This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch ranger-2.8
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.8 by this push:
new adfcb883b RANGER-5451: Docker setup update to configure Ranger
authorization in Solr (#810)
adfcb883b is described below
commit adfcb883b5259274b37092d38c5f13bfab34ccef
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Tue Jan 20 20:42:21 2026 -0800
RANGER-5451: Docker setup update to configure Ranger authorization in Solr
(#810)
(cherry picked from commit 579e2cbfa01b712d6543548645b6989523940e82)
---
.github/workflows/ci.yml | 1 +
dev-support/ranger-docker/.dockerignore | 1 +
dev-support/ranger-docker/.env | 1 +
dev-support/ranger-docker/Dockerfile.ranger-solr | 17 +++-
.../ranger-docker/docker-compose.ranger.yml | 1 +
.../scripts/admin/create-ranger-services.py | 11 ++-
.../ranger-docker/scripts/kdc/entrypoint.sh | 1 +
.../ranger-docker/scripts/solr/core-site.xml | 7 ++
.../solr/ranger-solr-plugin-install.properties | 92 ++++++++++++++++++++++
.../ranger-docker/scripts/solr/ranger-solr.sh | 25 +++---
.../ranger-docker/scripts/solr/solr-jaas.conf | 4 +-
.../ranger-docker/scripts/solr/solr-security.json | 3 +
distro/src/main/assembly/plugin-solr.xml | 1 +
plugin-solr/conf/ranger-solr-audit-changes.cfg | 12 ++-
plugin-solr/conf/ranger-solr-security-changes.cfg | 5 +-
.../solr/authorizer/RangerSolrAuditHandler.java | 8 +-
16 files changed, 169 insertions(+), 21 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 499cbda61..7f98bdaf4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -119,6 +119,7 @@ jobs:
mv ranger-*-usersync.tar.gz dev-support/ranger-docker/dist
mv ranger-*-tagsync.tar.gz dev-support/ranger-docker/dist
mv ranger-*-kms.tar.gz dev-support/ranger-docker/dist
+ mv ranger-*-solr-plugin.tar.gz dev-support/ranger-docker/dist
mv version dev-support/ranger-docker/dist
rm -f ranger-*.tar.gz # clean up workspace
diff --git a/dev-support/ranger-docker/.dockerignore
b/dev-support/ranger-docker/.dockerignore
index 1125a66ff..8453ea111 100644
--- a/dev-support/ranger-docker/.dockerignore
+++ b/dev-support/ranger-docker/.dockerignore
@@ -13,5 +13,6 @@
!dist/ranger-*-knox-plugin.tar.gz
!dist/ranger-*-trino-plugin.tar.gz
!dist/ranger-*-ozone-plugin.tar.gz
+!dist/ranger-*-solr-plugin.tar.gz
!downloads/*
!scripts/*
diff --git a/dev-support/ranger-docker/.env b/dev-support/ranger-docker/.env
index 7d95aa161..2bdab3d9a 100644
--- a/dev-support/ranger-docker/.env
+++ b/dev-support/ranger-docker/.env
@@ -56,6 +56,7 @@ HBASE_PLUGIN_VERSION=2.8.0-SNAPSHOT
KAFKA_PLUGIN_VERSION=2.8.0-SNAPSHOT
KNOX_PLUGIN_VERSION=2.8.0-SNAPSHOT
OZONE_PLUGIN_VERSION=2.8.0-SNAPSHOT
+SOLR_PLUGIN_VERSION=2.8.0-SNAPSHOT
# To enable debug logs
DEBUG_ADMIN=false
diff --git a/dev-support/ranger-docker/Dockerfile.ranger-solr
b/dev-support/ranger-docker/Dockerfile.ranger-solr
index bab7cc48f..b85c52fc9 100644
--- a/dev-support/ranger-docker/Dockerfile.ranger-solr
+++ b/dev-support/ranger-docker/Dockerfile.ranger-solr
@@ -17,13 +17,15 @@
ARG SOLR_VERSION
FROM solr:${SOLR_VERSION}
+ARG SOLR_PLUGIN_VERSION
+
VOLUME /etc/keytabs
-# Copy audit config set
USER 0
RUN apt update && DEBIAN_FRONTEND="noninteractive" apt-get install -y krb5-user
+# Copy audit config set
RUN mkdir -p /opt/solr/server/solr/configsets/ranger_audits/conf
/home/ranger/scripts
COPY ./scripts/solr/solr-ranger_audits/*
/opt/solr/server/solr/configsets/ranger_audits/conf/
@@ -37,5 +39,18 @@ COPY ./scripts/kdc/krb5.conf /etc/krb5.conf
