One more thing. In Zeppelin logs there are many messages like this:
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE << PING
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE PRINCIPAL <<
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE TICKET <<
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE ROLES <<
16/09/08 02:03:46 ERROR NotebookServer: Can't handle message
java.lang.Exception: Invalid ticket != f2810e7a-de64-4e41-b615-f31cd5bf7d68
at
org.apache.zeppelin.socket.NotebookServer.onMessage(NotebookServer.java:117)
at
org.apache.zeppelin.socket.NotebookSocket.onWebSocketText(NotebookSocket.java:56)
at
org.eclipse.jetty.websocket.common.events.JettyListenerEventDriver.onTextMessage(JettyListenerEventDriver.java:128)
at
org.eclipse.jetty.websocket.common.message.SimpleTextMessage.messageComplete(SimpleTextMessage.java:69)
at
org.eclipse.jetty.websocket.common.events.AbstractEventDriver.appendMessage(AbstractEventDriver.java:65)
at
org.eclipse.jetty.websocket.common.events.JettyListenerEventDriver.onTextFrame(JettyListenerEventDriver.java:122)
at
org.eclipse.jetty.websocket.common.events.AbstractEventDriver.incomingFrame(AbstractEventDriver.java:161)
at
org.eclipse.jetty.websocket.common.WebSocketSession.incomingFrame(WebSocketSession.java:309)
at
org.eclipse.jetty.websocket.common.extensions.ExtensionStack.incomingFrame(ExtensionStack.java:214)
at
org.eclipse.jetty.websocket.common.Parser.notifyFrame(Parser.java:220)
at org.eclipse.jetty.websocket.common.Parser.parse(Parser.java:258)
at
org.eclipse.jetty.websocket.common.io.AbstractWebSocketConnection.readParse(AbstractWebSocketConnection.java:632)
at
org.eclipse.jetty.websocket.common.io.AbstractWebSocketConnection.onFillable(AbstractWebSocketConnection.java:480)
at
org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
Looks like it's related to auth process.
________________________________________
From: Polina Marasanova [[email protected]]
Sent: Wednesday, 17 August 2016 10:48 AM
To: [email protected]
Subject: Authenticate 1 user per notebook
Hi everyone,
I'm back with my authentication questions. Here is my shiro.ini config file.
The problem is that it lets in all users from search base
"OU=Users,DC=companyname,DC=local"
How can I restrict the access to only one user who owns a notebook? The process
zeppelin-daemon.sh is running by this user
[main]
activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
activeDirectoryRealm.systemUsername = userNameA
activeDirectoryRealm.systemPassword = passwordA
activeDirectoryRealm.searchBase = "OU=Users,DC=companyname,DC=local"
activeDirectoryRealm.principalSuffix = @companyname.local
activeDirectoryRealm.url = ldap://ldapserver.companyname.local:389
activeDirectoryRealm.groupRolesMap = "OU=Users,DC=companyname,DC=local":"admin"
activeDirectoryRealm.authorizationCachingEnabled = false
securityManager.realms = $activeDirectoryRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
admin = *
[urls]
/** = authc
Thanks
Cheers
Polina
