diff --git a/agents-audit/dest-solr/pom.xml b/agents-audit/dest-solr/pom.xml
index b9e562ca06..067b69298c 100644
--- a/agents-audit/dest-solr/pom.xml
+++ b/agents-audit/dest-solr/pom.xml
@@ -114,6 +114,12 @@
org.eclipse.jetty
jetty-client
${jetty-client.version}
+
+
+ *
+ *
+
+
org.slf4j
diff --git a/agents-common/pom.xml b/agents-common/pom.xml
index 52cce7e2ce..78b9026d97 100644
--- a/agents-common/pom.xml
+++ b/agents-common/pom.xml
@@ -55,6 +55,10 @@
jakarta.activation
jakarta.activation-api
+
+ org.eclipse.jetty
+ *
+
@@ -105,6 +109,10 @@
com.sun.jersey.contribs
*
+
+ org.eclipse.jetty
+ *
+
@@ -120,6 +128,10 @@
com.sun.jersey.contribs
*
+
+ org.eclipse.jetty
+ *
+
@@ -161,6 +173,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/agents-cred/pom.xml b/agents-cred/pom.xml
index 753a00989d..7e7c00be1e 100644
--- a/agents-cred/pom.xml
+++ b/agents-cred/pom.xml
@@ -60,16 +60,34 @@
org.apache.hadoop
hadoop-auth
${hadoop.version}
+
+
+ org.eclipse.jetty
+ *
+
+
org.apache.hadoop
hadoop-client-api
${hadoop.version}
+
+
+ org.eclipse.jetty
+ *
+
+
org.apache.hadoop
hadoop-client-runtime
${hadoop.version}
+
+
+ org.eclipse.jetty
+ *
+
+
org.slf4j
diff --git a/audit-server/audit-dispatcher/dispatcher-common/pom.xml b/audit-server/audit-dispatcher/dispatcher-common/pom.xml
index 3b717af732..1092a63918 100644
--- a/audit-server/audit-dispatcher/dispatcher-common/pom.xml
+++ b/audit-server/audit-dispatcher/dispatcher-common/pom.xml
@@ -71,6 +71,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/audit-server/audit-dispatcher/dispatcher-hdfs/pom.xml b/audit-server/audit-dispatcher/dispatcher-hdfs/pom.xml
index f1a07a79aa..7aaa7118f5 100644
--- a/audit-server/audit-dispatcher/dispatcher-hdfs/pom.xml
+++ b/audit-server/audit-dispatcher/dispatcher-hdfs/pom.xml
@@ -97,6 +97,10 @@
org.apache.hadoop
hadoop-client-api
+
+ org.eclipse.jetty
+ *
+
@@ -126,6 +130,10 @@
org.apache.hadoop
hadoop-client-api
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/audit-server/audit-ingestor/pom.xml b/audit-server/audit-ingestor/pom.xml
index 19fa95d9e1..bb78a46686 100644
--- a/audit-server/audit-ingestor/pom.xml
+++ b/audit-server/audit-ingestor/pom.xml
@@ -163,6 +163,10 @@
org.codehaus.jackson
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/audit-server/pom.xml b/audit-server/pom.xml
index 22d246b2d0..2a3d5e8a95 100644
--- a/audit-server/pom.xml
+++ b/audit-server/pom.xml
@@ -115,12 +115,24 @@
org.apache.hadoop
hadoop-azure
${hadoop.version}
+
+
+ org.eclipse.jetty
+ *
+
+
org.apache.hadoop
hadoop-common
${hadoop.version}
+
+
+ org.eclipse.jetty
+ *
+
+
org.apache.hadoop
diff --git a/credentialbuilder/pom.xml b/credentialbuilder/pom.xml
index c0257fb747..be0d98fe4a 100644
--- a/credentialbuilder/pom.xml
+++ b/credentialbuilder/pom.xml
@@ -105,6 +105,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh b/dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh
index d2b4c24606..643b394703 100755
--- a/dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh
+++ b/dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh
@@ -66,6 +66,14 @@ else
echo "WARNING: Tez directory not found at /opt/tez"
fi
+# Audit spool dirs (Solr/HDFS/audit-server destinations)
+mkdir -p /var/log/hadoop/hdfs/audit/solr/spool \
+ /var/log/hadoop/hdfs/audit/hdfs/spool \
+ /var/log/hadoop/hdfs/audit/audit-ingestor/spool \
+ /var/log/hadoop/hdfs/audit/archive
+chown -R hdfs:hadoop /var/log/hadoop/hdfs/audit
+chmod -R 775 /var/log/hadoop/hdfs/audit
+
cd ${RANGER_HOME}/ranger-hdfs-plugin
./enable-hdfs-plugin.sh
diff --git a/dev-support/ranger-docker/scripts/hadoop/ranger-hdfs-plugin-install.properties b/dev-support/ranger-docker/scripts/hadoop/ranger-hdfs-plugin-install.properties
index 8d51f95512..a6982b1ec0 100644
--- a/dev-support/ranger-docker/scripts/hadoop/ranger-hdfs-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/hadoop/ranger-hdfs-plugin-install.properties
@@ -20,11 +20,11 @@ COMPONENT_INSTALL_DIR_NAME=/opt/hadoop
CUSTOM_USER=hdfs
CUSTOM_GROUP=hadoop
-XAAUDIT.AUDITSERVER.ENABLE=true
+XAAUDIT.AUDITSERVER.ENABLE=false
XAAUDIT.AUDITSERVER.URL=http://ranger-audit-ingestor.rangernw:7081
XAAUDIT.AUDITSERVER.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/audit-ingestor/spool
-XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.IS_ENABLED=true
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
@@ -43,7 +43,7 @@ XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-XAAUDIT.SOLR.ENABLE=false
+XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
diff --git a/dev-support/ranger-docker/scripts/hadoop/test-hdfs-audit-to-solr.sh b/dev-support/ranger-docker/scripts/hadoop/test-hdfs-audit-to-solr.sh
new file mode 100755
index 0000000000..998d5be54d
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hadoop/test-hdfs-audit-to-solr.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+# Verify HDFS plugin writes authorization audits to Solr ranger_audits core
+set -euo pipefail
+
+SOLR_HOST="${SOLR_HOST:-ranger-solr.rangernw}"
+SOLR_BASE="http://${SOLR_HOST}:8983"
+REPO="${REPO:-dev_hdfs}"
+HADOOP_HOST="${HADOOP_HOST:-ranger-hadoop.rangernw}"
+
+pass() { echo "PASS: $*"; }
+fail() { echo "FAIL: $*"; exit 1; }
+
+echo "=== 1. Hadoop + HDFS plugin healthy ==="
+docker exec ranger-hadoop bash -c 'ps aux | grep org.apache.hadoop.hdfs.server.namenode.NameNode | grep -v grep' | grep -q NameNode || fail "NameNode not running"
+docker exec ranger-hadoop grep -A1 'xasecure.audit.destination.solr' /opt/hadoop/etc/hadoop/ranger-hdfs-audit.xml | grep -q 'true' || fail "Solr audit not enabled in ranger-hdfs-audit.xml"
+docker exec ranger-hadoop test -d /var/log/hadoop/hdfs/audit/solr/spool || fail "Solr audit spool dir missing"
+pass "HDFS stack up (Solr audit enabled, spool dir present)"
+
+echo "=== 2. Solr ranger_audits core reachable ==="
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -sf --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json' >/dev/null
+" || fail "Cannot query ranger_audits"
+pass "Solr audit core reachable"
+
+echo "=== 3. Baseline audit count (repo=${REPO}) ==="
+before=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "Before: ${before}"
+
+echo "=== 4. HDFS access (testuser1) to generate audit ==="
+docker exec ranger-hadoop bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_u
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/testuser1.keytab testuser1/${HADOOP_HOST}@EXAMPLE.COM
+ klist
+ /opt/hadoop/bin/hdfs dfs -ls /
+ /opt/hadoop/bin/hdfs dfs -ls /tmp
+ /opt/hadoop/bin/hdfs dfs -stat '%n' /user/testuser1 2>/dev/null || /opt/hadoop/bin/hdfs dfs -ls /user
+"
+
+echo "Waiting 25s for Solr audit flush..."
