You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@nifi.apache.org by "Sergio M." <si...@hotmail.com> on 2022/05/06 18:17:27 UTC
RV: Unknown user with identity 'anonymous'
Hi,
We had a two node Nifi cluster running version 1.11.4 which connects to the Nifi Registry. A few days ago we decided to upgrade Nifi to version 1.15.2 and add a new node to the cluster.
After the upgrade, the cluster starts up and connect to the Registry correctly, the Process Groups can get the version control state, but only for a few minutes. At some point the connection fails and the state of the Process Groups is lost. If we restart the cluster, the connection is restored but after a while it fails again
[cid:72cb7782-f318-43b1-9c4d-3a7dcf4a6410]
[cid:63a03873-c20b-476f-b9cf-5d56c74ddf56]
In the logs of Nifi we can see this error:
2022-04-13 09:00:16,857 ERROR [Timer-Driven Process Thread-69] o.a.nifi.groups.StandardProcessGroup Failed to synchronize StandardProcessGroup[identifier=,name=Test] with Flow Registry because could not determine the most recent version of the Flow in the Flow Registry
org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving flow: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:117)
at org.apache.nifi.registry.client.impl.JerseyFlowClient.get(JerseyFlowClient.java:87)
at org.apache.nifi.registry.flow.RestBasedFlowRegistry.getVersionedFlow(RestBasedFlowRegistry.java:286)
at org.apache.nifi.groups.StandardProcessGroup.synchronizeWithFlowRegistry(StandardProcessGroup.java:3782)
at org.apache.nifi.controller.FlowController$6.run(FlowController.java:972)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:910)
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
at org.apache.nifi.registry.client.impl.JerseyFlowClient.lambda$get$1(JerseyFlowClient.java:93)
at org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:103)
... 11 common frames omitted
The Registry logs indicates that the request does not contain a Client certificate and gives the error ‘AccessDeniedException: Unknown user with identity 'anonymous'’. We configured new certificates after the upgrade, also we tried with the previous ones but in no case did it work.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using X509IdentityProvider
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.x.X509CertificateExtractor No client certificate found in request.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using JwtIdentityProvider
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.BearerAuthIdentityProvider HTTP Bearer Auth credentials not present. Not attempting to extract credentials for authentication.
2022-05-06 12:44:43,932 TRACE [NiFi Registry Web Server-13] o.a.n.r.w.s.a.AnonymousIdentityFilter Set SecurityContextHolder to anonymous
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.ResourceAuthorizationFilter Request filter authorization check is not required for this HTTP Method on this resource. Allowing request to proceed. An additional authorization check might be performed downstream of this filter.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/b1865fed…
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.PublicCheckingAuthorizable Requested resource is /buckets/b1865fed…
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.PublicCheckingAuthorizable Delegating to inheriting authorizable for /buckets/b1865fed…
2022-05-06 12:44:43,932 INFO [NiFi Registry Web Server-13] o.a.n.r.w.m.AccessDeniedExceptionMapper identity[anonymous], groups[none] does not have permission to access the requested resource. Unknown user with identity 'anonymous'. Returning Unauthorized response.
2022-05-06 12:44:43,933 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.m.AccessDeniedExceptionMapper
org.apache.nifi.registry.security.authorization.exception.AccessDeniedException: Unknown user with identity 'anonymous'.
