Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.8.2
-
None
-
None
Description
Hi,
I am looking at shiro integration with zeppelin. My goal was to get a hold of the shiro subject/principal in the notebook repository in order to forward a JWT (OICD integration).
Since the NotebookRepo contains AuthenticationInfo in all its methods I expected to be able to find the user session as describe on their documentation:
Subject currentUser = SecurityUtils.getSubject(); Session session = currentUser.getSession();
This approach does not work since the methods of the notebook repository interface are getting called from the websocket listener and shiro does not seem to intercept websocket calls (I could not find much information about this I must say so I am not event sure this is possible).
Regardless, after digging a bit I realized that the security model for the websocket is based on some sort of "ticket" map where the key is the user name.
I am wondering if that could be done using a normal servlet/filter/shiro pattern?
Regards,
Hadrien