Re: [PR] RANGER-5486: Exclude hadoop-client-api*.jar in ranger war file to avo… [ranger]

Mon, 09 Feb 2026 15:50:06 -0800 


Copilot commented on code in PR #844:
URL: https://github.com/apache/ranger/pull/844#discussion_r2785093076


##########
security-admin/pom.xml:
##########
@@ -896,7 +902,8 @@
                             <packagingExcludes>WEB-INF/lib/spring-*.SEC03.jar,
                                 WEB-INF/lib/spring-*.RC3.jar,
                                 WEB-INF/lib/spring-2.*.jar,
-                                WEB-INF/lib/jetty-*.jar</packagingExcludes>
+                                WEB-INF/lib/jetty-*.jar,
+                                
WEB-INF/lib/hadoop-client-api-*.jar</packagingExcludes>

Review Comment:
   `packagingExcludes` is configured only for the `default-war` execution. If 
Docker/startup uses the exploded webapp produced by the `prepare` execution, 
the excluded JAR can still be present there unless the exclusion is also 
applied to the `exploded` goal. Consider applying the same exclude pattern at 
plugin-level (so it affects both executions) or duplicating it in the `prepare` 
execution config to keep the exploded directory and WAR consistent.



##########
security-admin/pom.xml:
##########
@@ -896,7 +902,8 @@
                             <packagingExcludes>WEB-INF/lib/spring-*.SEC03.jar,
                                 WEB-INF/lib/spring-*.RC3.jar,
                                 WEB-INF/lib/spring-2.*.jar,
-                                WEB-INF/lib/jetty-*.jar</packagingExcludes>
+                                WEB-INF/lib/jetty-*.jar,
+                                
WEB-INF/lib/hadoop-client-api-*.jar</packagingExcludes>

Review Comment:
   The PR description still contains the template text and doesn’t document 
what changed or how it was tested. Please update the PR description (especially 
the testing section) so reviewers/release managers can assess the impact of 
changing WAR contents/dependency resolution.



##########
security-admin/pom.xml:
##########
@@ -529,6 +529,12 @@
             <groupId>org.apache.ranger</groupId>
             <artifactId>ranger-metrics</artifactId>
             <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.apache.hadoop</groupId>
+                    <artifactId>hadoop-client-api</artifactId>
+                </exclusion>
+            </exclusions>

Review Comment:
   The new dependency-level exclusion of `org.apache.hadoop:hadoop-client-api` 
removes this artifact from the security-admin dependency graph, which can have 
broader effects than just the WAR contents. Since the goal appears to be 
excluding the JAR from the built webapp (WAR/exploded), consider instead moving 
this exclusion into the `maven-war-plugin` configuration used by the `exploded` 
(prepare) execution (or a shared plugin-level `packagingExcludes`) so the 
dependency graph stays unchanged while both outputs exclude the jar 
consistently.
   ```suggestion
   
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to