[GitHub] zeppelin issue #2182: [HOLD][ZEPPELIN-2248] Fix javax.ws.rs and cxf version ...
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2182 Hi, what is the status on this issue. Is there some temporary fix that can be used. Please tell me if you need help fixing/testing this issue. This is important because I cannot get LDAP to work if this keeps triggering on authorisation failure. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #2182: [HOLD][ZEPPELIN-2248] Fix javax.ws.rs and cxf version ...
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2182 For some reason the jar conflict(with the no such method exception) keeps showing up for me when using shiro with `org.apache.zeppelin.realm.LdapRealm`. When I had earlier used `GroupLdapRealm` there was no issue. I am not really sure if this is the reason or it is plain chance. I can certainly help with testing it but do you know why the Jenkins test are failing with your merge request? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 I was testing this branch. I had a scenario in which on using LDAPRealm the method not found exception was thrown as described in #2182 . In a similar scenario after building from this branch I got the following error when accessing /api/notebooks in the network requests. `HTTP ERROR 405 Problem accessing /api/login;jsessionid=gmhaugjgp4hg1l35w40eon2bp. Reason: Method Not AllowedPowered by Jetty:// ` I am not sure if this is related to this PR will post back after further investigation however I do not know why /login is being called internally via a GET request. Any light on this would be very helpful. Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue:
https://github.com/apache/zeppelin/pull/932
@echarles I tested with both simple and LdapGroupRealm and it was working.
It is only with LdapRealm that I am facing an issue. I will post a sample
`shiro.ini` for your reference. As I said I am still not sure why /login is
being called internally. I tried debugging with the source code but due to my
unfamiliarity with the codebase it has not been of much help.
```
[main]
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=my-company,dc=net
ldapRealm.searchBase = dc=my-company,dc=net
ldapRealm.userSearchBase = ou=people,dc=my-company,dc=net
ldapRealm.groupSearchBase = ou=groups,dc=my-company,dc=net
ldapRealm.contextFactory.url = ldaps://auth.mycompany.net:636
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.userObjectClass = posixAccount
ldapRealm.groupObjectClass = posixGroup
ldapRealm.authorizationEnabled = true
ldapRealm.memberAttribute = memberUid
ldapRealm.memberAttributeValueTemplate=uid={0},ou=people,dc=my-company,dc=net
ldapRealm.rolesByGroup = USERS:admin
ldapRealm.userSearchAttributeName = uid
securityManager.realms = $ldapRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
shiro.loginUrl = /api/login
[roles]
admin = *
[urls]
/api/version = anon
/** = authc
```
Eventually I will need group based permissions but this is just a
simplified ini. Here is a screenshot of the network activity on calling
api/notebooks.
[https://ibb.co/jLw9vk](url)
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 @jongyoul I'd be happy to look into it but would be better for me if you can provide a starting point to start looking at. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 @jongyoul Should I raise this as a separate issue because this seems unrelated to this PR? Apparently the ticket is not held when using LdapRealm while with LdapGroupRealm it is fine. However from my guess this happens at the Spring Security layer which makes it hard to debug for me. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 So I figured out what was happening. The problem was with my shiro.ini as I had not assigned a session manager. `securityManager.sessionManager = $sessionManager` After assigning this it works fine. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 @jongyoul I wish to open a dependent pull request for review. Is it possible to merge this branch if everything is working fine. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin pull request #2354: Allow group/role based authentication using Lda...
GitHub user sohaibiftikhar opened a pull request:
https://github.com/apache/zeppelin/pull/2354
Allow group/role based authentication using LdapRealm [ZEPPELIN-2539]
### What is this PR for?
Currently allowing authentication for selected roles/groups of an LDAP
realm is not possible. The LDAPRealm allows for mapping of roles to groups but
only allows authorization on URLs with respect to groups. No group based checks
are carried out during authentication. This PR allows for group based
authentication using LdapRealm.
### What type of PR is it?
[Improvement]
### Todos
* [ ] - Merge #932 - This PR also merges changes from 932 so that needs to
be merged first.
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2539
### How should this be tested?
Build and configure `shiro.ini` to use the LdapRealm and verify that the
realm works as before along with the added functionality of allowing only
certain user groups for authentication if the `allowedRolesForAuthentication`
config is set in the init. If this configuration is absent authentication
should work as before without verifying roles. A sample shiro.ini is pasted
here for testing purposes.