+sleep 25
+
+after=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "After: ${after}"
+
+[ "${after}" -gt "${before}" ] || fail "HDFS audit count did not increase (${before} -> ${after})"
+pass "HDFS audit write to Solr (${before} -> ${after})"
+
+echo ""
+echo "=== ALL HDFS->SOLR AUDIT CHECKS PASSED ==="
diff --git a/dev-support/ranger-docker/scripts/hbase/ranger-hbase-plugin-install.properties b/dev-support/ranger-docker/scripts/hbase/ranger-hbase-plugin-install.properties
index 1d64080bd7..bb13a72cd1 100644
--- a/dev-support/ranger-docker/scripts/hbase/ranger-hbase-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/hbase/ranger-hbase-plugin-install.properties
@@ -20,14 +20,14 @@ COMPONENT_INSTALL_DIR_NAME=/opt/hbase
CUSTOM_USER=hbase
CUSTOM_GROUP=hadoop
-XAAUDIT.AUDITSERVER.ENABLE=true
+XAAUDIT.AUDITSERVER.ENABLE=false
XAAUDIT.AUDITSERVER.URL=http://ranger-audit-ingestor.rangernw:7081
XAAUDIT.AUDITSERVER.FILE_SPOOL_DIR=/var/log/hadoop/hbase/audit/audit-ingestor/spool
XAAUDIT.SUMMARY.ENABLE=true
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
-XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.IS_ENABLED=true
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
@@ -46,7 +46,7 @@ XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-XAAUDIT.SOLR.ENABLE=false
+XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
diff --git a/dev-support/ranger-docker/scripts/hbase/ranger-hbase-setup.sh b/dev-support/ranger-docker/scripts/hbase/ranger-hbase-setup.sh
index 308883a047..4050b9fe3e 100755
--- a/dev-support/ranger-docker/scripts/hbase/ranger-hbase-setup.sh
+++ b/dev-support/ranger-docker/scripts/hbase/ranger-hbase-setup.sh
@@ -32,7 +32,9 @@ fi
cp ${RANGER_SCRIPTS}/hbase-site.xml /opt/hbase/conf/hbase-site.xml
cp ${RANGER_SCRIPTS}/core-site.xml /opt/hbase/conf/core-site.xml
-chown -R hbase:hadoop /opt/hbase/
+mkdir -p /var/log/hadoop/hbase/audit/solr/spool \
+ /var/log/hadoop/hbase/audit/audit-ingestor/spool
+chown -R hbase:hadoop /opt/hbase/ /var/log/hadoop/hbase
cd ${RANGER_HOME}/ranger-hbase-plugin
./enable-hbase-plugin.sh
diff --git a/dev-support/ranger-docker/scripts/hbase/test-hbase-audit-to-solr.sh b/dev-support/ranger-docker/scripts/hbase/test-hbase-audit-to-solr.sh
new file mode 100755
index 0000000000..40a9ca431e
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hbase/test-hbase-audit-to-solr.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+# Verify HBase plugin writes authorization audits to Solr ranger_audits core
+set -euo pipefail
+
+SOLR_HOST="${SOLR_HOST:-ranger-solr.rangernw}"
+SOLR_BASE="http://${SOLR_HOST}:8983"
+REPO="${REPO:-dev_hbase}"
+HBASE_HOST="${HBASE_HOST:-ranger-hbase.rangernw}"
+
+pass() { echo "PASS: $*"; }
+fail() { echo "FAIL: $*"; exit 1; }
+
+echo "=== 1. HBase + plugin healthy ==="
+docker exec ranger-hbase bash -c 'ps aux | grep org.apache.hadoop.hbase.master.HMaster | grep -v grep' | grep -q HMaster || fail "HMaster not running"
+docker exec ranger-hbase grep -A1 'xasecure.audit.destination.solr' /opt/hbase/conf/ranger-hbase-audit.xml | grep -q 'true' || fail "Solr audit not enabled in ranger-hbase-audit.xml"
+docker exec ranger-hbase test -d /var/log/hadoop/hbase/audit/solr/spool || fail "Solr audit spool dir missing"
+pass "HBase stack up (Solr audit enabled, spool dir present)"
+
+echo "=== 2. Solr ranger_audits core reachable ==="
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -sf --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json' >/dev/null
+" || fail "Cannot query ranger_audits"
+pass "Solr audit core reachable"
+
+echo "=== 3. Baseline audit count (repo=${REPO}) ==="
+before=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "Before: ${before}"
+
+echo "=== 4. HBase access (testuser1) to generate audit ==="
+set +e
+docker exec ranger-hbase bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_u
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/testuser1.keytab testuser1/${HBASE_HOST}@EXAMPLE.COM
+ klist
+ TABLE=test_ranger_audit_\$(date +%s)
+ echo \"create '\${TABLE}', 'cf'\" | /opt/hbase/bin/hbase shell -n 2>&1 || true
+ echo 'list' | /opt/hbase/bin/hbase shell -n 2>&1 || true
+"
+set -e
+
+echo "Waiting 30s for Solr audit flush..."