RUN chown -R solr:solr /opt/solr/server/solr/configsets/ranger_audits/
RUN chmod +x /home/ranger/scripts/ranger-solr.sh
/home/ranger/scripts/wait_for_keytab.sh
/home/ranger/scripts/wait_for_testusers_keytab.sh
+# Copy Ranger plugin
+RUN mkdir -p /opt/ranger /home/ranger/dist /home/ranger/scripts
+
+COPY ./dist/ranger-${SOLR_PLUGIN_VERSION}-solr-plugin.tar.gz /home/ranger/dist/
+COPY ./scripts/solr/core-site.xml
/home/ranger/scripts/
+COPY ./scripts/solr/ranger-solr-plugin-install.properties
/home/ranger/scripts/
+
+RUN tar xvfz
/home/ranger/dist/ranger-${SOLR_PLUGIN_VERSION}-solr-plugin.tar.gz
--directory=/opt/ranger && \
+ ln -s /opt/ranger/ranger-${SOLR_PLUGIN_VERSION}-solr-plugin
/opt/ranger/ranger-solr-plugin && \
+ rm -f /home/ranger/dist/ranger-${SOLR_PLUGIN_VERSION}-solr-plugin.tar.gz
&& \
+ cp -f /home/ranger/scripts/ranger-solr-plugin-install.properties
/opt/ranger/ranger-solr-plugin/install.properties && \
+ chown -R solr:solr /opt/ranger
+
ENTRYPOINT [ "/home/ranger/scripts/ranger-solr.sh" ]
CMD ["solr-foreground"]
diff --git a/dev-support/ranger-docker/docker-compose.ranger.yml
b/dev-support/ranger-docker/docker-compose.ranger.yml
index 5f86c00ca..359a94b5d 100644
--- a/dev-support/ranger-docker/docker-compose.ranger.yml
+++ b/dev-support/ranger-docker/docker-compose.ranger.yml
@@ -98,6 +98,7 @@ services:
dockerfile: Dockerfile.ranger-solr
args:
- SOLR_VERSION=${SOLR_VERSION}
+ - SOLR_PLUGIN_VERSION=${SOLR_PLUGIN_VERSION}
- KERBEROS_ENABLED=${KERBEROS_ENABLED}
image: ranger-solr
container_name: ranger-solr
diff --git a/dev-support/ranger-docker/scripts/admin/create-ranger-services.py
b/dev-support/ranger-docker/scripts/admin/create-ranger-services.py
index 28ea03429..920a87310 100644
--- a/dev-support/ranger-docker/scripts/admin/create-ranger-services.py
+++ b/dev-support/ranger-docker/scripts/admin/create-ranger-services.py
@@ -111,7 +111,16 @@ def service_not_exists(service):
'userstore.download.auth.users': 'ozone',
'ranger.plugin.ozone.policy.refresh.synchronous':'true'}})
-services = [hdfs, yarn, hive, hbase, kafka, knox, kms, trino, ozone]
+solr = RangerService({'name': 'dev_solr', 'type': 'solr',
+ 'configs': {'username': 'solr', 'password':
'rangerR0cks!',
+ 'solr.url':
'http://ranger-solr.rangernw:8983',
+ 'policy.download.auth.users': 'solr',
+ 'tag.download.auth.users': 'solr',
+ 'userstore.download.auth.users': 'solr',
+ 'ranger.plugin.super.users': 'solr',
+
'ranger.plugin.solr.policy.refresh.synchronous':'true'}})
+
+services = [hdfs, yarn, hive, hbase, kafka, knox, kms, trino, ozone, solr]
for service in services:
try:
if service_not_exists(service):
diff --git a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
index b0ad1277a..b8a5c0223 100644
--- a/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
+++ b/dev-support/ranger-docker/scripts/kdc/entrypoint.sh
@@ -97,6 +97,7 @@ function create_keytabs() {
create_principal_and_keytab knox ranger-knox
+ create_principal_and_keytab solr ranger-solr
create_principal_and_keytab HTTP ranger-solr
create_principal_and_keytab zookeeper ranger-zk
diff --git a/dev-support/ranger-docker/scripts/solr/core-site.xml
b/dev-support/ranger-docker/scripts/solr/core-site.xml
new file mode 100644
index 000000000..5ff5054e2
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/solr/core-site.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <property>
+ <name>hadoop.security.authentication</name>
+ <value>kerberos</value>
+ </property>