at org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:285)
at org.apache.nifi.registry.security.authorization.resource.InheritingAuthorizable.authorize(InheritingAuthorizable.java:70)
at org.apache.nifi.registry.security.authorization.resource.PublicCheckingAuthorizable.authorize(PublicCheckingAuthorizable.java:105)
at org.apache.nifi.registry.security.authorization.resource.ProxyChainAuthorizable.authorize(ProxyChainAuthorizable.java:142)
at org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:298)
at org.apache.nifi.registry.service.AuthorizationService.authorize(AuthorizationService.java:110)
at org.apache.nifi.registry.web.service.StandardServiceFacade.authorizeBucketAccess(StandardServiceFacade.java:1094)
at org.apache.nifi.registry.web.service.StandardServiceFacade.getFlow(StandardServiceFacade.java:255)
at org.apache.nifi.registry.web.service.StandardServiceFacade$$FastClassBySpringCGLIB$$8b3bf0a8.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.apache.nifi.registry.web.service.StandardServiceFacade$$EnhancerBySpringCGLIB$$465ba499.getFlow(<generated>)
at org.apache.nifi.registry.web.api.BucketFlowResource.getFlow(BucketFlowResource.java:168)
at sun.reflect.GeneratedMethodAccessor81.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.forwardRequestWithoutAuthorizationCheck(ResourceAuthorizationFilter.java:151)
at org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.doFilter(ResourceAuthorizationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64)
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:748)
If we invoke the services ‘nifi pg-get-version’ and ‘nifi pg-get-all-versions’ of Nifi Toolkit, 'nifi get-version' correctly returns the status of a process group, but 'nifi pg-get-all-versions' give us the same error:
ERROR: Error executing command 'pg-get-all-versions' : Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
org.apache.nifi.toolkit.cli.api.CommandException: Error executing command 'pg-get-all-versions' : Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:65)
at org.apache.nifi.toolkit.cli.impl.command.AbstractPropertyCommand.execute(AbstractPropertyCommand.java:74)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processCommand(CommandProcessor.java:252)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processGroupCommand(CommandProcessor.java:233)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.process(CommandProcessor.java:188)
at org.apache.nifi.toolkit.cli.CLIMain.runSingleCommand(CLIMain.java:145)
at org.apache.nifi.toolkit.cli.CLIMain.main(CLIMain.java:72)
Caused by: org.apache.nifi.toolkit.cli.impl.client.nifi.NiFiClientException: Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:90)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.getVersions(JerseyFlowClient.java:175)
at org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:72)
at org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:38)
at org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:63)
... 6 more
Caused by: javax.ws.rs.ClientErrorException: HTTP 409 Conflict
at org.glassfish.jersey.client.JerseyInvocation.createExceptionForFamily(JerseyInvocation.java:953)
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:935)
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.lambda$getVersions$4(JerseyFlowClient.java:182)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:76)
... 10 more
The identity of the Cluster at some point is being lost and the Registry rejects the requests. In the upgrade of Development environment, which is a single node, we did not have this problem. In the QA environment, which is a cluster, we face it but after a while the connection was restored and it didn't happen again.
Do you know any solution or configuration to help us deal with this?
Thanks!
Re: Unknown user with identity 'anonymous'
Posted by Nathan Gough <th...@apache.org>.
The fact that it connects initially but then later fails is pretty unusual.
I would check that each one of your cluster nodes are set up correctly with
server certificates in the NiFi keystore that contain the correct
certificate attributes for server *and *client authentication. The
respective signing CA must also be in the NiFi Registry truststore.
Specifically you probably want to check that the certificate's ASN1 data
contains ClientAuth:
SEQUENCE
> {
> OBJECT IDENTIFIER=ExtKeyUsage (2.5.29.37)
> OCTET STRING, encapsulates:
> SEQUENCE
> {
>
> * OBJECT IDENTIFIER=ClientAuth
> (1.3.6.1.5.5.7.3.2)* }
}
I would also be interested to know if you have set
'nifi.registry.security.needClientAuth' to false in nifi-registry.conf. It
seems like based on the code, registry should still request the client
certificate from NiFi regardless of if this property is true or false but
it's worth checking. It's clear from the log message
'o.a.n.r.w.s.a.x.X509CertificateExtractor
No client certificate found in request.' that NiFi is not forwarding its
certificate for some reason.
Nathan
On Fri, May 6, 2022 at 5:19 PM Sergio M. <si...@hotmail.com> wrote:
> Add some points:
>
> 1_ The Registry version we are using is 0.6.0 and is the only instance we
> have for all the environments and other infrastructures. Also we tested
> with 16.0 with the same result.
>
> 2_ We have configured the authentication to the Nifi Registry with SSL
> certificates. After the upgrade, we create new certificates to include the
> new node we added to the cluster. But even with these certificates or the
> older, the connection ends up failling.
>
> 3_ We have this configuration (Nifi 1.15.2 cluster with Nifi Registry
> 0.6.0) in other infrastructures and works correctly.
>
> 4_ In the UI of Nifi, versioned process groups are displayed with a
> question mark and the following error:
> *Failed to synchronize Process Group with Flow Registry: Error retrieving
> flow: Unknown user with identity 'anonymous'*
>
>
> Thanks!
> Sergio
> ------------------------------
> *De:* Sergio M. <si...@hotmail.com>
> *Enviado:* viernes, 6 de mayo de 2022 18:17
> *Para:* users@nifi.apache.org <us...@nifi.apache.org>
> *Asunto:* RV: Unknown user with identity 'anonymous'
>
> Hi,
>
>
>
> We had a two node Nifi cluster running version 1.11.4 which connects to
> the Nifi Registry. A few days ago we decided to upgrade Nifi to version
> 1.15.2 and add a new node to the cluster.
>
>
>
> After the upgrade, the cluster starts up and connect to the Registry
> correctly, the Process Groups can get the version control state, but only
> for a few minutes. At some point the connection fails and the state of
> the Process Groups is lost. If we restart the cluster, the connection is
> restored but after a while it fails again
>
>
>
>
>
>
>
> In the logs of Nifi we can see this error:
>
>
>
> 2022-04-13 09:00:16,857 ERROR [Timer-Driven Process Thread-69]
> o.a.nifi.groups.StandardProcessGroup Failed to synchronize
> StandardProcessGroup[identifier=,name=Test] with Flow Registry because
> could not determine the most recent version of the Flow in the Flow Registry
>
>
> org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving
> flow: Unknown user with identity 'anonymous'. Contact the system
> administrator.
>
> at
> org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:117)
>
>
> at
> org.apache.nifi.registry.client.impl.JerseyFlowClient.get(JerseyFlowClient.java:87)
>
>
> at
> org.apache.nifi.registry.flow.RestBasedFlowRegistry.getVersionedFlow(RestBasedFlowRegistry.java:286)
>
>
> at
> org.apache.nifi.groups.StandardProcessGroup.synchronizeWithFlowRegistry(StandardProcessGroup.java:3782)
>
>
> at
> org.apache.nifi.controller.FlowController$6.run(FlowController.java:972)
>
> at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
>
> at
> java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
>
>
> at
> java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
>
>
> at
> java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
>
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>
>
> at java.base/java.lang.Thread.run(Thread.java:829)
>
> Caused by: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
>
> at
> org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:910)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
>
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
>
> at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
>
>
> at
> org.apache.nifi.registry.client.impl.JerseyFlowClient.lambda$get$1(JerseyFlowClient.java:93)
>
>
> at
> org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:103)
>
>
> ... 11 common frames omitted
>
>
>
> The Registry logs indicates that the request does not contain a Client
> certificate and gives the error ‘AccessDeniedException: Unknown user with
> identity 'anonymous'’. We configured new certificates after the upgrade,
> also we tried with the previous ones but in no case did it work.
>
>
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using
> X509IdentityProvider
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.x.X509CertificateExtractor
> No client certificate found in request.
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using
> JwtIdentityProvider
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.s.a.BearerAuthIdentityProvider HTTP Bearer Auth credentials not
> present. Not attempting to extract credentials for authentication.
>
> 2022-05-06 12:44:43,932 TRACE [NiFi Registry Web Server-13]
> o.a.n.r.w.s.a.AnonymousIdentityFilter Set SecurityContextHolder to anonymous
>
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.w.s.a.ResourceAuthorizationFilter Request filter authorization
> check is not required for this HTTP Method on this resource. Allowing
> request to proceed. An additional authorization check might be performed
> downstream of this filter.
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/b1865fed
> …
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.s.a.r.PublicCheckingAuthorizable Requested resource is
> /buckets/b1865fed…
>
> 2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.s.a.r.PublicCheckingAuthorizable Delegating to inheriting
> authorizable for /buckets/b1865fed…
>
> 2022-05-06 12:44:43,932 INFO [NiFi Registry Web Server-13]
> o.a.n.r.w.m.AccessDeniedExceptionMapper identity[anonymous], groups[none]
> does not have permission to access the requested resource. Unknown user
> with identity 'anonymous'. Returning Unauthorized response.
