[jira] [Created] (ZEPPELIN-2550) Optional Shiro config entry causing issues with notebook authorisation

Mon, 15 May 2017 17:28:17 -0700 

Ekantheshwara Basappa created ZEPPELIN-2550:
-----------------------------------------------

             Summary: Optional Shiro config entry causing issues with notebook 
authorisation
                 Key: ZEPPELIN-2550
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-2550
             Project: Zeppelin
          Issue Type: Bug
          Components: security
    Affects Versions: 0.6.0
            Reporter: Ekantheshwara Basappa


I had to comment the line "securityManager.realms = $activeDirectoryRealm" from 
my Shiro config mentioned below to make the notebook permission configuration 
effective. 

####Shiro config start####

[users]
#admin = password1

[main]
activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
activeDirectoryRealm.systemUsername = user1
activeDirectoryRealm.systemPassword = pwd
#activeDirectoryRealm.hadoopSecurityCredentialPath = 
jceks://user/zeppelin/zeppelin.jceks
activeDirectoryRealm.searchBase = DC=testcore,DC=test,DC=dir,DC=org,DC=com
activeDirectoryRealm.url = ldaps://testcore.test.dir.org.com:636
activeDirectoryRealm.groupRolesMap = 
"CN=APPADMIN,OU=Managed,OU=Groups,DC=testcore,DC=test,DC=dir,DC=org,DC=com":"admin"
activeDirectoryRealm.authorizationCachingEnabled = true
activeDirectoryRealm.principalSuffix = @testcore.test.dir.org.com

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
#securityManager.realms = $activeDirectoryRealm

[roles]
admin = *

[urls]
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc

####Shiro config end####

Before commenting "securityManager.realms = $activeDirectoryRealm", Zeppelin 
was unable to resolve the role of an AD User configured in the notebook 
permission settings.

More details can be found in the conversation between prabhjyotsingh and 
ekantheshwara in the below URL:

https://github.com/apache/zeppelin/pull/986#issuecomment-292915667




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to