+sleep 30
+
+after=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "After: ${after}"
+
+[ "${after}" -gt "${before}" ] || fail "HBase audit count did not increase (${before} -> ${after})"
+pass "HBase audit write to Solr (${before} -> ${after})"
+
+echo ""
+echo "=== ALL HBASE->SOLR AUDIT CHECKS PASSED ==="
diff --git a/dev-support/ranger-docker/scripts/hive/ranger-hive-plugin-install.properties b/dev-support/ranger-docker/scripts/hive/ranger-hive-plugin-install.properties
index a8e84643c9..058176dc19 100644
--- a/dev-support/ranger-docker/scripts/hive/ranger-hive-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/hive/ranger-hive-plugin-install.properties
@@ -21,11 +21,11 @@ UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
CUSTOM_USER=hive
CUSTOM_GROUP=hadoop
-XAAUDIT.AUDITSERVER.ENABLE=true
+XAAUDIT.AUDITSERVER.ENABLE=false
XAAUDIT.AUDITSERVER.URL=http://ranger-audit-ingestor.rangernw:7081
XAAUDIT.AUDITSERVER.FILE_SPOOL_DIR=/var/log/hive/audit/audit-ingestor/spool
-XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.IS_ENABLED=true
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
@@ -44,7 +44,7 @@ XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-XAAUDIT.SOLR.ENABLE=false
+XAAUDIT.SOLR.ENABLE=true
XAAUDIT.SOLR.URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
diff --git a/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh b/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
index 150fd701f5..00789b3490 100755
--- a/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
+++ b/dev-support/ranger-docker/scripts/hive/ranger-hive-setup.sh
@@ -203,7 +203,9 @@ fi
su -c "${HIVE_HOME}/bin/schematool -dbType ${RANGER_DB_TYPE} -initSchema" hive
mkdir -p /opt/hive/logs
-chown -R hive:hadoop /opt/hive/
+mkdir -p /var/log/hive/audit/solr/spool \
+ /var/log/hive/audit/audit-ingestor/spool
+chown -R hive:hadoop /opt/hive/ /var/log/hive
chmod g+w /opt/hive/logs
cd ${RANGER_HOME}/ranger-hive-plugin
diff --git a/dev-support/ranger-docker/scripts/hive/test-hive-audit-to-solr.sh b/dev-support/ranger-docker/scripts/hive/test-hive-audit-to-solr.sh
new file mode 100755
index 0000000000..27961b683b
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/hive/test-hive-audit-to-solr.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+# Verify Hive plugin writes authorization audits to Solr ranger_audits core
+set -euo pipefail
+
+SOLR_HOST="${SOLR_HOST:-ranger-solr.rangernw}"
+SOLR_BASE="http://${SOLR_HOST}:8983"
+REPO="${REPO:-dev_hive}"
+HIVE_HOST="${HIVE_HOST:-ranger-hive.rangernw}"
+
+pass() { echo "PASS: $*"; }
+fail() { echo "FAIL: $*"; exit 1; }
+
+echo "=== 1. Hive + plugin healthy ==="
+docker exec ranger-hive bash -c 'ps aux | grep org.apache.hive.service.server.HiveServer2 | grep -v grep' | grep -q HiveServer2 || fail "HiveServer2 not running"
+docker exec ranger-hive grep -A1 'xasecure.audit.destination.solr' /opt/hive/conf/ranger-hive-audit.xml | grep -q 'true' || fail "Solr audit not enabled in ranger-hive-audit.xml"
+docker exec ranger-hive test -d /var/log/hive/audit/solr/spool || fail "Solr audit spool dir missing"
+pass "Hive stack up (Solr audit enabled, spool dir present)"
+
+echo "=== 2. Solr ranger_audits core reachable ==="
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -sf --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json' >/dev/null
+" || fail "Cannot query ranger_audits"
+pass "Solr audit core reachable"
+
+echo "=== 3. Baseline audit count (repo=${REPO}) ==="
+before=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "Before: ${before}"
+
+echo "=== 4. Hive access (testuser1) to generate audit ==="
+set +e
+docker exec ranger-hive bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_u
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/testuser1.keytab testuser1/${HIVE_HOST}@EXAMPLE.COM
+ klist
+ /opt/hive/bin/beeline -u 'jdbc:hive2://localhost:10000/default;principal=hive/${HIVE_HOST}@EXAMPLE.COM' -e 'show databases;' 2>&1
+ /opt/hive/bin/beeline -u 'jdbc:hive2://localhost:10000/default;principal=hive/${HIVE_HOST}@EXAMPLE.COM' -e 'show tables in default;' 2>&1
+"
+set -e
+
+echo "Waiting 30s for Solr audit flush..."
+sleep 30
+
+after=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "After: ${after}"
+
+[ "${after}" -gt "${before}" ] || fail "Hive audit count did not increase (${before} -> ${after})"
+pass "Hive audit write to Solr (${before} -> ${after})"
+
+echo ""
+echo "=== ALL HIVE->SOLR AUDIT CHECKS PASSED ==="
diff --git a/dev-support/ranger-docker/scripts/kafka/ranger-kafka-plugin-install.properties b/dev-support/ranger-docker/scripts/kafka/ranger-kafka-plugin-install.properties
index 2e0c1350b0..b1a521e1bb 100644
--- a/dev-support/ranger-docker/scripts/kafka/ranger-kafka-plugin-install.properties
+++ b/dev-support/ranger-docker/scripts/kafka/ranger-kafka-plugin-install.properties
@@ -23,11 +23,11 @@ CUSTOM_GROUP=hadoop
XAAUDIT.SUMMARY.ENABLE=true
UPDATE_XAPOLICIES_ON_GRANT_REVOKE=true
-XAAUDIT.AUDITSERVER.ENABLE=true
+XAAUDIT.AUDITSERVER.ENABLE=false
XAAUDIT.AUDITSERVER.URL=http://ranger-audit-ingestor.rangernw:7081
XAAUDIT.AUDITSERVER.FILE_SPOOL_DIR=/var/log/kafka/audit/audit-ingestor/spool
-XAAUDIT.SOLR.IS_ENABLED=false
+XAAUDIT.SOLR.IS_ENABLED=true
XAAUDIT.SOLR.MAX_QUEUE_SIZE=1
XAAUDIT.SOLR.MAX_FLUSH_INTERVAL_MS=1000
XAAUDIT.SOLR.SOLR_URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
@@ -46,8 +46,8 @@ XAAUDIT.HDFS.LOCAL_BUFFER_FLUSH_INTERVAL_SECONDS=60
XAAUDIT.HDFS.LOCAL_BUFFER_ROLLOVER_INTERVAL_SECONDS=600
XAAUDIT.HDFS.LOCAL_ARCHIVE_MAX_FILE_COUNT=10
-XAAUDIT.SOLR.ENABLE=false
-XAAUDIT.SOLR.URL=http://ranger-solr:8983/solr/ranger_audits
+XAAUDIT.SOLR.ENABLE=true
+XAAUDIT.SOLR.URL=http://ranger-solr.rangernw:8983/solr/ranger_audits
XAAUDIT.SOLR.USER=NONE
XAAUDIT.SOLR.PASSWORD=NONE
XAAUDIT.SOLR.ZOOKEEPER=NONE
diff --git a/dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh b/dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh
index 067042ada8..3f6b93d2b7 100755
--- a/dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh
+++ b/dev-support/ranger-docker/scripts/kafka/ranger-kafka-setup.sh
@@ -34,6 +34,13 @@ cp ${RANGER_SCRIPTS}/kafka-server-jaas.conf ${KAFKA_HOME}/config/
chown -R kafka:hadoop /opt/kafka/
+mkdir -p /var/log/kafka/audit/solr/spool \
+ /var/log/kafka/audit/hdfs/spool \
+ /var/log/kafka/audit/audit-ingestor/spool \
+ /var/log/kafka/audit/archive
+chown -R kafka:hadoop /var/log/kafka/audit
+chmod -R 775 /var/log/kafka/audit
+
cd ${RANGER_HOME}/ranger-kafka-plugin
./enable-kafka-plugin.sh
diff --git a/dev-support/ranger-docker/scripts/kafka/test-kafka-audit-to-solr.sh b/dev-support/ranger-docker/scripts/kafka/test-kafka-audit-to-solr.sh
new file mode 100755
index 0000000000..98202aa850
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/kafka/test-kafka-audit-to-solr.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# Verify Kafka plugin writes authorization audits to Solr ranger_audits core
+set -euo pipefail
+
+SOLR_HOST="${SOLR_HOST:-ranger-solr.rangernw}"
+SOLR_BASE="http://${SOLR_HOST}:8983"
+REPO="${REPO:-dev_kafka}"
+KAFKA_HOST="${KAFKA_HOST:-ranger-kafka.rangernw}"
+
+pass() { echo "PASS: $*"; }
+fail() { echo "FAIL: $*"; exit 1; }
+
+echo "=== 1. Kafka + plugin healthy ==="
+docker exec ranger-kafka bash -c 'ps aux | grep kafka.Kafka | grep -v grep' | grep -q Kafka || fail "Kafka broker not running"
+docker exec ranger-kafka grep -A1 'xasecure.audit.destination.solr' /opt/kafka/config/ranger-kafka-audit.xml | grep -q 'true' || fail "Solr audit not enabled"
+docker exec ranger-kafka test -d /var/log/kafka/audit/solr/spool || fail "Solr audit spool dir missing"
+pass "Kafka stack up (Solr audit enabled)"
+
+echo "=== 2. Solr ranger_audits core reachable ==="
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -sf --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json' >/dev/null
+" || fail "Cannot query ranger_audits"
+pass "Solr audit core reachable"
+
+echo "=== 3. Baseline audit count (repo=${REPO}) ==="
+before=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "Before: ${before}"
+
+echo "=== 4. Kafka access (testuser1) to generate audit ==="
+# Authorization may deny the operation; denied attempts still produce Ranger audits.
+docker exec ranger-kafka bash -c "
+ set +e
+ cat > /tmp/kafka-client-jaas.conf <<'EOF'
+KafkaClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ storeKey=true
+ keyTab=\"/etc/keytabs/testuser1.keytab\"
+ principal=\"testuser1/${KAFKA_HOST}@EXAMPLE.COM\";
+};
+EOF
+ cat > /tmp/client.properties <<'EOF'
+security.protocol=SASL_PLAINTEXT
+sasl.mechanism=GSSAPI
+sasl.kerberos.service.name=kafka
+EOF
+ export KRB5CCNAME=FILE:/tmp/cc_u
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/testuser1.keytab testuser1/${KAFKA_HOST}@EXAMPLE.COM
+ export KAFKA_OPTS=\"-Djava.security.auth.login.config=/tmp/kafka-client-jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf\"
+ topic=\"ranger-audit-test-\$(date +%s)\"
+ /opt/kafka/bin/kafka-topics.sh --bootstrap-server ${KAFKA_HOST}:9092 --create --topic \"\${topic}\" --partitions 1 --replication-factor 1 --command-config /tmp/client.properties 2>&1 || true
+ /opt/kafka/bin/kafka-configs.sh --bootstrap-server ${KAFKA_HOST}:9092 --entity-type topics --entity-name \"\${topic}\" --describe --command-config /tmp/client.properties 2>&1 || true
+ true
+"
+
+echo "Waiting 25s for Solr audit flush..."