>
> 2022-05-06 12:44:43,933 DEBUG [NiFi Registry Web Server-13]
> o.a.n.r.w.m.AccessDeniedExceptionMapper
>
> org.apache.nifi.registry.security.authorization.exception.AccessDeniedException:
> Unknown user with identity 'anonymous'.
>
> at
> org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:285)
>
>
> at
> org.apache.nifi.registry.security.authorization.resource.InheritingAuthorizable.authorize(InheritingAuthorizable.java:70)
>
>
> at
> org.apache.nifi.registry.security.authorization.resource.PublicCheckingAuthorizable.authorize(PublicCheckingAuthorizable.java:105)
>
>
> at
> org.apache.nifi.registry.security.authorization.resource.ProxyChainAuthorizable.authorize(ProxyChainAuthorizable.java:142)
>
>
> at
> org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:298)
>
>
> at
> org.apache.nifi.registry.service.AuthorizationService.authorize(AuthorizationService.java:110)
>
>
> at
> org.apache.nifi.registry.web.service.StandardServiceFacade.authorizeBucketAccess(StandardServiceFacade.java:1094)
>
>
> at
> org.apache.nifi.registry.web.service.StandardServiceFacade.getFlow(StandardServiceFacade.java:255)
>
>
> at
> org.apache.nifi.registry.web.service.StandardServiceFacade$$FastClassBySpringCGLIB$$8b3bf0a8.invoke(<generated>)
>
>
> at
> org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
>
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
>
>
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
>
>
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
>
>
> at
> org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
>
>
> at
> org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
>
>
> at
> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
>
>
> at
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
>
>
> at
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
>
>
> at
> org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
>
>
> at
> org.apache.nifi.registry.web.service.StandardServiceFacade$$EnhancerBySpringCGLIB$$465ba499.getFlow(<generated>)
>
>
> at
> org.apache.nifi.registry.web.api.BucketFlowResource.getFlow(BucketFlowResource.java:168)
>
>
> at sun.reflect.GeneratedMethodAccessor81.invoke(Unknown Source)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
>
> at java.lang.reflect.Method.invoke(Method.java:498)
>
> at
> org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
>
>
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
>
>
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
>
>
> at
> org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
>
>
> at
> org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
>
>
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
>
>
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
>
>
> at
> org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
>
>
> at
> org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
>
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
>
> at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
>
> at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
>
>
> at
> org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
>
> at
> org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
>
>
> at
> org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
>
>
> at
> org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386)
>
>
> at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561)
>
>
> at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502)
>
>
> at
> org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439)
>
>
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
>
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>
>
> at
> org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
>
>
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
>
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
>
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
>
>
> at
> org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.forwardRequestWithoutAuthorizationCheck(ResourceAuthorizationFilter.java:151)
>
>
> at
> org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.doFilter(ResourceAuthorizationFilter.java:113)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
>
>
> at
> org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
>
>
> at
> org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
>
>
> at
> org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
>
>
> at
> org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
>
>
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
>
> at
> org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
>
>
> at
> org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
>
>
> at
> org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
>
>
> at
> org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
>
>
> at
> org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
>
>
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
>
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>
>
> at
> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126)
>
>
> at
> org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64)
>
>
> at
> org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101)
>
>
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
>
> at
> org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119)
>
>
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
>
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>
>
> at
> org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
>
>
> at
> org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
>
>
> at
> org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
>
> at
> org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
>
>
> at
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>
>
> at
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
>
>
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
>
>
> at
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
>
>
> at
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
>
>
> at
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
>
> at
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
>
>
> at
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
>
>
> at
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>
>
> at
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
>
>
> at
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
>
>
> at org.eclipse.jetty.server.Server.handle(Server.java:516)
>
> at
> org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
>
>
> at
> org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
>
> at
> org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
>
> at
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
>
>
> at
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
>
>
> at
> org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
>
> at
> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
>
>
> at
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
>
> at
> org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
>
>
> at
> org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
>
> at
> org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
>
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
>
>
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
>
>
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
>
>
> at
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
>
>
> at
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
>
>
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
>
>
> at
> org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
>
>
> at java.lang.Thread.run(Thread.java:748)
>
>
>
>
>
> If we invoke the services ‘nifi pg-get-version’ and ‘nifi
> pg-get-all-versions’ of Nifi Toolkit, 'nifi get-version' correctly
> returns the status of a process group, but 'nifi pg-get-all-versions'
> give us the same error:
>
>
> ERROR: Error executing command 'pg-get-all-versions' : Error retrieving
> versions: Unable to obtain listing of versions for bucket with ID … and
> flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException:
> Error retrieving snapshot metadata: Unknown user with identity 'anonymous'.
