[AUTHZ] Authz shaded include the transitive jackson libs

[yikf]

Why are the changes needed?

As description #5427 (comment). This PR aims to:

• Authz shaded include the transitive jackson libs
• Add LICENSE and NOTICE file to exactly match the content of jar
• Add scala-2.13 profile to make authz shade module support scala 2.13

How was this patch tested?

• Add some test cases that check the changes thoroughly including negative and positive cases if possible

• Add screenshots for manual tests if appropriate

• Run test locally before make a pull request

Was this patch authored or co-authored using generative AI tooling?

No

[yikf]

@pan3793

[pan3793]

.
├── META-INF
│   ├── AL2.0
│   ├── ASL2.0
│   ├── LGPL2.1
│   ├── LICENSE
│   ├── MANIFEST.MF
│   ├── NOTICE
│   ├── jersey-module-version
│   ├── persistence.xml
...

I did a quick check on the shaded jar, and found the following issues:

• where does LGPL2.1 come from? LGPL2.1 is under category-x which is not allowed to be included into ASF artifacts.
• AL2.0, ASL2.0 should be excluded
• LICENSE and NOTICE should be modified to exactly match the content of jar

[codecov-commenter]

Codecov Report

Merging #5496 (758d834) into master (03d6223) will not change coverage.
Report is 16 commits behind head on master.
The diff coverage is n/a.

❗ Current head 758d834 differs from pull request most recent head 8eeec2b. Consider uploading reports for the commit 8eeec2b to get more accurate results

@@          Coverage Diff           @@
##           master   #5496   +/-   ##
======================================
  Coverage    0.00%   0.00%           
======================================
  Files         588     588           
  Lines       33480   33480           
  Branches     4405    4405           
======================================
  Misses      33480   33480           

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[pan3793]

BTW, jna seems to be the dep of scala 2.13

[yikf]

• where does LGPL2.1 come from? LGPL2.1 is under category-x which is not allowed to be included into ASF artifacts.

LGPL2.1 comes from net.java.dev.jna, and it is licensed under the Apache License, excluded LGPL2.1 from shaded jar looks like fine.

BTW, jna seems to be the dep of scala 2.13

jna looks like come from ranger

[pan3793]

BTW, jna seems to be the dep of scala 2.13

I mean apache/spark#43008 (comment)

[yikf]

I mean apache/spark#43008 (comment)

Thanks for the information. It looks like we need to provide the scala-2.13 profile, which requires exclude jna.

For the scala 2.13 profile, maybe the jna version of ranger is different from the jna version of scala 2.13, but I can't think of a good way to solve it, because jna cannot shade.

[pan3793]

@yikf I suppose we can use the jna provided in Spark, then let's excluding jna in scala-2.13 profile

[pan3793]

have you tested it? what's the behavior when both includes and excludes are present?

[yikf]

It will contain the content in the includes tag and not in the excludes tag.

[pan3793]

Thanks, merged to master