+sleep 25
+
+after=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+echo "After: ${after}"
+
+[ "${after}" -gt "${before}" ] || fail "Kafka audit count did not increase (${before} -> ${after})"
+pass "Kafka audit write to Solr (${before} -> ${after})"
+
+echo ""
+echo "=== ALL KAFKA->SOLR AUDIT CHECKS PASSED ==="
diff --git a/dev-support/ranger-docker/scripts/solr/test-audit-e2e.sh b/dev-support/ranger-docker/scripts/solr/test-audit-e2e.sh
new file mode 100755
index 0000000000..3e702df3e0
--- /dev/null
+++ b/dev-support/ranger-docker/scripts/solr/test-audit-e2e.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+# End-to-end audit verification for Ranger Docker (Solr plugin + Admin UI)
+set -euo pipefail
+
+SOLR_HOST="${SOLR_HOST:-ranger-solr.rangernw}"
+SOLR_BASE="http://${SOLR_HOST}:8983"
+REPO="${REPO:-dev_solr}"
+ADMIN_URL="${ADMIN_URL:-http://localhost:6080}"
+ADMIN_USER="${ADMIN_USER:-admin}"
+ADMIN_PASS="${ADMIN_PASS:-rangerR0cks!}"
+
+pass() { echo "PASS: $*"; }
+fail() { echo "FAIL: $*"; exit 1; }
+
+echo "=== 1. Solr plugin: policy download ==="
+SOLR_LOG=$(docker logs ranger-solr 2>&1 || true)
+echo "${SOLR_LOG}" | grep -Fq "PolicyRefresher(serviceName=dev_solr): found updated version" || fail "PolicyRefresher did not download policies"
+echo "${SOLR_LOG}" | grep -Fq "policy evaluators" || fail "No policy evaluators in log"
+pass "Policy download"
+
+echo "=== 2. Solr: ranger_audits core loaded ==="
+echo "${SOLR_LOG}" | grep -Fq "Creating SolrCore 'ranger_audits'" || fail "ranger_audits core not created"
+pass "Audit core loaded"
+
+echo "=== 3. Plugin audit WRITE (testuser1 -> /admin/cores) ==="
+before=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_u
+ kdestroy -q 2>/dev/null || true
+ kinit -kt /etc/keytabs/testuser1.keytab testuser1/${SOLR_HOST}@EXAMPLE.COM
+ curl -s -o /dev/null --negotiate -u : '${SOLR_BASE}/solr/admin/cores'
+"
+sleep 18
+after=$(docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -s --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=repo:${REPO}&rows=0&wt=json'
+" | grep -o '"numFound":[0-9]*' | head -1 | grep -o '[0-9]*')
+
+[ "${after}" -gt "${before}" ] || fail "Audit count did not increase (${before} -> ${after})"
+pass "Plugin audit write (${before} -> ${after})"
+
+echo "=== 4. Solr audit READ (HTTP SPNEGO) ==="
+docker exec ranger-solr bash -c "
+ export KRB5CCNAME=FILE:/tmp/cc_h
+ kinit -kt /etc/keytabs/HTTP.keytab HTTP/${SOLR_HOST}@EXAMPLE.COM
+ curl -sf --negotiate -u : '${SOLR_BASE}/solr/ranger_audits/select?q=*:*&rows=1&wt=json' >/dev/null
+" || fail "HTTP read of ranger_audits failed"
+pass "Direct Solr read"
+
+echo "=== 5. Ranger Admin UI audit READ (SolrMgr / xaudit API) ==="
+docker exec ranger bash -c "grep -A1 'ranger.audit.solr.urls' /opt/ranger/admin/ews/webapp/WEB-INF/classes/conf/ranger-admin-site.xml" | grep -q ranger-solr.rangernw || fail "Admin audit URL not FQDN"
+resp=$(curl -sf -u "${ADMIN_USER}:${ADMIN_PASS}" "${ADMIN_URL}/service/xaudit/access_audit?pageSize=2&startIndex=0") || fail "xaudit API request failed"
+echo "${resp}" | grep -q '"totalCount"' || fail "No totalCount in response"
+echo "${resp}" | grep -q 'msgDesc' && echo "${resp}" | grep -q '"statusCode":1' && fail "API returned error: ${resp}"
+pass "Ranger Admin audit API (UI uses same path)"
+
+echo ""
+echo "=== ALL CHECKS PASSED ==="
diff --git a/distro/src/main/assembly/hbase-agent.xml b/distro/src/main/assembly/hbase-agent.xml
index f3785ee1f9..0ee45b7488 100644
--- a/distro/src/main/assembly/hbase-agent.xml
+++ b/distro/src/main/assembly/hbase-agent.xml
@@ -81,6 +81,10 @@
org.graalvm.sdk:graal-sdk:jar:${graalvm.version}
org.graalvm.truffle:truffle-api:jar:${graalvm.version}
com.ibm.icu:icu4j
+ org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-audit-dest-auditserver
+ org.apache.ranger:ranger-audit-dest-hdfs
+ org.apache.ranger:ranger-audit-dest-solr
diff --git a/distro/src/main/assembly/hdfs-agent.xml b/distro/src/main/assembly/hdfs-agent.xml
index 171181c80b..0d1e52edf7 100644
--- a/distro/src/main/assembly/hdfs-agent.xml
+++ b/distro/src/main/assembly/hdfs-agent.xml
@@ -86,6 +86,10 @@
755
644
+ org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-audit-dest-auditserver
+ org.apache.ranger:ranger-audit-dest-hdfs
+ org.apache.ranger:ranger-audit-dest-solr
com.carrotsearch:hppc
commons-collections:commons-collections
io.airlift:aircompressor:jar:${aircompressor.version}
diff --git a/distro/src/main/assembly/hive-agent.xml b/distro/src/main/assembly/hive-agent.xml
index 90a5b16142..8a923fb969 100644
--- a/distro/src/main/assembly/hive-agent.xml
+++ b/distro/src/main/assembly/hive-agent.xml
@@ -88,6 +88,10 @@
org.graalvm.sdk:graal-sdk:jar:${graalvm.version}
org.graalvm.truffle:truffle-api:jar:${graalvm.version}
com.ibm.icu:icu4j
+ org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-audit-dest-auditserver
+ org.apache.ranger:ranger-audit-dest-hdfs
+ org.apache.ranger:ranger-audit-dest-solr
diff --git a/distro/src/main/assembly/plugin-kafka.xml b/distro/src/main/assembly/plugin-kafka.xml
index 6ae15a6369..5e199928f3 100644
--- a/distro/src/main/assembly/plugin-kafka.xml
+++ b/distro/src/main/assembly/plugin-kafka.xml
@@ -53,6 +53,10 @@
755
644
+ org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-audit-dest-auditserver
+ org.apache.ranger:ranger-audit-dest-hdfs
+ org.apache.ranger:ranger-audit-dest-solr
com.carrotsearch:hppc
com.fasterxml.jackson.core:jackson-annotations:jar:${fasterxml.jackson.version}
com.fasterxml.jackson.core:jackson-core:jar:${fasterxml.jackson.version}
diff --git a/distro/src/main/assembly/plugin-solr.xml b/distro/src/main/assembly/plugin-solr.xml
index a478e27a46..5558d6cc25 100644
