Support Questions

Find answers, ask questions, and share your expertise

ERROR "An exception with message [Not authorized] was thrown while processing request." on Streams Messaging Manager SMM on CDP

avatar
Explorer

Hi folks

  

We installed Streams Messaging Manager (SMM) on CDP 7.1.4, and when access de UI we received this error:

"An exception with message [Not authorized] was thrown while processing request."

 

We checked ranger privilegies, but we believe that some privilege is necessary.

 

thanks for help.

 

Eduardo

1 ACCEPTED SOLUTION

avatar
Explorer

Hi @Bender 

 

Correct, our cluster is not kerberized  yet.

 

Is it possible connect SMM without kerberos?

 

thanks

Eduardo

View solution in original post

4 REPLIES 4

avatar
Master Guru

@Eduardohahn I would suggest to check the and verify that "Authentication.provider.url" in configuration  is accurate.

Then see if you this is accessible via Knox or without it. Based on that you can paste the logs here and get some help. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

Hi @GangWar 

 

I dont see this "Authentication.provider.url" in SMM configuration screen.

 

Here the log when I try access SMM:

Eduardohahn_0-1624987769728.png

 

2021-06-29 14:26:48,694 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting Roles; service not found. secureMode=false, user=streamsmsgmgr (auth:SIMPLE), response=404, serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}, lastKnownRoleVersion=-1, lastActivationTimeInMillis=0
2021-06-29 14:26:48,694 ERROR org.apache.ranger.plugin.util.RangerRolesProvider: RangerRolesProvider(serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}): failed to find service. Will clean up local cache of roles (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: {{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getRolesIfUpdated(RangerAdminRESTClient.java:273)
at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRolesFromAdmin(RangerRolesProvider.java:183)
at org.apache.ranger.plugin.util.RangerRolesProvider.loadUserGroupRoles(RangerRolesProvider.java:123)
at org.apache.ranger.plugin.util.PolicyRefresher.loadRoles(PolicyRefresher.java:493)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:207)
2021-06-29 14:26:48,696 ERROR org.apache.ranger.admin.client.RangerAdminRESTClient: Error getting policies; service not found. secureMode=false, user=streamsmsgmgr (auth:SIMPLE), response=404, serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}, lastKnownVersion=-1, lastActivationTimeInMillis=0
2021-06-29 14:26:48,696 ERROR org.apache.ranger.plugin.util.PolicyRefresher: PolicyRefresher(serviceName={{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}): failed to find service. Will clean up local cache of policies (-1)
org.apache.ranger.plugin.util.RangerServiceNotFoundException: {{SANITIZED_RANGER_KAFKA_SERVICE_NAME}}
at org.apache.ranger.plugin.util.RangerServiceNotFoundException.throwExceptionIfServiceNotFound(RangerServiceNotFoundException.java:35)
at org.apache.ranger.admin.client.RangerAdminRESTClient.getServicePoliciesIfUpdated(RangerAdminRESTClient.java:191)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicyfromPolicyAdmin(PolicyRefresher.java:306)
at org.apache.ranger.plugin.util.PolicyRefresher.loadPolicy(PolicyRefresher.java:246)
at org.apache.ranger.plugin.util.PolicyRefresher.run(PolicyRefresher.java:208)
2021-06-29 14:26:52,256 INFO com.hortonworks.smm.kafka.services.metric.cache.MetricsCache: TimePeriod : LAST_SIX_HOURS, BrokerId : 1546333277 fetched 5 descriptors with 723 metric points
2021-06-29 14:26:52,349 DEBUG com.hortonworks.smm.kafka.webservice.common.SMMGenericExceptionMapper: Exception translation: ex.class: class com.hortonworks.smm.kafka.services.security.AuthorizationException, ex: com.hortonworks.smm.kafka.services.security.AuthorizationException: Not authorized, stacktrace: com.hortonworks.smm.kafka.services.security.AuthorizationException: Not authorized
at com.hortonworks.smm.kafka.services.security.auth.SMMSecurityContextRequestFilter.filter(SMMSecurityContextRequestFilter.java:53)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132)
at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68)
at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197)
at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
at org.glassfish.jersey.internal.Errors.process(Errors.java:267)

 

Thanks for your attention

Eduardo

avatar
Moderator

Hello @Eduardohahn ,

 

based on the exception, SMM is configured to use Ranger for authorization, but SMM cannot communicate with Ranger (404 exception). Is your cluster kerberized already? Without kerberos, it is expected to fail.

The exception shows "auth:SIMPLE", which suggests to me that the cluster is not kerberized.

 

Kind regards:

Ferenc


Ferenc Erdelyi, Technical Solutions Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

avatar
Explorer

Hi @Bender 

 

Correct, our cluster is not kerberized  yet.

 

Is it possible connect SMM without kerberos?

 

thanks

Eduardo