Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Apache Nifi Rest Api Authorization

Labels:
avatar
author-rank plapla
Contributor

Created ‎02-21-2024 02:00 AM

I want to stop a processor on the same machine  with restApi but I get an authorization error when I call the rest api.I can solve this problem with bearer token, but since the token has expired, I need to change the bearer  token manually again.Is there a way I can authorize automatically?

  • I am using the executeScript processor when calling the API.Script engine is Groovy.
  • My Nifi version 1.23.2 and Nifi is secure  and not clustered.I login with ldap on UI.

 

plapla_0-1708509284146.png

This is the part where I call the API in the script:

def post = new URL(NifiBaseUrl.value + NifiComponentId.value).openConnection();
post.setSSLSocketFactory(sslContext.getSocketFactory())
post.setRequestMethod("PUT")
post.setDoOutput(true)
post.setRequestProperty("Content-Type", "application/json")
post.getOutputStream().write(content.getBytes("UTF-8"));
post.getResponseCode()

 

Error:

java.io.IOException: Server returned HTTP response code: 401 for URL

5,506 Views
1 ACCEPTED SOLUTION

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎02-26-2024 07:32 AM

@plapla 

What you have encountered is not an error.  NiFi is telling you that the client/user Identity derived from the clientAuth certificate in your keystore is not authorized for them mentioned NiFi authorization policy that is needed for the specific rest call being made.

You'll need to authorize client/user for "execute code" restricted components policy:
NiFi UI --> global menu --> policies --> access restricted components --> execute code

If you found any of the suggestions/solutions provided helped you with your issue, please take a moment to login and click "Accept as Solution" on one or more of them that helped.

Thank you,
Matt

View solution in original post

5,359 Views
0 Kudos
11 REPLIES 11

avatar
author-rank MattWho author-rank
Master Mentor

Created ‎09-05-2024 07:55 AM

@Salmidin 

Please create a new community question with the details of your issue. It seem unrelated to this thread issue.  The "Policies" missing from the global menu indicates your NiFi is either using Single User Authorizer (default out of box) or is not setup to be secure.

MattWho_0-1725548057809.png

NiFi needs to be configured with a production ready authorizer for the "Polices" and "Users" options to be visible in the NiFi Global menu.

Fell free to ping me @MattWho in your new community question.

Thanks,
Matt

261 Views
0 Kudos

avatar
author-rank plapla
Contributor

Created ‎02-26-2024 10:29 PM

@MattWho 

I create a user with certificate DN.As you said, I gave this user "execute code" permission.This way the problem is solved.

The problem was not solved without creating a user

2,526 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements