Thanks for reporting this. The issue is specifically tied to downloading resources (content or templates) and accessing UI extensions (like the content viewer or custom UI) when logged in via LDAP. Using client certificates should be working as expected.
This token issue is addressed in NIFI-1497 [1] and will be included in the upcoming 0.5.1 release. Sorry for the inconvenience. Matt [1] https://issues.apache.org/jira/browse/NIFI-1497 On Mon, Feb 22, 2016 at 9:48 AM, Conrad Crampton < conrad.cramp...@secdata.com> wrote: > Hi, > I have a working NiFi installation on both my local machine and on a > cluster. Both set up with certificates and https access and LDAP > integration. All good. > However, I have come across an issue where I can’t now export templates as > I get an ‘access denied’ error in the UI, and in the nifi-user.log I get > this stack trace… > > o.a.n.w.s.NiFiAuthenticationFilter Unable to authorize: An Authentication > object was not found in the SecurityContext > org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: > An Authentication object was not found in the SecurityContext > at > org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:378) > ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:222) > ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) > ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) > ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122) > ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:99) > [nifi-web-security-0.4.1.jar:0.4.1] > at > org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:60) > [nifi-web-security-0.4.1.jar:0.4.1] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:99) > [nifi-web-security-0.4.1.jar:0.4.1] > at > org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:60) > [nifi-web-security-0.4.1.jar:0.4.1] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.apache.nifi.web.security.node.NodeAuthorizedUserFilter.doFilter(NodeAuthorizedUserFilter.java:112) > [nifi-web-security-0.4.1.jar:0.4.1] > at > org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) > [spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE] > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) > [spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE] > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) > [spring-web-4.1.6.RELEASE.jar:4.1.6.RELEASE] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) > [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.apache.nifi.web.filter.ThreadLocalFilter.doFilter(ThreadLocalFilter.java:38) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) > [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529] > at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:52) > [classes/:na] > at > org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) > [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) > [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) > [jetty-security-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) > [jetty-servlet-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at org.eclipse.jetty.server.Server.handle(Server.java:499) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) > [jetty-server-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540) > [jetty-io-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) > [jetty-util-9.2.11.v20150529.jar:9.2.11.v20150529] > at > org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) > [jetty-util-9.2.11.v20150529.jar:9.2.11.v20150529] > at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40] > 2016-02-22 14:41:25,674 INFO [NiFi Web Server-230] > o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: An > Authentication object was not found in the SecurityContext > > Any suggestions? The resultant url for the export is > https://localhost:9090/nifi-api/controller/templates/92427c50-2d9b-4a9b-83eb-4062c9c88d49 > if > that helps. > I also have two tokens set in local storage of ‘jwt’ and ' > nifi-view-a96be08b-00c9-4ebb-ae11-84101cca90ad’. > > Thanks > Conrad > > > SecureData, combating cyber threats > > ------------------------------ > > The information contained in this message or any of its attachments may be > privileged and confidential and intended for the exclusive use of the > intended recipient. If you are not the intended recipient any disclosure, > reproduction, distribution or other dissemination or use of this > communications is strictly prohibited. The views expressed in this email > are those of the individual and not necessarily of SecureData Europe Ltd. > Any prices quoted are only valid if followed up by a formal written quote. > > SecureData Europe Limited. Registered in England & Wales 04365896. > Registered Address: SecureData House, Hermitage Court, Hermitage Lane, > Maidstone, Kent, ME16 9NT >
