Skip to content

RANGER-4563: Exclude transitive Jetty libraries from Ranger Maven modules#997

Draft
pradeepagrawal8184 wants to merge 2 commits into
masterfrom
RANGER-4563_master_jetty
Draft

RANGER-4563: Exclude transitive Jetty libraries from Ranger Maven modules#997
pradeepagrawal8184 wants to merge 2 commits into
masterfrom
RANGER-4563_master_jetty

Conversation

@pradeepagrawal8184

@pradeepagrawal8184 pradeepagrawal8184 commented Jun 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

What changes were proposed in this pull request?

  • Add org.eclipse.jetty and org.eclipse.jetty.http2 exclusions on Hadoop, Solr, Kafka, and related dependencies;
  • upgrade jetty-client 9.4.58 and declare it explicitly where SolrJ HTTP clients need it (Admin, audit-dest-solr).
  • Harden ranger-metrics with tomcat-embed-core;
  • refactor security-admin filter tests to avoid anonymous inner class load issues on incremental builds.

How was this patch tested?

  • Tested the packaged jars list and only jetty-client is being shipped.
  • Dependency tree is not showing any compile time dependency on any artifact of jetty group; except the jetty-client.
  • required jetty libraries have been scoped to test.

Note: Manual verification using docker is pending

mneethiraj
mneethiraj reviewed Jun 4, 2026
View reviewed changes
Comment thread agents-audit/core/pom.xml Outdated
Comment thread agents-audit/orc-util/pom.xml Outdated
Comment thread agents-audit/orc-util/pom.xml Outdated
Comment thread agents-audit/orc-util/pom.xml Outdated
@pradeepagrawal8184 pradeepagrawal8184 force-pushed the RANGER-4563_master_jetty branch from a9c9fd0 to 8f0f28a Compare June 4, 2026 20:28
@mneethiraj

mneethiraj commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

@pradeepagrawal8184 - updates overall look alright. It is critical to confirm that exclusions don't impact any functionality. I noticed following failure in Kafka plugin sending audits to audit server. Such issue might exist in other plugins as well. Please verify.

[2026-06-04 21:40:34,361] ERROR Failed to send audit batch of 2 events. Error: MessageBodyWriter not found for media type=application/json, type=class java.util.ArrayList, genericType=class java.util.ArrayList. (org.apache.ranger.audit.destination.RangerAuditServerDestination)
org.glassfish.jersey.message.internal.MessageBodyProviderNotFoundException: MessageBodyWriter not found for media type=application/json, type=class java.util.ArrayList, genericType=class java.util.ArrayList.
	at org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor.aroundWriteTo(WriterInterceptorExecutor.java:224)
	at org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:139)
	at org.glassfish.jersey.message.internal.MessageBodyFactory.writeTo(MessageBodyFactory.java:1116)
	at org.glassfish.jersey.client.ClientRequest.doWriteEntity(ClientRequest.java:461)
	at org.glassfish.jersey.client.ClientRequest.writeEntity(ClientRequest.java:443)
	at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:400)
	at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:273)
	at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:300)
	at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:662)
	at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697)
	at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:691)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
	at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691)
	at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:661)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:439)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.post(JerseyInvocation.java:345)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.postAuditEvents(RangerAuditServerDestination.java:279)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.lambda$sendBatch$0(RangerAuditServerDestination.java:206)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:439)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1953)
	at org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:553)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.sendBatch(RangerAuditServerDestination.java:204)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.logAsBatch(RangerAuditServerDestination.java:160)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.log(RangerAuditServerDestination.java:140)
	at org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:327)
	at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:236)
	at java.base/java.lang.Thread.run(Thread.java:840)

@pradeepagrawal8184

pradeepagrawal8184 commented Jun 5, 2026

Copy link
Copy Markdown
Contributor Author

@pradeepagrawal8184 - updates overall look alright. It is critical to confirm that exclusions don't impact any functionality. I noticed following failure in Kafka plugin sending audits to audit server. Such issue might exist in other plugins as well. Please verify.

[2026-06-04 21:40:34,361] ERROR Failed to send audit batch of 2 events. Error: MessageBodyWriter not found for media type=application/json, type=class java.util.ArrayList, genericType=class java.util.ArrayList. (org.apache.ranger.audit.destination.RangerAuditServerDestination)
org.glassfish.jersey.message.internal.MessageBodyProviderNotFoundException: MessageBodyWriter not found for media type=application/json, type=class java.util.ArrayList, genericType=class java.util.ArrayList.
	at org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor.aroundWriteTo(WriterInterceptorExecutor.java:224)
	at org.glassfish.jersey.message.internal.WriterInterceptorExecutor.proceed(WriterInterceptorExecutor.java:139)
	at org.glassfish.jersey.message.internal.MessageBodyFactory.writeTo(MessageBodyFactory.java:1116)
	at org.glassfish.jersey.client.ClientRequest.doWriteEntity(ClientRequest.java:461)
	at org.glassfish.jersey.client.ClientRequest.writeEntity(ClientRequest.java:443)
	at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:400)
	at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:273)
	at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:300)
	at org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$0(JerseyInvocation.java:662)
	at org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697)
	at org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:691)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
	at org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691)
	at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:661)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:439)
	at org.glassfish.jersey.client.JerseyInvocation$Builder.post(JerseyInvocation.java:345)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.postAuditEvents(RangerAuditServerDestination.java:279)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.lambda$sendBatch$0(RangerAuditServerDestination.java:206)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:439)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1953)
	at org.apache.ranger.audit.provider.MiscUtil.executePrivilegedAction(MiscUtil.java:553)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.sendBatch(RangerAuditServerDestination.java:204)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.logAsBatch(RangerAuditServerDestination.java:160)
	at org.apache.ranger.audit.destination.RangerAuditServerDestination.log(RangerAuditServerDestination.java:140)
	at org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:327)
	at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:236)
	at java.base/java.lang.Thread.run(Thread.java:840)

Yes, docker testing is pending.

pradeepagrawal8184 and others added 2 commits June 15, 2026 07:04
@pradeepagrawal8184
RANGER-4563: Exclude transitive Jetty libraries from Ranger Maven mod…
4db9cc9 
…ules
@pradeepagrawal8184 @cursoragent
Enable Docker plugin audit-to-Solr validation on master
8fd03e6 
Fix plugin assemblies to ship ranger-audit and Solr client jars, enable Solr
audit in Docker install properties with spool dirs for HDFS/Kafka/Hive/HBase,
and add e2e scripts to verify audits land in the ranger_audits Solr core.

Co-authored-by: Cursor <cursoragent@cursor.com>
@pradeepagrawal8184 pradeepagrawal8184 force-pushed the RANGER-4563_master_jetty branch from 8f0f28a to 8fd03e6 Compare June 15, 2026 01:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ramackri ramackri Awaiting requested review from ramackri

@mneethiraj mneethiraj Awaiting requested review from mneethiraj

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pradeepagrawal8184 @mneethiraj