+</configuration>
diff --git
a/dev-support/ranger-docker/scripts/solr/ranger-solr-plugin-install.properties
b/dev-support/ranger-docker/scripts/solr/ranger-solr-plugin-install.properties
new file mode 100644
index 000000000..0ab938264
--- /dev/null
+++
b/dev-support/ranger-docker/scripts/solr/ranger-solr-plugin-install.properties
@@ -0,0 +1,92 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+POLICY_MGR_URL=http://ranger:6080
+REPOSITORY_NAME=dev_solr
+COMPONENT_INSTALL_DIR_NAME=/opt/solr/server
+UGI_INITIALIZE=true
+UGI_LOGIN_TYPE=jaas
+UGI_JAAS_APPCONFIG=Client
+
+XAAUDIT.SOLR.IS_ENABLED=true
+XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
+XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
+XAAUDIT.SOLR.SOLR_URL=http://ranger-solr:8983/solr/ranger_audits
+
+# Following properties are needed to get past installation script! Please
don't remove
+XAAUDIT.HDFS.IS_ENABLED=false
+XAAUDIT.HDFS.DESTINATION_DIRECTORY=/ranger/audit
+XAAUDIT.HDFS.DESTINTATION_FILE=solr
+XAAUDIT.HDFS.DESTINTATION_FLUSH_INTERVAL_SECONDS=900
+XAAUDIT.HDFS.DESTINTATION_ROLLOVER_INTERVAL_SECONDS=86400
+XAAUDIT.HDFS.DESTINTATION_OPEN_RETRY_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_DIRECTORY=/var/log/solr/audit
+XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY=/var/log/solr/audit/archive
+XAAUDIT.HDFS.LOCAL_BUFFER_FILE=%time:yyyyMMdd-HHmm.ss%.log
+XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
+XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
+XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
+
+XAAUDIT.SOLR.ENABLE=true
+XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits
+XAAUDIT.SOLR.USER=NONE
+XAAUDIT.SOLR.PASSWORD=NONE
+XAAUDIT.SOLR.ZOOKEEPER=NONE
+XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool
+XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=true
+
+XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule
+XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required
+XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true
+XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true
+XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=true
+XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=solr
+XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/etc/keytabs/solr.keytab
+XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=solr/[email protected]
+
+XAAUDIT.ELASTICSEARCH.ENABLE=false
+XAAUDIT.ELASTICSEARCH.URL=NONE
+XAAUDIT.ELASTICSEARCH.USER=NONE
+XAAUDIT.ELASTICSEARCH.PASSWORD=NONE
+XAAUDIT.ELASTICSEARCH.INDEX=NONE
+XAAUDIT.ELASTICSEARCH.PORT=NONE
+XAAUDIT.ELASTICSEARCH.PROTOCOL=NONE
+
+XAAUDIT.HDFS.ENABLE=true
+XAAUDIT.HDFS.HDFS_DIR=hdfs://ranger-hadoop:9000/ranger/audit
+XAAUDIT.HDFS.FILE_SPOOL_DIR=/var/log/solr/audit/hdfs/spool
+
+XAAUDIT.HDFS.AZURE_ACCOUNTNAME=__REPLACE_AZURE_ACCOUNT_NAME
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY=__REPLACE_AZURE_ACCOUNT_KEY
+XAAUDIT.HDFS.AZURE_SHELL_KEY_PROVIDER=__REPLACE_AZURE_SHELL_KEY_PROVIDER
+XAAUDIT.HDFS.AZURE_ACCOUNTKEY_PROVIDER=__REPLACE_AZURE_ACCOUNT_KEY_PROVIDER
+
+XAAUDIT.LOG4J.ENABLE=false
+XAAUDIT.LOG4J.IS_ASYNC=false
+XAAUDIT.LOG4J.ASYNC.MAX.QUEUE.SIZE=10240
+XAAUDIT.LOG4J.ASYNC.MAX.FLUSH.INTERVAL.MS=30000
+XAAUDIT.LOG4J.DESTINATION.LOG4J=false
+XAAUDIT.LOG4J.DESTINATION.LOG4J.LOGGER=xaaudit
+
+XAAUDIT.AMAZON_CLOUDWATCH.ENABLE=false
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_GROUP=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.LOG_STREAM_PREFIX=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.FILE_SPOOL_DIR=NONE
