RANGER-5603: Upgrade Solr to 9.4.1#965
Draft
pradeepagrawal8184 wants to merge 1 commit into
Draft
Conversation
rameeshm
reviewed
May 22, 2026
| @@ -40,6 +40,23 @@ | |||
| public class RangerPluginClassLoader extends URLClassLoader { | |||
Contributor
There was a problem hiding this comment.
@pradeepagrawal8184 This is bit invasive in doing. If the Jersey libraries are already present in the SOLR can we remove it from the SOLR?
Contributor
Author
There was a problem hiding this comment.
SOLR is dependent on jersey 2.39.x, while ranger is using 2.47; we can not enforce SOLR to use 2.47 ; also two different version of libraries can not exist in the same classpath; so as of now i have only this workaround.
| and initialSize parameters are ignored. | ||
| --> | ||
| <filterCache class="solr.FastLRUCache" | ||
| <filterCache class="solr.CaffeineCache" |
Contributor
There was a problem hiding this comment.
How is the upgrade going to be handled?
Contributor
Author
There was a problem hiding this comment.
Solr has removed FastLRUCache; if this is there then we get ClassNotFoundException regarding same; CaffeineCache is the new alternate in the SOLR 9.4 version.
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades Ranger’s Solr integration to Solr 9.4.1 to restore compatibility with JDK 17, including dependency/packaging adjustments and runtime fixes for Solr 9’s Jersey/Lucene ecosystem.
Changes:
- Bump Solr version to 9.4.1 and introduce Solr-aligned Lucene/Jersey version properties; add
solr-apiwhere required. - Update Solr plugin codepaths for Solr 9 (permissions mapping, Lucene class moves) and add classloader isolation to prevent Jersey version/resource conflicts.
- Refresh distro assemblies and dev-support Docker stack/scripts to package/run Solr 9 (Kerberos/dev setup, configset upload via SolrJ APIs, additional init scripts).
Reviewed changes
Copilot reviewed 52 out of 60 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| security-admin/pom.xml | Adds solr-api and excludes Lucene transitive deps from SolrJ to avoid ES/Lucene conflicts. |
| ranger-solr-plugin-shim/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java | Replaces Solr StringUtils usage with Objects.equals() for name comparison. |
| ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java | Adds Jersey SPI/resource filtering and isolates Jersey/HK2 classloading to avoid mixed-version runtime errors. |
| pom.xml | Updates Solr version + adds Solr Jersey/Lucene version properties; includes distro in the Solr plugin build profile. |
| plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/SubsetQueryPlugin.java | Updates CoveringQuery import location for Lucene 9. |
| plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/SolrAuthzUtil.java | Adjusts admin-op permission handling to match Solr 9 enums/operations. |
| plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java | Updates Solr permission mapping; adds special-case handling for audit collection updates. |
| plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuditHandler.java | Exposes audit collection name constant and updates auditing suppression logic for null users. |
| plugin-solr/pom.xml | Switches JAX-RS API dependency to javax.ws.rs; aligns Jersey runtime deps to Solr; adds Lucene sandbox. |
| plugin-solr/conf/ranger-solr-security-changes.cfg | Updates Solr plugin config tokens and adds keytab principal/file properties. |
| embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/SolrCollectionBootstrapper.java | Reworks configset upload/collection creation flow for Solr 9 using ConfigSetAdminRequest. |
| distro/src/main/assembly/storm-agent.xml | Ensures solr-api is packaged with agent artifacts. |
| distro/src/main/assembly/plugin-yarn.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-trino.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-sqoop.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-solr.xml | Switches to javax.ws.rs-api, adds Lucene sandbox, forces Solr-aligned Jersey jars, and copies extra Jersey artifacts. |
| distro/src/main/assembly/plugin-presto.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-ozone.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-kylin.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-kms.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-kafka.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-elasticsearch.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/plugin-atlas.xml | Ensures solr-api is packaged with plugin artifacts. |
| distro/src/main/assembly/pdp.xml | Ensures solr-api is packaged with PDP distribution artifacts. |
| distro/src/main/assembly/knox-agent.xml | Ensures solr-api is packaged with agent artifacts. |
| distro/src/main/assembly/kms.xml | Ensures solr-api is packaged with KMS distribution artifacts. |
