[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17606443#comment-17606443
]
Josef Zahner commented on NIFI-6860:
We are now on NiFi 1.15.3 and Java OpenJDK 11.0.16. Issue seems to be gone, at
least for us, NiFi starts now without an issue.
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Troy Melhase
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS, security
> Attachments: Screenshot 2019-11-11 at 11.14.52.png, authorizers.xml,
> login-identity-providers.xml
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:10
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17093939#comment-17093939
]
Josef Zahner commented on NIFI-6860:
[~tmelhase] in my case the issue was fully reproducible. I'm off until begin of
june, but can I help you to reproduce the issue somehow?
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Troy Melhase
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png, authorizers.xml,
> login-identity-providers.xml
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:10
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17091811#comment-17091811
]
Troy Melhase commented on NIFI-6860:
[~jzahner] I've spent a few hours trying to reproduce this but I've not been
able to (yet).
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Troy Melhase
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png, authorizers.xml,
> login-identity-providers.xml
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> at
> org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107){code}
> In authorizers.xml we added the l
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17009028#comment-17009028
]
Joe Witt commented on NIFI-6860:
removing fix version for now. It might make sense to flag this in migration
guide or something as a known issue for start-tls on java 11 if indeed that is
the problem.
ONce there is a fix/pr/merge we can tag a fix version
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Nathan Gough
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png, authorizers.xml,
> login-identity-providers.xml
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> at
> org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
> at
> org.springframework.we
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16984219#comment-16984219
]
Josef Zahner commented on NIFI-6860:
Hi Nathan
Of course I can share the config (I have replaced some secure keywords like
passwords).
Yes we have a keystore configured in authorizers.xml. The same as as in the
nifi.properties. To be honest I never thought about it, we just copied the
keystore/truststore config. One speciality about the keystore, even if I think
its not relevant. We are using as CN the following name "*.corproot.net", but
as SAN (subject alternative name) we have all the hostnames we use for nifi,
eg. nifi-01.corproot.net and nifi-02.corproot.net, So at the end we can use
only one keystore for all our nifi nodes, doesn't matter whether cluster or
single node. Ah and the keystore is a client & server cert, that's a
requirement because we use it as well for the cluster communication.
For a test I've removed the keystore from authorizers.xml config with java-11,
same result - error 13.
*nifi.properties:*
{code:java}
nifi.security.user.authorizer=managed-authorizer
nifi.security.user.login.identity.provider=ldap-provider
{code}
*authorizers.xml -> (attached to ticket; header xml lines are missing, sorry)*
*login-identity-providers.xml:* *-> attached to ticket***
What else do you need?
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Nathan Gough
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png, authorizers.xml,
> login-identity-providers.xml
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSing
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16983741#comment-16983741
]
Nathan Gough commented on NIFI-6860:
Hi Josef,
I was able to get Java 11 + NiFi authenticating users with an OpenLDAP server
using STARTTLS. I'm using a Java 8 build of NiFi but running on Java 11.
{code:java}
$ java -version
openjdk version "11.0.5" 2019-10-15
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.5+10-201908101809)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.5+10-201908101809, mixed mode)
{code}
I configured NiFi to use 1 way TLS and can see a successful key exchange and
then encrypted application data traffic in Wireshark when I authenticate.
Are you able to provide any more details of how to replicate your issue? Are
you using 2 way authentication (a keystore on the NiFi side)?
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Assignee: Nathan Gough
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicati
[jira] [Commented] (NIFI-6860) Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
[
https://issues.apache.org/jira/browse/NIFI-6860?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16972607#comment-16972607
]
Josef Zahner commented on NIFI-6860:
More News, we upgraded in parallel to NiFi 1.10.0 from java 1.8.0 to java 11.
In our case java 11 breaks the LDAP START_TLS feature, if I switch back to java
1.8.0 the error message is gone and NiFi 1.10.0 starts with the same config.
As workaround we will now switch back to java 1.8.0. But we are glad that we
can still use the START_TLS feature (as it is the successor of LDAPS).
> Upgrade NiFi 1.9.2 to 1.10.0 - Java11 LDAP (START_TLS) Issue
>
>
> Key: NIFI-6860
> URL: https://issues.apache.org/jira/browse/NIFI-6860
> Project: Apache NiFi
> Issue Type: Bug
>Affects Versions: 1.10.0
> Environment: NiFi Single Node with HTTPS/LDAP enabled; CentOS 7.x
>Reporter: Josef Zahner
>Priority: Blocker
> Labels: Java11, LDAP, Nifi, START-TLS
> Attachments: Screenshot 2019-11-11 at 11.14.52.png
>
>
> We would like to upgrade from NiFi 1.9.2 to 1.10.0 and we have HTTPS with
> LDAP (START_TLS) authentication successfully enabled on 1.9.2. Now after
> upgrading, we have an issue which prevents nifi from startup:
> {code:java}
> 2019-11-11 08:29:30,447 ERROR [main] o.s.web.context.ContextLoader Context
> initialization failed
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration':
> Unsatisfied dependency expressed through method
> 'setFilterChainProxySecurityConfigurer' parameter 1; nested exception is
> org.springframework.beans.factory.BeanExpressionException: Expression parsing
> failed; nested exception is
> org.springframework.beans.factory.UnsatisfiedDependencyException: Error
> creating bean with name
> 'org.apache.nifi.web.NiFiWebApiSecurityConfiguration': Unsatisfied dependency
> expressed through method 'setJwtAuthenticationProvider' parameter 0; nested
> exception is org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'jwtAuthenticationProvider' defined in class path
> resource [nifi-web-security-context.xml]: Cannot resolve reference to bean
> 'authorizer' while setting constructor argument; nested exception is
> org.springframework.beans.factory.BeanCreationException: Error creating bean
> with name 'authorizer': FactoryBean threw exception on object creation;
> nested exception is
> org.springframework.ldap.AuthenticationNotSupportedException: [LDAP: error
> code 13 - confidentiality required]; nested exception is
> javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 -
> confidentiality required]
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:666)
> at
> org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
> at
> org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:366)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1269)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:551)
> at
> org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
> at
> org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
> at
> org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> at
> org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)
> at
> org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)
> at
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)
> at
> org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
> at
> org.springframework.web.context.ContextLoader.initW