+XAAUDIT.AMAZON_CLOUDWATCH.REGION=NONE
+
+SSL_KEYSTORE_FILE_PATH=/etc/solr/conf/ranger-plugin-keystore.jks
+SSL_KEYSTORE_PASSWORD=myKeyFilePassword
+SSL_TRUSTSTORE_FILE_PATH=/etc/solr/conf/ranger-plugin-truststore.jks
+SSL_TRUSTSTORE_PASSWORD=changeit
diff --git a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
index caf1a92be..a4ad4f21f 100755
--- a/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
+++ b/dev-support/ranger-docker/scripts/solr/ranger-solr.sh
@@ -18,19 +18,12 @@
SOLR_INSTALL_DIR=/opt/solr
-if [ ! -e ${SOLR_INSTALL_DIR}/.setupDone ]
-then
- if [ "${KERBEROS_ENABLED}" == "true" ]
- then
- ${RANGER_SCRIPTS}/wait_for_keytab.sh HTTP.keytab
- ${RANGER_SCRIPTS}/wait_for_testusers_keytab.sh
- fi
-
- touch "${SOLR_INSTALL_DIR}"/.setupDone
-fi
-
if [ "${KERBEROS_ENABLED}" == "true" ]
then
+ /home/ranger/scripts/wait_for_keytab.sh HTTP.keytab
+ /home/ranger/scripts/wait_for_keytab.sh solr.keytab
+ /home/ranger/scripts/wait_for_testusers_keytab.sh
+
JAAS_CONFIG="-Djava.security.auth.login.config=/opt/solr/server/etc/jaas.conf"
JAAS_APPNAME="-Dsolr.kerberos.jaas.appname=Client"
KRB5_CONF="-Djava.security.krb5.conf=/etc/krb5.conf"
@@ -45,4 +38,14 @@ DEFAULT"
export SOLR_AUTHENTICATION_OPTS="${JAAS_CONFIG} ${JAAS_APPNAME} ${KRB5_CONF}
${KERBEROS_KEYTAB} ${KERBEROS_PRINCIPAL} ${COOKIE_DOMAIN}
${KERBEROS_NAME_RULES}"
fi
+if [ ! -e ${SOLR_INSTALL_DIR}/.setupDone ]
+then
+ cd /opt/ranger/ranger-solr-plugin
+ ./enable-solr-plugin.sh
+
+ cp /home/ranger/scripts/core-site.xml /opt/solr/server/resources/
+
+ touch "${SOLR_INSTALL_DIR}"/.setupDone
+fi
+
su -p -c "export PATH=${PATH} && /opt/docker-solr/scripts/docker-entrypoint.sh
$*" solr
diff --git a/dev-support/ranger-docker/scripts/solr/solr-jaas.conf
b/dev-support/ranger-docker/scripts/solr/solr-jaas.conf
index 63cd0b4bf..586230b5e 100644
--- a/dev-support/ranger-docker/scripts/solr/solr-jaas.conf
+++ b/dev-support/ranger-docker/scripts/solr/solr-jaas.conf
@@ -19,9 +19,9 @@ SolrServer {
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
- keyTab="/etc/keytabs/HTTP.keytab"
+ keyTab="/etc/keytabs/solr.keytab"
storeKey=true
useTicketCache=false
- principal="HTTP/[email protected]";
+ principal="solr/[email protected]";
};
diff --git a/dev-support/ranger-docker/scripts/solr/solr-security.json
b/dev-support/ranger-docker/scripts/solr/solr-security.json
index 4095809c5..6cf993156 100644
--- a/dev-support/ranger-docker/scripts/solr/solr-security.json
+++ b/dev-support/ranger-docker/scripts/solr/solr-security.json
@@ -7,5 +7,8 @@
"kerberos.cookie.domain": "ranger-solr",
"cookie.domain": "ranger-solr",
"token.valid": 3600
+ },
+ "authorization": {
+ "class":
"org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer"
}
}
diff --git a/distro/src/main/assembly/plugin-solr.xml
b/distro/src/main/assembly/plugin-solr.xml
index 27cd5e597..80999df0a 100644
--- a/distro/src/main/assembly/plugin-solr.xml
+++ b/distro/src/main/assembly/plugin-solr.xml
@@ -78,6 +78,7 @@
<include>org.apache.orc:orc-core:jar:${orc.version}</include>
<include>org.apache.orc:orc-shims:jar:${orc.version}</include>
<include>io.airlift:aircompressor:jar:${aircompressor.version}</include>
+
<include>org.apache.hadoop.thirdparty:hadoop-shaded-guava:jar:${hadoop-shaded-guava.version}</include>
</includes>
</binaries>
</moduleSet>
diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg
b/plugin-solr/conf/ranger-solr-audit-changes.cfg