> Contact the system administrator.
>
>
>
> org.apache.nifi.toolkit.cli.api.CommandException: Error executing command
> 'pg-get-all-versions' : Error retrieving versions: Unable to obtain listing
> of versions for bucket with ID … and flow with ID …:
> org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving
> snapshot metadata: Unknown user with identity 'anonymous'. Contact the
> system administrator.
>
> at
> org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:65)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.AbstractPropertyCommand.execute(AbstractPropertyCommand.java:74)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processCommand(CommandProcessor.java:252)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processGroupCommand(CommandProcessor.java:233)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.process(CommandProcessor.java:188)
>
>
> at
> org.apache.nifi.toolkit.cli.CLIMain.runSingleCommand(CLIMain.java:145)
>
> at org.apache.nifi.toolkit.cli.CLIMain.main(CLIMain.java:72)
>
> Caused by:
> org.apache.nifi.toolkit.cli.impl.client.nifi.NiFiClientException: Error
> retrieving versions: Unable to obtain listing of versions for bucket with
> ID … and flow with ID …:
> org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving
> snapshot metadata: Unknown user with identity 'anonymous'. Contact the
> system administrator.
>
> at
> org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:90)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.getVersions(JerseyFlowClient.java:175)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:72)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:38)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:63)
>
>
> ... 6 more
>
> Caused by: javax.ws.rs.ClientErrorException: HTTP 409 Conflict
>
> at
> org.glassfish.jersey.client.JerseyInvocation.createExceptionForFamily(JerseyInvocation.java:953)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:935)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
>
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
>
> at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
>
> at
> org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
>
>
> at
> org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.lambda$getVersions$4(JerseyFlowClient.java:182)
>
>
> at
> org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:76)
>
>
> ... 10 more
>
>
>
> The identity of the Cluster at some point is being lost and the Registry
> rejects the requests. In the upgrade of Development environment, which is
> a single node, we did not have this problem. In the QA environment, which
> is a cluster, we face it but after a while the connection was restored
> and it didn't happen again.
>
>
>
> Do you know any solution or configuration to help us deal with this?
>
>
>
> Thanks!
>
>
RE: Unknown user with identity 'anonymous'
Posted by "Sergio M." <si...@hotmail.com>.
Add some points:
1_ The Registry version we are using is 0.6.0 and is the only instance we have for all the environments and other infrastructures. Also we tested with 16.0 with the same result.
2_ We have configured the authentication to the Nifi Registry with SSL certificates. After the upgrade, we create new certificates to include the new node we added to the cluster. But even with these certificates or the older, the connection ends up failling.
3_ We have this configuration (Nifi 1.15.2 cluster with Nifi Registry 0.6.0) in other infrastructures and works correctly.
4_ In the UI of Nifi, versioned process groups are displayed with a question mark and the following error:
Failed to synchronize Process Group with Flow Registry: Error retrieving flow: Unknown user with identity 'anonymous'
Thanks!
Sergio
________________________________
De: Sergio M. <si...@hotmail.com>
Enviado: viernes, 6 de mayo de 2022 18:17
Para: users@nifi.apache.org <us...@nifi.apache.org>
Asunto: RV: Unknown user with identity 'anonymous'
Hi,
We had a two node Nifi cluster running version 1.11.4 which connects to the Nifi Registry. A few days ago we decided to upgrade Nifi to version 1.15.2 and add a new node to the cluster.
