Github user prasadwagle commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/681#issuecomment-184474829
@AhyoungRyu - I have fixed the documentation issues you reported. Thanks!
@hayssams - Your design allows for fine-grained controls and is elegant. I
am trying to figure out how I would make it work in my company where we have a
homegrown authentication scheme described below. The LDAP server is locked down
tight and I am not sure if the security team would allow Zeppelin to write to
it.
> If an incoming request to the Zeppelin server does not have a cookie with
user information encrypted with the authentication server public key, the user
is redirected to the LDAP authentication server. Once the user is verified, the
authentication server redirects the browser to a specific URL in the Zeppelin
server which sets the authentication cookie in the browser. The end result is
that all requests to the Zeppelin web server have the authentication cookie
which contains user and groups information.
We have made the implementation in this pull request work in my company
environment by setting userAndRoles in the NotebookSocket constructor using
the information in the authentication cookie.
> Not sure if your implementation currently protect from discovering the
notes through the search service.
It does not. We are mostly concerned with preventing users from viewing
results in notes for which they don't have read permissions. We can create a
separate issue to prevent users from viewing queries in notes for which they
don't have read permissions.
@Leemoonsoo's - I understand your concern regarding notebook portability
and agree we should resolve ZEPPELIN-666 before the next release.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
