Hi, I've found an answer here : https://stackoverflow.com/questions/14980703/apache-shiro-allowing-multiple-roles-to-access-a-url-not-working Shiro performs a "and", which does not make any sense in the general case... Is there a custom "or" filter implemented in Zeppelin ? If not, that would be a great idea, as it's not a good practice to patch every software you want to install.
-----Message d'origine----- De : LINZ, Arnaud Envoyé : jeudi 8 mars 2018 17:14 À : '[email protected]' <[email protected]> Objet : Multiple groups in shiro config for url restriction Hello, I try to restrict the interpreter configuration page to some specific groups. /api/interpreter/** = authc, roles[admin1] works fine, but I have *multiple* ldap groups to authorize. I've tried : /api/interpreter/** = authc, roles[admin1,admin2] /api/interpreter/** = authc, roles[admin1, admin2] /api/interpreter/** = authc, roles[admin1;admin2] /api/interpreter/** = authc, roles[admin1; admin2] /api/interpreter/** = authc, roles[admin1 | admin2] /api/interpreter/** = authc, roles[admin1], roles[admin2] But none works => it denies access to everybody. How can I do this ? Best regards, Arnaud ________________________________ L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur. The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