index c40512f9d..651372d3e 100644
--- a/plugin-solr/conf/ranger-solr-audit-changes.cfg
+++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg
@@ -26,13 +26,19 @@
xasecure.audit.hdfs.config.local.buffer.rollover.interval.seconds %XAAUDIT.HDFS
xasecure.audit.hdfs.config.local.archive.directory
%XAAUDIT.HDFS.LOCAL_ARCHIVE_DIRECTORY% mod create-if-not-exists
xasecure.audit.hdfs.config.local.archive.max.file.count
%XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT% mod create-if-not-exists
+#xasecure.audit.kafka.is.enabled
%XAAUDIT.KAFKA.IS_ENABLED% mod create-if-not-exists
+#xasecure.audit.kafka.is.async
%XAAUDIT.KAFKA.IS_ASYNC% mod create-if-not-exists
+#xasecure.audit.kafka.async.max.queue.size
%XAAUDIT.KAFKA.MAX_QUEUE_SIZE% mod create-if-not-exists
+#xasecure.audit.kafka.async.max.flush.interval.ms
%XAAUDIT.KAFKA.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists
+#xasecure.audit.kafka.broker_list
%XAAUDIT.KAFKA.BROKER_LIST% mod create-if-not-exists
+#xasecure.audit.kafka.topic_name
%XAAUDIT.KAFKA.TOPIC_NAME% mod create-if-not-exists
+
xasecure.audit.solr.is.enabled
%XAAUDIT.SOLR.IS_ENABLED% mod create-if-not-exists
+xasecure.audit.solr.async.max.queue.size
%XAAUDIT.SOLR.MAX_QUEUE_SIZE% mod create-if-not-exists
+xasecure.audit.solr.async.max.flush.interval.ms
%XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS% mod create-if-not-exists
xasecure.audit.solr.solr_url
%XAAUDIT.SOLR.SOLR_URL% mod create-if-not-exists
-
#V3 configuration
-xasecure.audit.provider.summary.enabled
%XAAUDIT.SUMMARY.ENABLE% mod create-if-not-exists
-
xasecure.audit.destination.solr
%XAAUDIT.SOLR.ENABLE% mod create-if-not-exists
xasecure.audit.destination.solr.urls
%XAAUDIT.SOLR.URL% mod create-if-not-exists
xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod
create-if-not-exists
diff --git a/plugin-solr/conf/ranger-solr-security-changes.cfg
b/plugin-solr/conf/ranger-solr-security-changes.cfg
index a0622cdab..a217f4f1d 100644
--- a/plugin-solr/conf/ranger-solr-security-changes.cfg
+++ b/plugin-solr/conf/ranger-solr-security-changes.cfg
@@ -25,4 +25,7 @@ ranger.plugin.solr.policy.rest.ssl.config.file
%COMPONENT_INSTALL_DIR_NAME%/r
ranger.plugin.solr.policy.pollIntervalMs 30000
mod create-if-not-exists
ranger.plugin.solr.policy.cache.dir %POLICY_CACHE_FILE_PATH%
mod create-if-not-exists
ranger.plugin.solr.policy.rest.client.connection.timeoutMs 120000
mod create-if-not-exists
-ranger.plugin.solr.policy.rest.client.read.timeoutMs 30000
mod create-if-not-exists
\ No newline at end of file
+ranger.plugin.solr.policy.rest.client.read.timeoutMs 30000
mod create-if-not-exists
+ranger.plugin.solr.ugi.initialize %UGI_INITIALIZE% mod
create-if-not-exists
+ranger.plugin.solr.ugi.login.type %UGI_LOGIN_TYPE% mod
create-if-not-exists
+ranger.plugin.solr.ugi.jaas.appconfig %UGI_JAAS_APPCONFIG% mod
create-if-not-exists
diff --git
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
index a8f733fe6..5a9d4ffc9 100644
---
a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
+++
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java
@@ -50,8 +50,12 @@ public void processResult(RangerAccessResult result) {
if (!isAuditingNeeded(result)) {
return;
}
- auditEvent = super.getAuthzEvents(result);
- super.logAuthzAudit(auditEvent);
+
+ auditEvent = super.getAuthzEvents(result);
+
+ if (auditEvent != null) {
+ super.logAuthzAudit(auditEvent);
+ }
}
private boolean isAuditingNeeded(final RangerAccessResult result) {