```
[main]
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.userDnTemplate = uid={0},ou=people,dc=my-company,dc=net
ldapRealm.searchBase = dc=my-company,dc=net
ldapRealm.userSearchBase = ou=people,dc=my-company,dc=net
ldapRealm.groupSearchBase = ou=groups,dc=my-company,dc=net
ldapRealm.contextFactory.url = ldaps://auth.my-company.net:636
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.userObjectClass = posixAccount
ldapRealm.groupObjectClass = posixGroup
ldapRealm.authorizationEnabled = true
ldapRealm.memberAttribute = memberUid
ldapRealm.memberAttributeValueTemplate=uid={0},ou=people,dc=my-company,dc=net
ldapRealm.rolesByGroup = GLOBAL_ADMINS:admin,HKG_USERS:user
ldapRealm.allowedRolesForAuthentication = admin,user
ldapRealm.userSearchAttributeName = uid
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
shiro.loginUrl = /api/login
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 8640
securityManager.realms = $ldapRealm
[urls]
/api/version = anon
/api/login = authc
/api/login/logout = authc
/** = authc, roles[admin,user]
```
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Y (documentation updated in PR)
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/sohaibiftikhar/zeppelin ldaprealm
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2354.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2354
commit 9eef80cb71bd7f456145830eca59a635b4627b83
Author: Eric Charles
Date: 2016-05-30T15:50:51Z
Replace CXF with Jersey2
commit dbac7d9cafc9d8496455b382949106fd94b9fc65
Author: Eric Charles
Date: 2016-05-30T15:55:37Z
Fix code style
commit d149a728eba1cbc2fd7ae2ee016cb71510286279
Author: Eric Charles
Date: 2016-05-30T16:13:53Z
Ensure dependency convergence
commit 99e45025b3a829b91b4532ea5dbba68ad7aa77b5
Author: Eric Charles
Date: 2016-06-02T09:21:39Z
Merge branch 'master' into jersey2
commit a7b7a871c9627721e3ddfa6469aa670f08f87bc0
Author: Eric Charles
Date: 2016-06-02T11:27:41Z
Remove remaining jersey1 dep
commit f25b695b2c9ee1343a9e59a2a65584ac95c79a6f
Author: Eric Charles
Date: 2016-06-14T09:47:56Z
Merge branch 'master' into jersey2
commit 326819d0bbf89d30b1fcf9cdd2dd20c1e11e7769
Author: Eric Charles
Date: 2016-08-02T05:53:35Z
Merge branch 'master' into jersey2
Conflicts:
zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
commit 82d98672f2dc230e60b1dc2effbb6bfe83183f21
Author: Eric Charles
Date: 2016-08-02T11:39:40Z
merge with master
commit 587d3660a8857c169b7df411c43b2988ef21de8b
Author: Eric Charles
Date: 2016-08-02T11:56:34Z
Document jersey 2 license
commit 7dafe84131d50659bdbd1b79efc622132644b574
Author: Eric Charles
Date: 2016-08-05T12:49:32Z
Merge branch 'master' into jersey2
Conflicts:
zeppelin-server/src/test/java/org/apache/zeppelin/socket/TestHttpServletRequest.java
commit 0634977a896ea63b3b3a0d48716fa74761aa61bd
Author: Eric Charles
Date: 2016-08-05T13:20:15Z
Add more licenses
commit c42d40c9b5b1b1162ba8217494aad0ecc6bab7e1
Author: Eric Charles
Date: 2016-08-17
[GitHub] zeppelin issue #2354: Allow group/role based authentication using LdapRealm ...
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2354 @khalidhuseynov At front it seems that the issues are unrelated however for reasons I do not know #2182 is triggered when using the LdapRealm for me. #932 fixes that issue and hence for testing my build with this option I had included the changes for that. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #932: Replace CXF with Jersey2 [ZEPPELIN-903]
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/932 Hi @jongyoul Is there some way I can help push this to merge faster? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #2354: Allow group/role based authentication using LdapRealm ...
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2354 CI looks good now it was initially now working before as for some reason: `curl -sSL "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x51716619E084DAB9"; | sudo -E apt-key add -` was returning with no gpg key found. Build is now fine at: https://travis-ci.org/sohaibiftikhar/zeppelin/builds/238652785 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #2354: Allow group/role based authentication using LdapRealm ...
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2354 CI is green. Earlier errors seem to have been erratic and resolved themselves after estart: https://travis-ci.org/sohaibiftikhar/zeppelin/builds/238705120 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin pull request #2500: [ZEPPELIN-2804] Fix shiro_authentication docume...
GitHub user sohaibiftikhar opened a pull request: https://github.com/apache/zeppelin/pull/2500 [ZEPPELIN-2804] Fix shiro_authentication documentation The github preview is fine but the html on https://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html#ldap is not displaying the code fragment correctly. ### What is this PR for? Fixes the documentation orientation for shiro LDAPRealm ### What type of PR is it? [Documentation] ### Todos ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-2804 ### How should this be tested? Build the documentation and verify that the problem as stated in image is resolved. ### Screenshots (if appropriate) https://user-images.githubusercontent.com/5103613/28454775-c91fbe1e-6dfc-11e7-9601-6279be44f124.png";> ### Questions: * Does the licenses files need update? N * Is there breaking changes for older versions? N * Does this needs documentation? N You can merge this pull request into a Git repository by running: $ git pull https://github.com/sohaibiftikhar/zeppelin patch-1 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/zeppelin/pull/2500.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2500 commit 94e184333eebf53e32749a89b637f1ef859d7fba Author: Sohaib Iftikhar Date: 2017-07-21T08:07:25Z Fixed documentation for shiro LDAPRealm The github preview is fine but the html on https://zeppelin.apache.org/docs/0.8.0-SNAPSHOT/security/shiroauthentication.html#ldap is not displaying the code fragment correctly. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
[GitHub] zeppelin issue #2500: [ZEPPELIN-2804] Fix shiro_authentication documentation
Github user sohaibiftikhar commented on the issue: https://github.com/apache/zeppelin/pull/2500 @1ambda I had an old url from 0.6.2 and 0.7.0 in my url history and I just replaced the version with 0.8.0-SNAPSHOT to see how the doc looked in the latest version. So I did not actually go through the documentation link on the website. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---