| distro/src/main/assembly/hive-agent.xml | Ensures solr-api is packaged with agent artifacts. |
| distro/src/main/assembly/hdfs-agent.xml | Ensures solr-api is packaged with agent artifacts. |
| distro/src/main/assembly/hbase-agent.xml | Ensures solr-api is packaged with agent artifacts. |
| distro/src/main/assembly/admin-web.xml | Ensures solr-api is packaged with admin-web artifacts. |
| distro/pom.xml | Copies Solr-aligned Jersey jars during packaging to prevent assembly merge dropping required artifacts. |
| dev-support/ranger-docker/scripts/zk/zookeeper-with-kerberos.sh | Adds Kerberos-aware ZooKeeper startup wrapper for dev stack. |
| dev-support/ranger-docker/scripts/solr/solr-security.json | Updates Solr security configuration used by dev stack. |
| dev-support/ranger-docker/scripts/solr/solr-ranger_audits/solrconfig.xml | Updates cache implementations to Solr 9-supported Caffeine caches. |
| dev-support/ranger-docker/scripts/solr/solr-ranger_audits/managed-schema | Updates managed schema header and field definitions for Solr 9. |
| dev-support/ranger-docker/scripts/solr/ranger-solr.sh | Updates Solr 9 docker startup behavior (opts, allowPaths, core.properties handling, env). |
| dev-support/ranger-docker/scripts/solr/ranger-solr-plugin-install.properties | Switches to keytab-based UGI login and adds related properties. |
| dev-support/ranger-docker/scripts/solr/ranger_audits/core.properties | Adds required core marker file for Solr 9 core discovery. |
| dev-support/ranger-docker/scripts/rdbms/init_postgres.sh | Adds Postgres init helper for dev stack. |
| dev-support/ranger-docker/scripts/rdbms/init_oracle.sh | Adds Oracle init helper for dev stack. |
| dev-support/ranger-docker/scripts/rdbms/init_mssql.sh | Adds MSSQL init helper for dev stack. |
| dev-support/ranger-docker/scripts/pdp/ranger-pdp.sh | Adds dev PDP setup script with Kerberos keytab waits. |
| dev-support/ranger-docker/scripts/ozone/ranger-ozone-setup.sh | Adds dev helper to enable the Ozone plugin. |
| dev-support/ranger-docker/scripts/ozone/enable-ozone-plugin.sh | Adds plugin enable script for Ozone (packaging/config changes). |
| dev-support/ranger-docker/scripts/kdc/entrypoint.sh | Adds a KDC entrypoint to initialize principals/keytabs for the dev stack. |
| dev-support/ranger-docker/scripts/hadoop/ranger-hadoop-setup.sh | Ensures policy cache directories exist/are accessible in dev Hadoop containers. |
| dev-support/ranger-docker/scripts/build/ranger-build.sh | Increases Maven heap for docker builds. |
| dev-support/ranger-docker/download-archives.sh | Adds gzip integrity check and makes curl fail on HTTP errors; downloads Tez archive for Hadoop stack. |
| dev-support/ranger-docker/Dockerfile.ranger-solr | Updates Solr base image version and directory ownership for Solr 9 layout. |
| dev-support/ranger-docker/Dockerfile.ranger-hadoop | Updates base image version argument usage. |
| dev-support/ranger-docker/docker-compose.ranger.yml | Updates Solr service mounts/env for Solr 9 and keeps enable templates synced. |
| dev-support/ranger-docker/docker-compose.ranger-hadoop.yml | Adds build arg and dependencies; mounts enable templates to avoid stale image tarballs. |
| dev-support/ranger-docker/docker-compose.ranger-dev.yml | Adds a composed “dev stack” compose file including Ranger + Hadoop profiles. |
| dev-support/ranger-docker/.env | Updates Solr version and adds required DB type setting for compose stack. |
| audit-server/pom.xml | Aligns Lucene dependencies to Solr/Lucene 9 coordinates and versions. |
| audit-server/audit-dispatcher/dispatcher-solr/pom.xml | Aligns Lucene dependencies to Solr/Lucene 9 coordinates and versions. |
| agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java | Sets global Hadoop UGI configuration from plugin config after UGI init. |
| agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java | Ensures core-site.xml is added as a readable resource for security detection. |
| agents-audit/dest-solr/pom.xml | Adds solr-api dependency needed with Solr 9 artifact split. |
| agents-audit/core/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java | Ensures UGI login user is recorded after JAAS-based keytab login. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
pradeepagrawal8184
force-pushed
the
RANGER-5603_SOLR
branch
2 times, most recently
from
f936b0d to
53a5bf6
Compare
pradeepagrawal8184
force-pushed
the
RANGER-5603_SOLR
branch
from
53a5bf6 to
2f6a758
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
Ranger solr plugin install was failing because solr version is not compatible with jdk17; hence trying to upgrade solr to 9.4.1 as it has jdk17 support as per solr's doc.
How was this patch tested?
I tested this patch in my docker env;
@reviewers:
if possible please test this patch in your env also to ensure the changes are generic for all env.