[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams closed the pull request at: https://github.com/apache/incubator-zeppelin/pull/53 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the fe

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168235372 I am closing this PR and suggest that we move the discussion to #586 --- If your project is set up for it, you can reply to this email and have your reply ap

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168235269 @jongyoul I just created 2 JIRA issues. [ZEPPELIN-548](https://issues.apache.org/jira/browse/ZEPPELIN-548) for Zeppelin Authentication [ZEPPELIN-

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168234161 You are right that should be removed. I took it from the shiro sample. I am removing the whole section right away. Cordialement. Hayssam Saleh,

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jeffsteinmetz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168232632 One comment: why is Stormpath (a commercial auth service unrelated to Zeppelin) mentioned in the comments for this PR? See: https://github.com/

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168230807 @elbamos @jongyoul @rconline I created a new PR (https://github.com/apache/incubator-zeppelin/pull/586) which implements HTTP et Websocket security but d

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user elbamos commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168122737 @hayssams Can you provide a very step-by-step intro readme? Default username/pass, what the authentication backend is, how users/groups are added, how to mak

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-168004206 I have just added a short [security readme](https://github.com/ebiznext/incubator-zeppelin/blob/3b276057a22c5569ea6f6cf1c5851b4aa5277e2f/Security-README.md)

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user rconline commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167866687 @hayssams please do that, it will be great. I can help with Junits, Docs and separation, should you need it, will commit into your branches, which can then b

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jeffsteinmetz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167839396 Is there an example of how shiro would be pluggable with other forms of authentication and authorization? Such as Java Web tokens (JWT), which req

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jongyoul commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167814685 @hayssams Sure! You can split this into several commits because this PR is your contribution and we will thank you so much of that. If you want to do this, w

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167809403 @elbamos @jongyoul @rconline Let me write down the whole set of changes I've made and how they may be split in my view in smaller commits. There are

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user rconline commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167797523 @jongyoul @elbamos @hayssams this change is an important one, and we should try to get this in. My two cents on how we could divide the whole pull request in

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jongyoul commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167522456 In addition to @elbamos's comments, I hope that the community would understand that it's too hard to review a kind of this PR which has changed widely becaus

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user elbamos commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167490159 I think we should have an organized plan to review and address this PR. I propose that the PR be merged into a new branch of Zeppelin, where the com

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user sejunra commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167481193 wondering what the status is on this. this is an awesome feature being awaited by many. thanks. --- If your project is set up for it, you can reply to this e

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-158519752 Hi I just added a boolean property (zeppelin.anonymous.allowed) at the end of the file conf/zeppelin-site.xml that when to false will block not-auhtentica

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user msciab commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-158386533 Yes but cancelling I am still able to create a public note, and in a public note I can still write whatsoever code. It may protect the notes but it does not pr

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-158386145 By cancelling you get access as an anonymous user aka public notes only. --- If your project is set up for it, you can reply to this email and have your repl

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user msciab commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-158384787 Hi, I just built your branch and I also enabled authentication editing shiro.ini. Now I get the browser asking for the password, but I can just cancel the req

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user galleon commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155186459 Hi, thanks for your answer. Let me know if I can help. Cheers. Guillaume --- If your project is set up for it, you can reply to this email and have your reply

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155185508 Hi Galleon I have been asked to add a few more unit tests by djoelz above. I am halfway in finishing it. --- If your project is set up for it, you

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jeffsteinmetz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155160753 Can you add documentation on how to use this? perhaps a new SECURITY-README.md and a link to it from the main readme? or maybe something new in the de

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user galleon commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155159455 Hayssam, what still needs to be done on this PR so that it can be merged? --- If your project is set up for it, you can reply to this email and have your repl

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155153646 Hello Jeff Yes websockets are secured. To get added to the user/websocket map, the client must provide the valid ticket. See code below: LOG.inf

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user jeffsteinmetz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155131734 Does this also handle securing the websocket? Could Shiro be extended to support single sign on tokens. For example - a future option where authentica

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user doanduyhai commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-155014371 + 100 for this feature. Security is missing right now and that prevents people for deploying Zeppelin in production. --- If your project is set up for it

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user lazaromedina commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-149200935 Hi @hayssams , i think there is another small bug. If a user different from 'anonymous' is authenticated, and clicking on one of his notes and then r

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-146993868 LGTM. Just pushed the update; Thanks Hayssam > -- *EBIZNEXT Java / .NET **/ DevOps / BigData

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user MartinWeindel commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-146892108 @hayssams: There is a small bug, if you from a notebook to the home page by clicking on the top left Zeppelin link. In this case the user is set

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-133314006 Hello Just came back from vacation. Give me a couple of weeks to build the required tests. Cordialement. *Hayssam Saleh, Architecture

Re: [GitHub] incubator-zeppelin pull request: Added Shiro security

Hi Amos! I am going with test driven development while the process mentions creating a test first I believe that if at the end the test and the code exist then the goal is reached. In general if we change/add public facing methods we must ensure that they cont

Re: [GitHub] incubator-zeppelin pull request: Added Shiro security

@djoelz - can you clarify the standard you're using to decide when tests are required? I'm putting together tests for the R interpreter PR, and it seems like you have a logical method for determining what has to be testable. If there's documentation on a testing standard for submissions, I'd app

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user djoelz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-132313144 I feel that this needs far more test coverage with all the new public methods it introduces. Just changing the existing tests is not enough. Please add unit te

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-120032728 Hi, I'll merge this WE nad let you know as soon as it's done. --- If your project is set up for it, you can reply to this email and have your reply appear on

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user RPCMoritz commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-120013860 Hi, I'd like to know whether this PR will be followed up? Integrated authentication would go along way towards making Zeppelin enterprise capable without us

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-100083398 Hi No credentials needed to access the REST API. Principal comes now from shiro context --- If your project is set up for it, you can reply to this emai

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-99955047 Hi I updated the PR to include the following 1. Merged with master (https://issues.apache.org/jira/browse/ZEPPELIN-26) 2. Credentials are included a

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-99370846 I missed your last question about session handling. I do not use sessions since the credentials are passed with each call. --- If your project is set up f

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-99104007 Hi Anthony 1. You're right using cookies for the HTTP API would be a much better choice. 2. Regarding storm path, The comments you find in t

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user anthonycorbacho commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-99096536 Hi, For me I am really confuse about the change on the rest api, why do we need `principal` and `ticket`? and why this is part of the rest api

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-99041112 You're right, this PR addresses 1) & 2). Regarding the points you raised - The login window is useful if we want to support form auth in addition t

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user Leemoonsoo commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-98904182 Sorry for late responding and thanks again for contribution. In my understanding, this branch trying to provides 1) security of rest/websocket api.

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user Leemoonsoo commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-97302983 Hi @hayssams, Thanks for contribution. Let me test this branch. --- If your project is set up for it, you can reply to this email and have your reply appear

[GitHub] incubator-zeppelin pull request: Added Shiro security

Github user hayssams commented on the pull request: https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-96575207 Support for authentication only. Notes are not shared among users. To share notes, you'll have to share the username/password among different users.

[GitHub] incubator-zeppelin pull request: Added Shiro security

GitHub user hayssams opened a pull request: https://github.com/apache/incubator-zeppelin/pull/53 Added Shiro security Added shiro security. HTTP calls and websockets communications are both protected. You can merge this pull request into a Git repository by running: $ git pull