Zoltán Kornél Török created NIFI-12765: ------------------------------------------
Summary: Nifi and nifi registry ranger audit is broken Key: NIFI-12765 URL: https://issues.apache.org/jira/browse/NIFI-12765 Project: Apache NiFi Issue Type: Bug Affects Versions: 2.0.0-M2, 2.0.0 Reporter: Zoltán Kornél Török Assignee: Zoltán Kornél Török h3. Bug description Currently ranger plugins are not reporting audit events into ranger. h2. Investigation In the nifi log I found the following ("classic") NoClassDefFoundError: {code:java} ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect to Solr server. ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError: org/eclipse/jetty/client/util/SPNEGOAuthentication at org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168) at org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227) at org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309) at org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215) at java.base/java.lang.Thread.run(Thread.java:1583) Caused by: java.lang.ClassNotFoundException: org.eclipse.jetty.client.util.SPNEGOAuthentication at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526) ... 5 common frames omitted {code} As you can see ranger-audit depends on solr client which depends on jetty client. The problem is that solr client class use org.eclipse.jetty.client.util.SPNEGOAuthentication - [https://github.infra.cloudera.com/CDH/solr/blob/solr9-master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46] However in case jetty 12.x line, this class is moved to another package: [https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef] So the problem exist, since jetty version upgraded to 12 h2. Proposed solution Sadly there is no available solr client (or ranger client), which haven't had this dependency. The only solution what I found (and propose in my pr) is to override jetty version in case of ranger plugins to jetty line 11, where this class is not moved. I tested it on my environment and the audit logging to ranger worked well with that version. -- This message was sent by Atlassian Jira (v8.20.10#820010)