID's [*.example.com] are not authorized to Load Balance data
        at 
org.apache.nifi.controller.queue.clustered.server.ClusterLoadBalanceAuthorizer.authorize(ClusterLoadBalanceAuthorizer.java:65)
        at 
org.apache.nifi.controller.queue.clustered.server.StandardLoadBalanceProtocol.receiveFlowFiles(StandardLoadBalanceProtocol.java:142)
        at 
org.apache.nifi.controller.queue.clustered.server.ConnectionLoadBalanceServer$CommunicateAction.run(ConnectionLoadBalanceServer.java:176)
        at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at 
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
{noformat}

This problem occurs because in {{authorize}} method in 
{{ClusterLoadBalanceAuthorizer}} class, authorization is tried by just matching 
strings.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to