Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
0.8.0
-
None
Description
Zeppelin with Shiro configuration can not apply multiple Shiro roles to URLs.
For example, if Shiro configuration is this:
[urls] /api/version = anon /api/interpreter/** = authc, roles[admin, role1] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin]
Then, as per Shiro documentation and current roles filter implementation , user will be able to access interpreter only when he/she is part of "all" the roles defined against interpreter URL above.
This fails when you have a user who belongs to any one of those roles roles[admin, role1].
There is a need for such a configuration which can give access to user who is part of "any of" the roles defined in Shiro configuration.
Attachments
Issue Links
- links to