After the upgrade, the cluster starts up and connect to the Registry correctly, the Process Groups can get the version control state, but only for a few minutes. At some point the connection fails and the state of the Process Groups is lost. If we restart the cluster, the connection is restored but after a while it fails again
[cid:72cb7782-f318-43b1-9c4d-3a7dcf4a6410]
[cid:63a03873-c20b-476f-b9cf-5d56c74ddf56]
In the logs of Nifi we can see this error:
2022-04-13 09:00:16,857 ERROR [Timer-Driven Process Thread-69] o.a.nifi.groups.StandardProcessGroup Failed to synchronize StandardProcessGroup[identifier=,name=Test] with Flow Registry because could not determine the most recent version of the Flow in the Flow Registry
org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving flow: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:117)
at org.apache.nifi.registry.client.impl.JerseyFlowClient.get(JerseyFlowClient.java:87)
at org.apache.nifi.registry.flow.RestBasedFlowRegistry.getVersionedFlow(RestBasedFlowRegistry.java:286)
at org.apache.nifi.groups.StandardProcessGroup.synchronizeWithFlowRegistry(StandardProcessGroup.java:3782)
at org.apache.nifi.controller.FlowController$6.run(FlowController.java:972)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:910)
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
at org.apache.nifi.registry.client.impl.JerseyFlowClient.lambda$get$1(JerseyFlowClient.java:93)
at org.apache.nifi.registry.client.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:103)
... 11 common frames omitted
The Registry logs indicates that the request does not contain a Client certificate and gives the error ‘AccessDeniedException: Unknown user with identity 'anonymous'’. We configured new certificates after the upgrade, also we tried with the previous ones but in no case did it work.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using X509IdentityProvider
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.x.X509CertificateExtractor No client certificate found in request.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.IdentityFilter Attempting to extract user credentials using JwtIdentityProvider
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.BearerAuthIdentityProvider HTTP Bearer Auth credentials not present. Not attempting to extract credentials for authentication.
2022-05-06 12:44:43,932 TRACE [NiFi Registry Web Server-13] o.a.n.r.w.s.a.AnonymousIdentityFilter Set SecurityContextHolder to anonymous
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.s.a.ResourceAuthorizationFilter Request filter authorization check is not required for this HTTP Method on this resource. Allowing request to proceed. An additional authorization check might be performed downstream of this filter.
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.ProxyChainAuthorizable Requested resource is /buckets/b1865fed…
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.PublicCheckingAuthorizable Requested resource is /buckets/b1865fed…
2022-05-06 12:44:43,932 DEBUG [NiFi Registry Web Server-13] o.a.n.r.s.a.r.PublicCheckingAuthorizable Delegating to inheriting authorizable for /buckets/b1865fed…
2022-05-06 12:44:43,932 INFO [NiFi Registry Web Server-13] o.a.n.r.w.m.AccessDeniedExceptionMapper identity[anonymous], groups[none] does not have permission to access the requested resource. Unknown user with identity 'anonymous'. Returning Unauthorized response.
2022-05-06 12:44:43,933 DEBUG [NiFi Registry Web Server-13] o.a.n.r.w.m.AccessDeniedExceptionMapper
org.apache.nifi.registry.security.authorization.exception.AccessDeniedException: Unknown user with identity 'anonymous'.
