БЛОГ НА HUSL


Кластер nifi проблема с авторизацией при доступе к UI

Автор вопроса: Олег

Тестирую кластер nifi 1.13.2 из 2-х нод.

Одна нода - rhel7, вторая - redos. Zookeeper встроенный.

Кластер работает корректно (ноды видят друг друга, координатор выбран.)

Сертификаты на нодах самоподписанные.

Лог на координаторе:

2022-09-16 15:03:00,312 INFO [Process Cluster Protocol Request-6] o.a.n.c.p.impl.SocketProtocolListener Finished processing request 087f38b1-1896-4da5-a243-0e8577cc74c8 (type=HEARTBEAT, length=3172 bytes) from <имя ноды координатора>.<имя домена>:8080 in 89 millis 2022-09-16 15:03:00,314 INFO [Clustering Tasks Thread-2] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2022-09-16 15:03:00,221 and sent to <имя ноды координатора>.<имя домена>:8000 at 2022-09-16 15:03:00,314; send took 92 millis

Лог на второй ноде:

2022-09-16 15:09:31,462 INFO [Clustering Tasks Thread-3] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2022-09-16 15:09:31,406 and sent to <имя ноды координатора>.<имя домена>:8000 at 2022-09-16 15:09:31,462; send took 55 millis 2022-09-16 15:09:36,522 INFO [Clustering Tasks Thread-3] o.a.n.c.c.ClusterProtocolHeartbeater Heartbeat created at 2022-09-16 15:09:36,462 and sent to <имя ноды координатора>.<имя домена>:8000 at 2022-09-16 15:09:36,522; send took 60 millis

Столкнулся с проблемой авторизации в UI.

LDAP авторизация не срабатывает (без кластера LDAP авторизация работала на обеих нодах).

При вводе логина и пароля возвращаюсь обратно на страницу авторизации.

Лог на ноде, на которой пытаюсь авторизоваться, выглядит так:

2022-09-16 15:21:11,630 DEBUG [NiFi Web Server-202] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-09-16 15:21:13,262 DEBUG [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,262 DEBUG [NiFi Web Server-34] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-09-16 15:21:13,262 DEBUG [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,262 INFO [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET https:// <имя ноды координатора>.<имя домена>::8080/nifi-api/flow/current-user (source ip: <IP координатора>) 2022-09-16 15:21:13,264 INFO [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for 2022-09-16 15:21:13,265 DEBUG [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,265 DEBUG [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,265 DEBUG [NiFi Web Server-34] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntitiesChain - <> 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.x509.X509AuthenticationFilter Raw X-ProxiedEntityGroups - <> 2022-09-16 15:21:13,276 INFO [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for (<><CN=<имя ноды координатора>>.<, OU=NIFI>) GET https:// <имя ноды координатора>.<имя домена>::8080/nifi-api/flow/current-user (source ip: <IP координатора>) 2022-09-16 15:21:13,276 INFO [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Authentication success for 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,276 DEBUG [NiFi Web Server-193] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: 2022-09-16 15:21:13,793 DEBUG [NiFi Web Server-29] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request.

Лог на второй ноде выглядит так:

2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.x509.X509CertificateExtractor No client certificate found in request. 2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,321 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Checking secure context token: null 2022-09-16 15:21:13,321 INFO [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Attempting request for () GET https:// <имя второй ноды >.<имя домена>::8080/nifi-api/flow/current-user (source ip: <IP второй ноды>) 2022-09-16 15:21:13,322 WARN [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter Rejecting access to web api: Anonymous authentication has not been configured. 2022-09-16 15:21:13,322 DEBUG [NiFi Web Server-190] o.a.n.w.s.NiFiAuthenticationFilter org.apache.nifi.web.security.InvalidAuthenticationException: Anonymous authentication has not been configured. at org.apache.nifi.web.security.anonymous.NiFiAnonymousAuthenticationProvider.authenticate(NiFiAnonymousAuthenticationProvider.java:46) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:79) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:100) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:100) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:100) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.apache.nifi.web.security.NiFiAuthenticationFilter.authenticate(NiFiAuthenticationFilter.java:100) at org.apache.nifi.web.security.NiFiAuthenticationFilter.doFilter(NiFiAuthenticationFilter.java:59) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.filter.TimerFilter.doFilter(TimerFilter.java:51) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.filter.ExceptionFilter.doFilter(ExceptionFilter.java:46) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:201) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:487) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:336) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:301) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.StrictTransportSecurityFilter.doFilter(StrictTransportSecurityFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XContentTypeOptionsFilter.doFilter(XContentTypeOptionsFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XSSProtectionFilter.doFilter(XSSProtectionFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:47) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.apache.nifi.web.security.headers.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:48) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:763) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:191) at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:59) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:540) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:395) at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:161) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036) at java.base/java.lang.Thread.run(Thread.java:834)

Буду рад любой помощи.


Источник

Ответы (0 шт):

licensed under cc by-sa 3.0 with attribution.