--- a/distro/src/main/assembly/plugin-solr.xml
+++ b/distro/src/main/assembly/plugin-solr.xml
@@ -52,6 +52,10 @@
755
644
+ org.apache.ranger:ranger-audit-core
+ org.apache.ranger:ranger-audit-dest-auditserver
+ org.apache.ranger:ranger-audit-dest-hdfs
+ org.apache.ranger:ranger-audit-dest-solr
com.fasterxml.jackson.jaxrs:jackson-jaxrs-base:jar:${fasterxml.jackson.version}
com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider:jar:${fasterxml.jackson.version}
com.google.code.gson:gson
@@ -64,6 +68,15 @@
org.apache.hadoop:hadoop-client-runtime:jar:${hadoop.version}
org.apache.httpcomponents:httpasyncclient:jar:${httpcomponents.httpasyncclient.version}
org.apache.httpcomponents:httpcore-nio:jar:${httpcomponents.httpcore.version}
+ org.apache.solr:solr-solrj:jar:${solr.version}
+ org.eclipse.jetty:jetty-client:jar:${jetty-client.version}
+ org.glassfish.jersey.core:jersey-client:jar:${jersey-client.version}
+ org.glassfish.jersey.core:jersey-common:jar:${jersey-client.version}
+ org.glassfish.jersey.ext:jersey-entity-filtering:jar:${jersey-client.version}
+ org.glassfish.jersey.media:jersey-media-json-jackson:jar:${jersey-client.version}
+ org.glassfish.jersey.inject:jersey-hk2:jar:${jersey-client.version}
+ javax.ws.rs:javax.ws.rs-api
+ org.glassfish.hk2:hk2-locator
org.glassfish.hk2:class-model
org.glassfish.hk2:hk2-api
org.glassfish.hk2:hk2-core
diff --git a/hbase-agent/pom.xml b/hbase-agent/pom.xml
index 2b9412483b..5abfdc5059 100644
--- a/hbase-agent/pom.xml
+++ b/hbase-agent/pom.xml
@@ -43,6 +43,10 @@
ch.qos.logback
*
+
+ org.eclipse.jetty
+ *
+
@@ -72,6 +76,10 @@
jakarta.activation
jakarta.activation-api
+
+ org.eclipse.jetty
+ *
+
@@ -131,6 +139,10 @@
com.fasterxml.jackson.module
*
+
+ org.eclipse.jetty
+ *
+
@@ -151,6 +163,10 @@
com.fasterxml.jackson.module
*
+
+ org.eclipse.jetty
+ *
+
@@ -166,6 +182,10 @@
org.apache.hadoop
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -201,6 +221,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.glassfish
javax.el
@@ -553,12 +577,7 @@
${hbase.jetty.version}
test
-
- org.eclipse.jetty
- jetty-server
- ${hbase.jetty.version}
- test
-
+
org.eclipse.jetty
jetty-util
diff --git a/hdfs-agent/pom.xml b/hdfs-agent/pom.xml
index c9392c272e..3c858ffcc7 100644
--- a/hdfs-agent/pom.xml
+++ b/hdfs-agent/pom.xml
@@ -127,6 +127,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -172,6 +176,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -197,6 +205,10 @@
javax.ws.rs
jsr311-api
+
+ org.eclipse.jetty
+ *
+
diff --git a/hive-agent/pom.xml b/hive-agent/pom.xml
index 95a7b4dca2..5d36d0c16d 100644
--- a/hive-agent/pom.xml
+++ b/hive-agent/pom.xml
@@ -119,6 +119,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -162,6 +166,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -193,6 +201,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.glassfish
javax.el
@@ -232,6 +244,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
@@ -267,6 +283,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.glassfish
javax.el
@@ -292,6 +312,10 @@
javax.ws.rs
jsr311-api
+
+ org.eclipse.jetty
+ *
+
diff --git a/kms/pom.xml b/kms/pom.xml
index f49d33984c..100e91eb81 100644
--- a/kms/pom.xml
+++ b/kms/pom.xml
@@ -50,6 +50,10 @@
com.fasterxml.jackson.dataformat
jackson-dataformat-cbor
+
+ org.eclipse.jetty
+ *
+
software.amazon.ion
ion-java
@@ -96,6 +100,10 @@
jakarta.activation
jakarta.activation-api
+
+ org.eclipse.jetty
+ *
+
@@ -143,6 +151,10 @@
log4jdbc
${googlecode.log4jdbc.version}
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -166,6 +178,10 @@
org.apache.commons
commons-lang3
+
+ org.eclipse.jetty
+ *
+
@@ -181,6 +197,10 @@
org.apache.commons
commons-lang3
+
+ org.eclipse.jetty
+ *
+
@@ -197,6 +217,10 @@
org.apache.commons
commons-lang3
+
+ org.eclipse.jetty
+ *
+
@@ -213,6 +237,10 @@
org.apache.commons
commons-lang3
+
+ org.eclipse.jetty
+ *
+
@@ -324,6 +352,10 @@
junit
junit
+
+ org.eclipse.jetty
+ *
+
@@ -393,6 +425,10 @@
net.minidev
json-smart
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -457,6 +493,10 @@
org.apache.commons
commons-text
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -497,6 +537,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
@@ -536,6 +580,10 @@
net.minidev
json-smart
+
+ org.eclipse.jetty
+ *
+
@@ -569,6 +617,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/knox-agent/pom.xml b/knox-agent/pom.xml
index faade88ad2..1753c75b4e 100644
--- a/knox-agent/pom.xml
+++ b/knox-agent/pom.xml
@@ -110,6 +110,10 @@
org.apache.zookeeper
zookeeper
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -130,6 +134,10 @@
javax.ws.rs
jsr311-api
+
+ org.eclipse.jetty
+ *
+
+
+ org.apache.tomcat.embed
+ tomcat-embed-core
+ ${tomcat.embed.version}
+
org.junit.jupiter
@@ -73,6 +79,13 @@
org.mockito
mockito-core
+ ${mockito.version}
+ test
+
+
+ org.mockito
+ mockito-junit-jupiter
+ ${mockito.version}
test
diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml
index 66587bc181..5000d2ad33 100644
--- a/ranger-ozone-plugin-shim/pom.xml
+++ b/ranger-ozone-plugin-shim/pom.xml
@@ -40,6 +40,10 @@
io.netty
netty-all
+
+ org.eclipse.jetty
+ *
+
org.yaml
snakeyaml
diff --git a/ranger-solr-plugin-shim/pom.xml b/ranger-solr-plugin-shim/pom.xml
index 14c11efec8..fa2fcb7001 100644
--- a/ranger-solr-plugin-shim/pom.xml
+++ b/ranger-solr-plugin-shim/pom.xml
@@ -98,6 +98,14 @@
org.apache.zookeeper
zookeeper-jute
+
+ org.eclipse.jetty
+ *
+
+
+ org.eclipse.jetty.http2
+ *
+
org.slf4j
*
diff --git a/ranger-storm-plugin-shim/pom.xml b/ranger-storm-plugin-shim/pom.xml
index 16e70f331a..4ac8512c19 100644
--- a/ranger-storm-plugin-shim/pom.xml
+++ b/ranger-storm-plugin-shim/pom.xml
@@ -50,6 +50,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/ranger-yarn-plugin-shim/pom.xml b/ranger-yarn-plugin-shim/pom.xml
