Following on this issue which was merged long time ago:
I have two problems with this way of "securing" endpoints especially in interpreters:
- If users are not supposed to access these 3 areas, shouldn't the UI be smarter and hide them as well? Not really ergonomic to display a choice and then say sorry you can't touch this.
- The bigger issue that I am just facing is users can't restart their Spark interpreter after securing `/api/interpreter/**`. It says you are not authorised to access /api/interpreters/settings/restart/xxxx.
It is really important for users to start a fresh Spark context since the sessions are not terminated after some idle time (at least not in 0.7.3) like Livy. So users may need to create a fresh Spark context/session and destroy old variables/UI.
Update: I am changing this to a bug as this is possible when the interpreter is Livy. Users can restart their own interpreter from their notebook without seeing the error.
Here is the conf for shiro:
UPDATE2: I was wrong! The restart interpreter is not working for users no matter what (Spark or Livy).