Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2550

Optional Shiro config entry causing issues with notebook authorisation

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.6.0
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      I had to comment the line "securityManager.realms = $activeDirectoryRealm" from my Shiro config mentioned below to make the notebook permission configuration effective.

      ####Shiro config start####

      [users]
      #admin = password1

      [main]
      activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
      activeDirectoryRealm.systemUsername = user1
      activeDirectoryRealm.systemPassword = pwd
      #activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/zeppelin.jceks
      activeDirectoryRealm.searchBase = DC=testcore,DC=test,DC=dir,DC=org,DC=com
      activeDirectoryRealm.url = ldaps://testcore.test.dir.org.com:636
      activeDirectoryRealm.groupRolesMap = "CN=APPADMIN,OU=Managed,OU=Groups,DC=testcore,DC=test,DC=dir,DC=org,DC=com":"admin"
      activeDirectoryRealm.authorizationCachingEnabled = true
      activeDirectoryRealm.principalSuffix = @testcore.test.dir.org.com

      sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
      securityManager.sessionManager = $sessionManager
      securityManager.sessionManager.globalSessionTimeout = 86400000
      shiro.loginUrl = /api/login
      #securityManager.realms = $activeDirectoryRealm

      [roles]
      admin = *

      [urls]
      /api/version = anon
      /api/interpreter/** = authc, roles[admin]
      /api/configurations/** = authc, roles[admin]
      /api/credential/** = authc, roles[admin]
      #/** = anon
      /** = authc

      ####Shiro config end####

      Before commenting "securityManager.realms = $activeDirectoryRealm", Zeppelin was unable to resolve the role of an AD User configured in the notebook permission settings.

      More details can be found in the conversation between prabhjyotsingh and ekantheshwara in the below URL:

      https://github.com/apache/zeppelin/pull/986#issuecomment-292915667

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ekanthb@gmail.com Ekantheshwara Basappa
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: