One more thing. In Zeppelin logs there are many messages like this:

16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE << PING
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE PRINCIPAL << 
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE TICKET << 
16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE ROLES << 
16/09/08 02:03:46 ERROR NotebookServer: Can't handle message
java.lang.Exception: Invalid ticket  != f2810e7a-de64-4e41-b615-f31cd5bf7d68
        at 
org.apache.zeppelin.socket.NotebookServer.onMessage(NotebookServer.java:117)
        at 
org.apache.zeppelin.socket.NotebookSocket.onWebSocketText(NotebookSocket.java:56)
        at 
org.eclipse.jetty.websocket.common.events.JettyListenerEventDriver.onTextMessage(JettyListenerEventDriver.java:128)
        at 
org.eclipse.jetty.websocket.common.message.SimpleTextMessage.messageComplete(SimpleTextMessage.java:69)
        at 
org.eclipse.jetty.websocket.common.events.AbstractEventDriver.appendMessage(AbstractEventDriver.java:65)
        at 
org.eclipse.jetty.websocket.common.events.JettyListenerEventDriver.onTextFrame(JettyListenerEventDriver.java:122)
        at 
org.eclipse.jetty.websocket.common.events.AbstractEventDriver.incomingFrame(AbstractEventDriver.java:161)
        at 
org.eclipse.jetty.websocket.common.WebSocketSession.incomingFrame(WebSocketSession.java:309)
        at 
org.eclipse.jetty.websocket.common.extensions.ExtensionStack.incomingFrame(ExtensionStack.java:214)
        at 
org.eclipse.jetty.websocket.common.Parser.notifyFrame(Parser.java:220)
        at org.eclipse.jetty.websocket.common.Parser.parse(Parser.java:258)
        at 
org.eclipse.jetty.websocket.common.io.AbstractWebSocketConnection.readParse(AbstractWebSocketConnection.java:632)
        at 
org.eclipse.jetty.websocket.common.io.AbstractWebSocketConnection.onFillable(AbstractWebSocketConnection.java:480)
        at 
org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)

Looks like it's related to auth process.
________________________________________
From: Polina Marasanova [polina.marasan...@quantium.com.au]
Sent: Wednesday, 17 August 2016 10:48 AM
To: users@zeppelin.apache.org
Subject: Authenticate 1 user per notebook

Hi everyone,

I'm back with my authentication questions. Here is my shiro.ini config file. 
The problem is that it lets in all users from search base 
"OU=Users,DC=companyname,DC=local"
How can I restrict the access to only one user who owns a notebook? The process 
zeppelin-daemon.sh is running by this user

[main]
activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
activeDirectoryRealm.systemUsername = userNameA
activeDirectoryRealm.systemPassword = passwordA
activeDirectoryRealm.searchBase = "OU=Users,DC=companyname,DC=local"
activeDirectoryRealm.principalSuffix = @companyname.local
activeDirectoryRealm.url = ldap://ldapserver.companyname.local:389
activeDirectoryRealm.groupRolesMap = "OU=Users,DC=companyname,DC=local":"admin"
activeDirectoryRealm.authorizationCachingEnabled = false
securityManager.realms = $activeDirectoryRealm

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager

securityManager.sessionManager = $sessionManager
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

[roles]
admin = *

[urls]
/** = authc


Thanks
Cheers
Polina

Reply via email to