Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-6020

Cannot list users or policies when an access policy contains a group that is deleted

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.7.1
    • Fix Version/s: 1.9.0
    • Component/s: Core UI
    • Labels:
      None

      Description

      Originally reported on the Apache NiFi Slack.

      when groups are removed in ldap, it impacts access policies that had the group id.

      https://apachenifi.slack.com/archives/C0L9UPWJZ/p1549493200163800

      This relates to NIFI-5948.

      Steps to reproduce:

      1. Configure NiFi to use the LDAP UserGroupProvider.
      2. Then in Nifi, using the UI, create some access policies that contain the LDAP groups.
      3. Delete groups from LDAP or change the NiFi LdapUserGroupProvider to use a different group search base/filter such that a subset of groups are returned, and at least one group that belongs to an access policy is no longer synced from ldap.
      4. Go to buger menu -> users as observe an NPE. stack trace below

      The only way to fix this problem is to delete the association of the access policy -> group in the file: authorizations.xml.

      Stack trace:

       

      2019-02-06 22:42:46,373 ERROR [NiFi Web Server-41682] o.a.nifi.web.api.config.ThrowableMapper An unexpected error has occurred: java.lang.NullPointerException. Returning Internal Server Error response.
      java.lang.NullPointerException: null
      at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.lambda$null$2(StandardPolicyBasedAuthorizerDAO.java:285)
      at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
      at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1553)
      at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
      at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
      at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
      at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
      at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.lambda$getAccessPoliciesForUser$3(StandardPolicyBasedAuthorizerDAO.java:285)
      at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:174)
      at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1553)
      at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
      at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
      at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
      at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
      at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO.getAccessPoliciesForUser(StandardPolicyBasedAuthorizerDAO.java:287)
      at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO$$FastClassBySpringCGLIB$$ea190383.invoke(<generated>)
      at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
      at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
      at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
      at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
      at org.apache.nifi.web.dao.impl.StandardPolicyBasedAuthorizerDAO$$EnhancerBySpringCGLIB$$9bc4b502.getAccessPoliciesForUser(<generated>)
      at org.apache.nifi.web.StandardNiFiServiceFacade.createUserEntity(StandardNiFiServiceFacade.java:3285)
      at org.apache.nifi.web.StandardNiFiServiceFacade.lambda$getUsers$163(StandardNiFiServiceFacade.java:3276)
      at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193)
      at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1553)
      at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
      at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
      at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
      at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
      at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:499)
      at org.apache.nifi.web.StandardNiFiServiceFacade.getUsers(StandardNiFiServiceFacade.java:3277)
      at org.apache.nifi.web.StandardNiFiServiceFacade$$FastClassBySpringCGLIB$$358780e0.invoke(<generated>)
      at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
      at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
      at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
      at org.apache.nifi.web.NiFiServiceFacadeLock.proceedWithReadLock(NiFiServiceFacadeLock.java:155)
      at org.apache.nifi.web.NiFiServiceFacadeLock.getLock(NiFiServiceFacadeLock.java:120)
      at sun.reflect.GeneratedMethodAccessor219.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:629)
      at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:618)
      at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
      at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
      at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
      at org.apache.nifi.web.StandardNiFiServiceFacade$$EnhancerBySpringCGLIB$$c5908f19.getUsers(<generated>)
      at org.apache.nifi.web.api.TenantsResource.getUsers(TenantsResource.java:304)
      ...

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kdoran Kevin Doran
                Reporter:
                kdoran Kevin Doran
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 50m
                  50m