[jira] [Created] (NIFI-12765) Nifi and nifi registry ranger audit is broken

Fri, 09 Feb 2024 08:30:07 -0800 

Zoltán Kornél Török created NIFI-12765:
------------------------------------------

             Summary: Nifi and nifi registry ranger audit is broken
                 Key: NIFI-12765
                 URL: https://issues.apache.org/jira/browse/NIFI-12765
             Project: Apache NiFi
          Issue Type: Bug
    Affects Versions: 2.0.0-M2, 2.0.0
            Reporter: Zoltán Kornél Török
            Assignee: Zoltán Kornél Török


h3. Bug description

Currently ranger plugins are not reporting audit events into ranger.
h2. Investigation

In the nifi log I found the following ("classic") NoClassDefFoundError:
{code:java}
ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect 
to Solr server. 
ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError:
 org/eclipse/jetty/client/util/SPNEGOAuthentication
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168)
        at 
org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
        at 
org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
        at java.base/java.lang.Thread.run(Thread.java:1583)
Caused by: java.lang.ClassNotFoundException: 
org.eclipse.jetty.client.util.SPNEGOAuthentication
        at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
        ... 5 common frames omitted {code}
As you can see ranger-audit depends on solr client which depends on jetty 
client.

The problem is that solr client class use 
org.eclipse.jetty.client.util.SPNEGOAuthentication - 
[https://github.infra.cloudera.com/CDH/solr/blob/solr9-master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46]

However in case jetty 12.x line, this class is moved to another package: 
[https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef]
 

So the problem exist, since jetty version upgraded to 12


h2. Proposed solution


Sadly there is no available solr client (or ranger client), which haven't had 
this dependency. The only solution what I found (and propose in my pr) is to 
override jetty version in case of ranger plugins to jetty line 11, where this 
class is not moved. I tested it on my environment and the audit logging to 
ranger worked well with that version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to