AMBARI-21802. Zeppelin's secure cookie should only be set when zeppelin is running in HTTPS mode.(Prabhjyot Singh via gauravn7)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/68b95cf8 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/68b95cf8 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/68b95cf8 Branch: refs/heads/feature-branch-AMBARI-21307 Commit: 68b95cf818fb0d0f24d6e66873ab081e9165048d Parents: 787fe0f Author: Gaurav Nagar <grv...@gmail.com> Authored: Fri Aug 25 12:22:37 2017 +0530 Committer: Gaurav Nagar <grv...@gmail.com> Committed: Fri Aug 25 12:22:37 2017 +0530 ---------------------------------------------------------------------- .../ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml | 3 ++- .../ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/68b95cf8/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml index 742f5be..b46d9ff 100644 --- a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml +++ b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml @@ -63,7 +63,8 @@ securityManager.cacheManager = $cacheManager cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = JSESSIONID -cookie.secure = true +#Uncomment the line below when running Zeppelin-Server in HTTPS mode +#cookie.secure = true cookie.httpOnly = true sessionManager.sessionIdCookie = $cookie http://git-wip-us.apache.org/repos/asf/ambari/blob/68b95cf8/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml index 25ea3d0..1ff3d9e 100644 --- a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml +++ b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.3.0/configuration/zeppelin-shiro-ini.xml @@ -61,6 +61,13 @@ sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager +cookie = org.apache.shiro.web.servlet.SimpleCookie +cookie.name = JSESSIONID +#Uncomment the line below when running Zeppelin-Server in HTTPS mode +#cookie.secure = true +cookie.httpOnly = true +sessionManager.sessionIdCookie = $cookie + securityManager.sessionManager = $sessionManager # 86,400,000 milliseconds = 24 hour securityManager.sessionManager.globalSessionTimeout = 86400000