index f61e9105da..ae5909714a 100644
--- a/ranger-yarn-plugin-shim/pom.xml
+++ b/ranger-yarn-plugin-shim/pom.xml
@@ -49,6 +49,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/security-admin/pom.xml b/security-admin/pom.xml
index 491baf80fc..f92bf8f9f4 100644
--- a/security-admin/pom.xml
+++ b/security-admin/pom.xml
@@ -80,6 +80,10 @@
jakarta.activation
jakarta.activation-api
+
+ org.eclipse.jetty
+ *
+
@@ -97,6 +101,10 @@
log4jdbc
${googlecode.log4jdbc.version}
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -112,6 +120,10 @@
com.google.guava
guava
+
+ org.eclipse.jetty
+ *
+
@@ -130,6 +142,10 @@
HikariCP
${HikariCP.version}
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -313,6 +329,10 @@
org.apache.commons
commons-text
+
+ org.eclipse.jetty
+ *
+
org.mortbay.jetty
*
@@ -398,6 +418,10 @@
org.apache.commons
commons-compress
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -463,6 +487,10 @@
org.apache.logging.log4j
log4j-api
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -482,6 +510,10 @@
org.apache.logging.log4j
log4j-api
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -522,6 +554,10 @@
javax.ws.rs
jsr311-api
+
+ org.eclipse.jetty
+ *
+
@@ -538,6 +574,10 @@
com.sun.xml.bind
*
+
+ org.eclipse.jetty
+ *
+
@@ -586,6 +626,14 @@
org.apache.zookeeper
zookeeper-jute
+
+ org.eclipse.jetty
+ *
+
+
+ org.eclipse.jetty.http2
+ *
+
org.slf4j
*
@@ -601,6 +649,10 @@
org.apache.tomcat.embed
tomcat-embed-core
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -612,6 +664,10 @@
velocity-engine-core
${velocity.version}
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -639,6 +695,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -650,6 +710,18 @@
jettison
${jettison.version}
+
+
+ org.eclipse.jetty
+ jetty-client
+ ${jetty-client.version}
+
+
+ org.eclipse.jetty
+ *
+
+
+
org.eclipse.persistence
eclipselink
@@ -735,6 +807,10 @@
spring-core
${springframework.version}
+
+ org.eclipse.jetty
+ *
+
org.springframework
spring-jcl
@@ -776,6 +852,10 @@
spring-ldap-core
${spring-ldap-core.version}
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/security-admin/src/test/java/org/apache/ranger/security/handler/TestPermission.java b/security-admin/src/test/java/org/apache/ranger/security/handler/TestPermission.java
index c88a72682c..c8d7d3f287 100644
--- a/security-admin/src/test/java/org/apache/ranger/security/handler/TestPermission.java
+++ b/security-admin/src/test/java/org/apache/ranger/security/handler/TestPermission.java
@@ -25,6 +25,8 @@
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
/**
* @generated by Cursor
@@ -49,12 +51,8 @@ public void getPermission_returnsNullForUnknown() {
@Test
public void getPermission_acceptsNonStringInputs() {
- Object in = new Object() {
- @Override
- public String toString() {
- return "READ";
- }
- };
+ Object in = mock(Object.class);
+ when(in.toString()).thenReturn("READ");
assertEquals(Permission.PermissionType.READ, Permission.getPermission(in));
}
diff --git a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java
index c721c30f06..8bd9df73b8 100644
--- a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java
+++ b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerHeaderPreAuthFilter.java
@@ -33,8 +33,6 @@
import org.springframework.security.core.context.SecurityContextHolder;
import javax.servlet.FilterChain;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -130,22 +128,19 @@ public void testDoFilter_enabled_withUsername_setsAuthenticationFromRangerDbRole
when(request.getHeader("x-awc-username")).thenReturn("joeuser");
- FilterChain chain = new FilterChain() {
- @Override
- public void doFilter(ServletRequest req, ServletResponse res) {
- org.springframework.security.core.Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-
- assertNotNull(auth);
- assertTrue(auth instanceof RangerAuthenticationToken);
- RangerAuthenticationToken rangerAuth = (RangerAuthenticationToken) auth;
- assertEquals(XXAuthSession.AUTH_TYPE_TRUSTED_PROXY, rangerAuth.getAuthType());
- assertEquals("joeuser", auth.getName());
-
- Collection authorities = auth.getAuthorities();
- assertEquals(2, authorities.size());
- assertTrue(authorities.stream().anyMatch(a -> "ROLE_SYS_ADMIN".equals(a.toString())));
- assertTrue(authorities.stream().anyMatch(a -> "ROLE_USER".equals(a.toString())));
- }
+ FilterChain chain = (req, res) -> {
+ org.springframework.security.core.Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+ assertNotNull(auth);
+ assertTrue(auth instanceof RangerAuthenticationToken);
+ RangerAuthenticationToken rangerAuth = (RangerAuthenticationToken) auth;
+ assertEquals(XXAuthSession.AUTH_TYPE_TRUSTED_PROXY, rangerAuth.getAuthType());
+ assertEquals("joeuser", auth.getName());
+
+ Collection authorities = auth.getAuthorities();
+ assertEquals(2, authorities.size());
+ assertTrue(authorities.stream().anyMatch(a -> "ROLE_SYS_ADMIN".equals(a.toString())));
+ assertTrue(authorities.stream().anyMatch(a -> "ROLE_USER".equals(a.toString())));
};
filter.doFilter(request, response, chain);
diff --git a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerKrbFilter.java b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerKrbFilter.java
index 43a0ab27c2..f147eb5dd0 100644
--- a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerKrbFilter.java
+++ b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerKrbFilter.java
@@ -180,22 +180,8 @@ public void testProtectedDoFilterDelegates() throws Exception {
@Test
public void testIsCustomSignerSecretProvider() throws Exception {
RangerKrbFilter filter = new RangerKrbFilter();
- // Custom provider (anonymous) should be detected as custom
- SignerSecretProvider custom = new SignerSecretProvider() {
