[GitHub] zeppelin issue #986: [Zeppelin 946] Permissions not honoring group

Tue, 11 Apr 2017 22:51:50 -0700 

Github user ekantheshwara commented on the issue:

    https://github.com/apache/zeppelin/pull/986
  
    @prabhjyotsingh 
    
    I dont see a call made to AD to check the group membership when a Notebook 
is accessed. These are the logs that I see when I access the Notebook:
    
    ssion,outgoing=org.eclipse.jetty.websocket.server.WebSocketServerConnection]
    DEBUG [2017-04-11 10:34:39,042] ({qtp1170794006-15} 
AbstractEventDriver.java[incomingFrame]:103) - 
incomingFrame(TEXT[len=126,fin=true,rsv=...,masked=true])
    DEBUG [2017-04-11 10:34:39,042] ({qtp1170794006-15} 
NotebookServer.java[onMessage]:106) - RECEIVE << GET_NOTE
    DEBUG [2017-04-11 10:34:39,042] ({qtp1170794006-15} 
NotebookServer.java[onMessage]:107) - RECEIVE PRINCIPAL << user1
    DEBUG [2017-04-11 10:34:39,042] ({qtp1170794006-15} 
NotebookServer.java[onMessage]:108) - RECEIVE TICKET << 
b2512330-0a0f-4631-9913-c688d1c9d7f2
    DEBUG [2017-04-11 10:34:39,043] ({qtp1170794006-15} 
NotebookServer.java[onMessage]:109) - RECEIVE ROLES << []
     INFO [2017-04-11 10:34:39,043] ({qtp1170794006-15} 
NotebookServer.java[sendNote]:423) - New operation from 10.60.179.195 : 49895 : 
user1 : GET_NOTE : 2CC4Z4DEX
     INFO [2017-04-11 10:34:39,043] ({qtp1170794006-15} 
NotebookServer.java[permissionError]:411) - Cannot read. Connection readers 
[user1]. Allowed readers [APPADMIN]
    DEBUG [2017-04-11 10:34:39,044] ({qtp1170794006-15} 
WebSocketRemoteEndpoint.java[sendString]:385) - sendString with 
HeapByteBuffer@669d45be[p=0,l=235,c=235,r=235]={<<<{"op":"AUTH_INFO"...us","roles":""}>>>}
    
    
    However, when I access the "interpreter" or "configurations" url, I get the 
below logs which explain why the config is effective for URLs:
    
    DEBUG [2017-04-11 10:38:58,087] ({qtp1170794006-16 - 
/api/interpreter/setting} 
ActiveDirectoryGroupRealm.java[getRoleNamesForUser]:286) - Groups found for 
user [d786090]: 
[CN=APPADMIN,OU=Managed,OU=Groups,DC=testcore,DC=test,DC=dir,DC=org,DC=com]
    DEBUG [2017-04-11 10:38:58,087] ({qtp1170794006-16 - 
/api/interpreter/setting} 
ActiveDirectoryGroupRealm.java[getRoleNamesForGroups]:316) - User is member of 
group 
[CN=APPADMIN,OU=Managed,OU=Groups,DC=testcore,DC=test,DC=dir,DC=telstra,DC=com] 
so adding role [admin]
    
    This makes me think that your fix may not be available in the Zeppelin 
version that I am using. Can you please let me know if there is any other way 
of verifying if your fix is available in my Zeppelin ?
    
    Looking forward to your response.
    
    Regards,
    Ekantheshwara


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to