Downgrade Jetty version of trino ranger plugin

[HalimKim]

Description

• If you activate trino ranger plugin and solr audit, solr audit will be failed with NoClassDefinitionFound error.

2025-10-14T11:15:29.238+0900    ERROR   main    org.apache.ranger.audit.destination.SolrAuditDestination        Can't connect to Solr server. ZooKeepers=dev-nav9-nch007-ncl.nfra.io:2181,dev-nav9-nch008-ncl.nfra.io:2181,dev-nav9-nch009-ncl.nfra.io:2181/solr
java.lang.NoClassDefFoundError: org/eclipse/jetty/client/util/SPNEGOAuthentication
        at org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:166)
        at org.apache.ranger.audit.destination.SolrAuditDestination.init(SolrAuditDestination.java:96)
        at org.apache.ranger.audit.provider.AuditProviderFactory.init(AuditProviderFactory.java:183)
        at org.apache.ranger.plugin.service.RangerBasePlugin.init(RangerBasePlugin.java:299)
        at io.trino.plugin.ranger.RangerSystemAccessControl.<init>(RangerSystemAccessControl.java:155)
        at io.trino.plugin.ranger.RangerSystemAccessControl$$FastClassByGuice$$17fce9.GUICE$TRAMPOLINE(<generated>)
        at io.trino.plugin.ranger.RangerSystemAccessControl$$FastClassByGuice$$17fce9.apply(<generated>)
        at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:82)
        at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
        at com.google.inject.internal.ConstructorInjector.access$000(ConstructorInjector.java:33)
        at com.google.inject.internal.ConstructorInjector$1.call(ConstructorInjector.java:98)
        at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:109)
        at io.airlift.bootstrap.LifeCycleModule.provision(LifeCycleModule.java:53)
        at com.google.inject.internal.ProvisionListenerStackCallback$Provision.provision(ProvisionListenerStackCallback.java:117)
        at com.google.inject.internal.ProvisionListenerStackCallback.provision(ProvisionListenerStackCallback.java:66)
        at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:93)
        at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:300)
        at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
        at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:169)
        at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:45)
        at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:213)
        at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186)
        at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:113)
        at com.google.inject.Guice.createInjector(Guice.java:87)
        at io.airlift.bootstrap.Bootstrap.initialize(Bootstrap.java:335)
        at io.trino.plugin.ranger.RangerSystemAccessControlFactory.create(RangerSystemAccessControlFactory.java:52)
        at io.trino.security.AccessControlManager.createSystemAccessControl(AccessControlManager.java:222)
        at java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:215)
        at java.base/java.util.Collections$2.tryAdvance(Collections.java:5075)
        at java.base/java.util.Collections$2.forEachRemaining(Collections.java:5083)
        at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:570)
        at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:560)
        at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:921)
        at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:265)
        at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:727)
        at io.trino.security.AccessControlManager.loadSystemAccessControl(AccessControlManager.java:177)
        at io.trino.server.Server.doStart(Server.java:164)
        at io.trino.server.Server.lambda$start$0(Server.java:90)
        at io.trino.$gen.Trino_476____20251014_021515_1.run(Unknown Source)
        at io.trino.server.Server.start(Server.java:90)
        at io.trino.server.TrinoServer.main(TrinoServer.java:37)
Caused by: java.lang.ClassNotFoundException: org.eclipse.jetty.client.util.SPNEGOAuthentication
        at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:349)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:557)
        at io.trino.server.PluginClassLoader.loadClass(PluginClassLoader.java:114)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:490)
        ... 41 more

The key message is here

java.lang.NoClassDefFoundError: org/eclipse/jetty/client/util/SPNEGOAuthentication

• SPNEGOAuthentication class is included in jetty-client jar. this jar file is already included in ranger trino plugin too (by Indirect dependencies).
• However, Group Id of SPNEGOAuthentication has been changed From Jetty 12 version.
• 'util' is removed (org/eclipse/jetty/client/util/SPNEGOAuthentication -> org/eclipse/jetty/client/SPNEGOAuthentication)
• So my proposed solution is that downgrading jetty to 11 instead of using 12.x version. (Unfortunately there is no solr client that is compatible with jetty 12 version)

Additional context and related issues

• Similar problem in Ranger NiFi Plugin: https://issues.apache.org/jira/browse/NIFI-12765

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
( ) Release notes are required. Please propose a release note for me.
(x) Release notes are required, with the following suggested text:

## Section
* Fix ranger audit to solr. ({issue}`26939`)

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla

[mneethiraj]

@HalimKim - org.apache.ranger:org.eclipse.jetty depdency shouldn't be from org.apache.ranger:ranger-plugins-common (since org.apache.hadoop:hadoop-common is already being excluded here); instead it should be from the following:

• org.apache.ranger:ranger-audit-dest-solr (via org.apache.solr:solr-solrj)

[mneethiraj]

@HalimKim - the stack trace in the description is from Ranger 2.6.0 plugin library - which explains your fix in dependency exclusion from ranger-plugins-common. Trino currently uses Ranger 2.7.0, hence this exclusion should instead be added to ranger-audit-dest-solr. Rest of the changes look good.

[HalimKim]

@mneethiraj Thank you for your opinion! I moved it to the ranger-audit-dest-solr.
manual compile test is okay with my env.

[HalimKim]

And I submitted the signed CLA to [email protected] two days ago.

[lozbrown]

Is this related?
#25686

[mneethiraj]

Is this related? #25686

Yes @lozbrown. The proposed fix should address the issue reported in #25686, once the PR is updated for Ranger version 2.7.0.

[cla-bot]

Thank you for your pull request and welcome to the Trino community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. Continue to work with us on the review and improvements in this PR, and submit the signed CLA to [email protected]. Photos, scans, or digitally-signed PDF files are all suitable. Processing may take a few days. The CLA needs to be on file before we merge your changes. For more information, see https://github.com/trinodb/cla