- @Override
- public void init(Properties config, ServletContext servletContext, long tokenValidity) {
- }
-
- @Override
- public byte[] getCurrentSecret() {
- return new byte[0];
- }
-
- @Override
- public byte[][] getAllSecrets() {
- return new byte[0][];
- }
- };
+ // Custom provider (mock) should be detected as custom
+ SignerSecretProvider custom = mock(SignerSecretProvider.class);
setField(filter, "secretProvider", custom);
assertTrue((Boolean) invoke(filter, "isCustomSignerSecretProvider"));
}
diff --git a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerMDCFilter.java b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerMDCFilter.java
index 16156c6e6e..0ef68218b9 100644
--- a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerMDCFilter.java
+++ b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerMDCFilter.java
@@ -30,7 +30,6 @@
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -88,12 +87,7 @@ public void testInitAndDoFilter_enabled_setsAndClearsMDC() throws Exception {
ServletResponse response = mock(ServletResponse.class);
- FilterChain chain = new FilterChain() {
- @Override
- public void doFilter(ServletRequest req, ServletResponse res) throws IOException, ServletException {
- assertEquals("abc-123", MDC.get("RID"));
- }
- };
+ FilterChain chain = (req, res) -> assertEquals("abc-123", MDC.get("RID"));
filter.doFilter(request, response, chain);
@@ -110,13 +104,7 @@ public void testDoFilter_disabled_bypasses() throws Exception {
HttpServletRequest request = mock(HttpServletRequest.class);
ServletResponse response = mock(ServletResponse.class);
- FilterChain chain = new FilterChain() {
- @Override
- public void doFilter(ServletRequest req, ServletResponse res) {
- // MDC should not be set
- assertNull(MDC.get(RangerMDCFilter.DEFAULT_MDC_KEY));
- }
- };
+ FilterChain chain = (req, res) -> assertNull(MDC.get(RangerMDCFilter.DEFAULT_MDC_KEY));
filter.doFilter(request, response, chain);
}
diff --git a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerSecurityContextFormationFilter.java b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerSecurityContextFormationFilter.java
index ff9f059bc4..fc59cab53d 100644
--- a/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerSecurityContextFormationFilter.java
+++ b/security-admin/src/test/java/org/apache/ranger/security/web/filter/TestRangerSecurityContextFormationFilter.java
@@ -124,14 +124,11 @@ public void testDoFilter_setsCreatePrincipalsIfAbsentFlag() throws Exception {
when(req.getParameter("createPrincipalsIfAbsent")).thenReturn("true");
- FilterChain chain = new FilterChain() {
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) {
- Boolean flag = RangerContextHolder.getOpContext() != null
- ? RangerContextHolder.getOpContext().getCreatePrincipalsIfAbsent()
- : null;
- assertEquals(Boolean.TRUE, flag);
- }
+ FilterChain chain = (servletRequest, servletResponse) -> {
+ Boolean flag = RangerContextHolder.getOpContext() != null
+ ? RangerContextHolder.getOpContext().getCreatePrincipalsIfAbsent()
+ : null;
+ assertEquals(Boolean.TRUE, flag);
};
filter.doFilter(req, res, chain);
@@ -222,16 +219,13 @@ public void testDoFilter_authenticated_createsSecurityContextAndUserSession() th
Mockito.when(sessionMgr.processSuccessLogin(Mockito.anyInt(), Mockito.anyString(), Mockito.any(HttpServletRequest.class)))
.thenReturn(userSession);
- FilterChain chain = new FilterChain() {
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) {
- RangerSecurityContext ctx = RangerContextHolder.getSecurityContext();
+ FilterChain chain = (servletRequest, servletResponse) -> {
+ RangerSecurityContext ctx = RangerContextHolder.getSecurityContext();
- assertNotNull(ctx);
- assertNotNull(ctx.getRequestContext());
- assertEquals("awc-request-1", ctx.getRequestContext().getServerRequestId());
- assertSame(userSession, ctx.getUserSession());
- }
+ assertNotNull(ctx);
+ assertNotNull(ctx.getRequestContext());
+ assertEquals("awc-request-1", ctx.getRequestContext().getServerRequestId());
+ assertSame(userSession, ctx.getUserSession());
};
filter.doFilter(req, res, chain);
diff --git a/storm-agent/pom.xml b/storm-agent/pom.xml
index 7e526e2075..327549c5b8 100644
--- a/storm-agent/pom.xml
+++ b/storm-agent/pom.xml
@@ -50,6 +50,10 @@
jakarta.activation
jakarta.activation-api
+
+ org.eclipse.jetty
+ *
+
@@ -100,6 +104,10 @@
com.fasterxml.jackson.module
*
+
+ org.eclipse.jetty
+ *
+
@@ -120,6 +128,10 @@
com.fasterxml.jackson.module
*
+
+ org.eclipse.jetty
+ *
+
@@ -132,6 +144,11 @@
credentialbuilder
${project.version}
+
+ org.eclipse.jetty
+ *
+
+
org.slf4j
*
@@ -147,6 +164,10 @@
org.apache.hadoop
hadoop-common
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -162,6 +183,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
diff --git a/tagsync/pom.xml b/tagsync/pom.xml
index 30d5eea5b5..11662bf21d 100644
--- a/tagsync/pom.xml
+++ b/tagsync/pom.xml
@@ -176,6 +176,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -199,6 +203,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -230,6 +238,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -269,6 +281,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -308,6 +324,10 @@
org.apache.logging.log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -323,6 +343,10 @@
org.apache.commons
commons-lang3
+
+ org.eclipse.jetty
+ *
+
@@ -354,6 +378,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
@@ -385,6 +413,10 @@
javax.servlet
javax.servlet-api
+
+ org.eclipse.jetty
+ *
+
org.graalvm.sdk
graal-sdk
@@ -413,6 +445,10 @@
log4j
*
+
+ org.eclipse.jetty
+ *
+
org.slf4j
*
@@ -452,6 +488,11 @@
jersey-spring5
${jersey-client.version}
+
+ org.eclipse.jetty
+ *
+
+
org.springframework
*