[ZEPPELIN-2825] Zeppelin can't apply one of many Shiro roles to URLs - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.8.0
Fix Version/s: 0.8.0
Component/s: zeppelin-server
Labels:
None

Description

Zeppelin with Shiro configuration can not apply multiple Shiro roles to URLs.
For example, if Shiro configuration is this:

[urls]
/api/version = anon
/api/interpreter/** = authc, roles[admin, role1]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]

Then, as per Shiro documentation and current roles filter implementation , user will be able to access interpreter only when he/she is part of "all" the roles defined against interpreter URL above.

This fails when you have a user who belongs to any one of those roles roles[admin, role1].

There is a need for such a configuration which can give access to user who is part of "any of" the roles defined in Shiro configuration.

Attachments

Issue Links

links to

GitHub Pull Request #2515

Activity

People

Assignee:: Vipin Rathor

Reporter:: Vipin Rathor

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 02/Aug/17 22:22

Updated:: 30/Jan/18 02:31

Resolved:: 07/Aug/17 17:39