Yes, it's mostly to do with how browser is designed to work with basic auth.
Follow this link, for a detailed explanation; http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication . On 24 Jun 2016 8:49 a.m., "Abhisar Mohapatra" <abhisar.mohapa...@inmobi.com> wrote: > Thanks a lot.It worked. shiro.ini changes was not required.I just worked > with the code change. Can you just tell me the gist of the problem ? .I > read the code but I am not so good in javascript so couldn't figure out the > exact problem. > > Thanks, > Abhisar > > On Thu, Jun 23, 2016 at 7:10 PM, Prabhjyot Singh <prabhjyotsi...@gmail.com > > wrote: > >> Hi Abhisar, >> >> I was able to figure out as why it didn't work for you with the last >> patch, can you check the latest patch. >> >> Also, can you try/test with following config in shiro.ini >> >> [users] >>> admin = admin >>> user1 = user1 >>> >>> [main] >>> sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager >>> securityManager.sessionManager = $sessionManager >>> securityManager.sessionManager.globalSessionTimeout = 86400000 >>> shiro.loginUrl = /api/login >>> >>> [urls] >>> /api/version = anon >>> /** = authcBasic >>> >>> >> >> >> >> On 23 June 2016 at 16:25, Abhisar Mohapatra <abhisar.mohapa...@inmobi.com >> > wrote: >> >>> Nopes .It doesn't.Only in case of new window if opened,it asks for >>> relogin else it just redirects to same page without logout >>> >>> On Thu, Jun 23, 2016 at 3:21 PM, Prabhjyot Singh < >>> prabhjyotsi...@gmail.com> wrote: >>> >>>> Hi Abhisar, >>>> >>>> I've just created a PR (https://github.com/apache/zeppelin/pull/1071) >>>> for this fix. Can you apply this patch and test, if that works for you. >>>> >>>> On 23 June 2016 at 08:40, Abhisar Mohapatra < >>>> abhisar.mohapa...@inmobi.com> wrote: >>>> >>>>> Yeah this I explored.It only gets plugged into LDAP or CAS now through >>>>> shiro. Have to figure out a way to integrate with existing SSO and then >>>>> use >>>>> JWT for all permission stuff. >>>>> Anyways Thanks :) >>>>> >>>>> On Wed, Jun 22, 2016 at 11:43 PM, Rob Anderson < >>>>> rockclimbings...@gmail.com> wrote: >>>>> >>>>>> There was a bug fix / enhancement that went out last week, to support >>>>>> group-to-role mappings, from a directory server, via ldap(s) calls. See >>>>>> https://github.com/apache/zeppelin/pull/986. I'm not sure if it's >>>>>> compatible with JWT tokens, I would guess not. >>>>>> >>>>>> I'm using AD on the back end. I've got groups mapped to roles, which >>>>>> are then used for the notebook R/W permissions. Works great. >>>>>> >>>>>> Rob >>>>>> >>>>>> On Wed, Jun 22, 2016 at 2:07 AM, Abhisar Mohapatra < >>>>>> abhisar.mohapa...@inmobi.com> wrote: >>>>>> >>>>>>> >>>>>>> I am using basic Shiro based authentication inbuilt in Zeppelin >>>>>>> 0.6.0. >>>>>>> I have got a certain use case where we have a separate SSO system >>>>>>> which once successfully authenticated gives me back a JWT token with >>>>>>> user >>>>>>> info and groups. Can this info be used to give notebook level read-write >>>>>>> access and share access ? >>>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Abhisar >>>>>>> >>>>>>> >>>>>>> >>>>>>> _____________________________________________________________ >>>>>>> The information contained in this communication is intended solely >>>>>>> for the use of the individual or entity to whom it is addressed and >>>>>>> others >>>>>>> authorized to receive it. It may contain confidential or legally >>>>>>> privileged >>>>>>> information. If you are not the intended recipient you are hereby >>>>>>> notified >>>>>>> that any disclosure, copying, distribution or taking any action in >>>>>>> reliance >>>>>>> on the contents of this information is strictly prohibited and may be >>>>>>> unlawful. If you have received this communication in error, please >>>>>>> notify >>>>>>> us immediately by responding to this email and then delete it from your >>>>>>> system. The firm is neither liable for the proper and complete >>>>>>> transmission >>>>>>> of the information contained in this communication nor for any delay in >>>>>>> its >>>>>>> receipt. >>>>>> >>>>>> >>>>>> >>>>> >>>>> _____________________________________________________________ >>>>> The information contained in this communication is intended solely for >>>>> the use of the individual or entity to whom it is addressed and others >>>>> authorized to receive it. It may contain confidential or legally >>>>> privileged >>>>> information. If you are not the intended recipient you are hereby notified >>>>> that any disclosure, copying, distribution or taking any action in >>>>> reliance >>>>> on the contents of this information is strictly prohibited and may be >>>>> unlawful. If you have received this communication in error, please notify >>>>> us immediately by responding to this email and then delete it from your >>>>> system. The firm is neither liable for the proper and complete >>>>> transmission >>>>> of the information contained in this communication nor for any delay in >>>>> its >>>>> receipt. >>>>> >>>> >>>> >>>> >>>> -- >>>> Thankx and Regards, >>>> >>>> Prabhjyot Singh >>>> >>> >>> >>> _____________________________________________________________ >>> The information contained in this communication is intended solely for >>> the use of the individual or entity to whom it is addressed and others >>> authorized to receive it. It may contain confidential or legally privileged >>> information. If you are not the intended recipient you are hereby notified >>> that any disclosure, copying, distribution or taking any action in reliance >>> on the contents of this information is strictly prohibited and may be >>> unlawful. If you have received this communication in error, please notify >>> us immediately by responding to this email and then delete it from your >>> system. The firm is neither liable for the proper and complete transmission >>> of the information contained in this communication nor for any delay in its >>> receipt. >>> >> >> >> >> -- >> Thankx and Regards, >> >> Prabhjyot Singh >> > > > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify > us immediately by responding to this email and then delete it from your > system. The firm is neither liable for the proper and complete transmission > of the information contained in this communication nor for any delay in its > receipt.