at org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:285)
at org.apache.nifi.registry.security.authorization.resource.InheritingAuthorizable.authorize(InheritingAuthorizable.java:70)
at org.apache.nifi.registry.security.authorization.resource.PublicCheckingAuthorizable.authorize(PublicCheckingAuthorizable.java:105)
at org.apache.nifi.registry.security.authorization.resource.ProxyChainAuthorizable.authorize(ProxyChainAuthorizable.java:142)
at org.apache.nifi.registry.security.authorization.resource.Authorizable.authorize(Authorizable.java:298)
at org.apache.nifi.registry.service.AuthorizationService.authorize(AuthorizationService.java:110)
at org.apache.nifi.registry.web.service.StandardServiceFacade.authorizeBucketAccess(StandardServiceFacade.java:1094)
at org.apache.nifi.registry.web.service.StandardServiceFacade.getFlow(StandardServiceFacade.java:255)
at org.apache.nifi.registry.web.service.StandardServiceFacade$$FastClassBySpringCGLIB$$8b3bf0a8.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.apache.nifi.registry.web.service.StandardServiceFacade$$EnhancerBySpringCGLIB$$465ba499.getFlow(<generated>)
at org.apache.nifi.registry.web.api.BucketFlowResource.getFlow(BucketFlowResource.java:168)
at sun.reflect.GeneratedMethodAccessor81.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:176)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397)
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81)
at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:255)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:234)
at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:684)
at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
at org.glassfish.jersey.servlet.ServletContainer.serviceImpl(ServletContainer.java:386)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:561)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:502)
at org.glassfish.jersey.servlet.ServletContainer.doFilter(ServletContainer.java:439)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.forwardRequestWithoutAuthorizationCheck(ResourceAuthorizationFilter.java:151)
at org.apache.nifi.registry.web.security.authorization.ResourceAuthorizationFilter.doFilter(ResourceAuthorizationFilter.java:113)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:109)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.apache.nifi.registry.web.security.authentication.IdentityFilter.doFilter(IdentityFilter.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64)
at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193)
at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:146)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
at org.eclipse.jetty.server.Server.handle(Server.java:516)
at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:555)
at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:410)
at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:164)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:409)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034)
at java.lang.Thread.run(Thread.java:748)
If we invoke the services ‘nifi pg-get-version’ and ‘nifi pg-get-all-versions’ of Nifi Toolkit, 'nifi get-version' correctly returns the status of a process group, but 'nifi pg-get-all-versions' give us the same error:
ERROR: Error executing command 'pg-get-all-versions' : Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
org.apache.nifi.toolkit.cli.api.CommandException: Error executing command 'pg-get-all-versions' : Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:65)
at org.apache.nifi.toolkit.cli.impl.command.AbstractPropertyCommand.execute(AbstractPropertyCommand.java:74)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processCommand(CommandProcessor.java:252)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.processGroupCommand(CommandProcessor.java:233)
at org.apache.nifi.toolkit.cli.impl.command.CommandProcessor.process(CommandProcessor.java:188)
at org.apache.nifi.toolkit.cli.CLIMain.runSingleCommand(CLIMain.java:145)
at org.apache.nifi.toolkit.cli.CLIMain.main(CLIMain.java:72)
Caused by: org.apache.nifi.toolkit.cli.impl.client.nifi.NiFiClientException: Error retrieving versions: Unable to obtain listing of versions for bucket with ID … and flow with ID …: org.apache.nifi.registry.client.NiFiRegistryException: Error retrieving snapshot metadata: Unknown user with identity 'anonymous'. Contact the system administrator.
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:90)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.getVersions(JerseyFlowClient.java:175)
at org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:72)
at org.apache.nifi.toolkit.cli.impl.command.nifi.pg.PGGetAllVersions.doExecute(PGGetAllVersions.java:38)
at org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand.doExecute(AbstractNiFiCommand.java:63)
... 6 more
Caused by: javax.ws.rs.ClientErrorException: HTTP 409 Conflict
at org.glassfish.jersey.client.JerseyInvocation.createExceptionForFamily(JerseyInvocation.java:953)
at org.glassfish.jersey.client.JerseyInvocation.convertToException(JerseyInvocation.java:935)
at org.glassfish.jersey.client.JerseyInvocation.translate(JerseyInvocation.java:723)
at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:643)
at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:665)
at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:659)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:659)
at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:642)
at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:417)
at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:313)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.JerseyFlowClient.lambda$getVersions$4(JerseyFlowClient.java:182)
at org.apache.nifi.toolkit.cli.impl.client.nifi.impl.AbstractJerseyClient.executeAction(AbstractJerseyClient.java:76)
... 10 more
The identity of the Cluster at some point is being lost and the Registry rejects the requests. In the upgrade of Development environment, which is a single node, we did not have this problem. In the QA environment, which is a cluster, we face it but after a while the connection was restored and it didn't happen again.
Do you know any solution or configuration to help us deal with this?
Thanks!