Repository: zeppelin Updated Branches: refs/heads/branch-0.6 87a13b74b -> ca19670b9
[ZEPPELIN-1164] ZeppelinHub Realm Add a new Shiro Realm that lets users authenticate in Apache Zeppelin using their ZeppelinHub credentials. `Feature` * [x] - Create ZeppelinHub Realm that extends `AuthorizingRealm`. * [x] - Update `shiro.ini` file and add ZeppelinHub configuration template. * [x] - Add documentation [Issue 1164](https://issues.apache.org/jira/browse/ZEPPELIN-1164) - Assuming that you already have an account [Zeppelinhub](https://www.zeppelinhub.com/register), edit `conf/shiro.ini` file and uncomment ZeppelinHub related configuration. - Start your Zeppelin - Login with your ZeppelinHub credentials. * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? YES Author: Anthony Corbacho <[email protected]> Closes #1173 from anthonycorbacho/feat/ZeppelinHubAuthentication and squashes the following commits: 63b06c6 [Anthony Corbacho] Fix rebase mistake in documentation 0f16344 [Anthony Corbacho] Fix typo in documentation 5a27871 [Anthony Corbacho] Add Documentation about ZeppelinHub Realm configuration 8347fa9 [Anthony Corbacho] Handle long line > 100 char 9bf96ba [Anthony Corbacho] Remove author tag... 64154d4 [Anthony Corbacho] Add more method comments. c207b5e [Anthony Corbacho] Change check of token.getUsername() in doGetAuthenticationInfo by using StringUtils::isBlank instead of checking only null. 38683e1 [Anthony Corbacho] Add new setting in Shiri.ini to handle ZeppelinHub realm. 34a8e5e [Anthony Corbacho] Create new Apache Shiro Realm for ZeppelinHub (cherry picked from commit e6f51e7183bf44778c9eb7948a12dcb196c4d31b) Signed-off-by: Mina Lee <[email protected]> Conflicts: docs/security/shiroauthentication.md Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/ca19670b Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/ca19670b Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/ca19670b Branch: refs/heads/branch-0.6 Commit: ca19670b9f15d9608d3cd977dd2056e3c35bbccf Parents: 87a13b7 Author: Anthony Corbacho <[email protected]> Authored: Fri Jul 22 15:55:50 2016 +0900 Committer: Mina Lee <[email protected]> Committed: Mon Aug 29 16:42:00 2016 +0200 ---------------------------------------------------------------------- docs/security/shiroauthentication.md | 30 ++---------------------------- 1 file changed, 2 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/ca19670b/docs/security/shiroauthentication.md ---------------------------------------------------------------------- diff --git a/docs/security/shiroauthentication.md b/docs/security/shiroauthentication.md index a7ddadd..f698a0a 100644 --- a/docs/security/shiroauthentication.md +++ b/docs/security/shiroauthentication.md @@ -108,36 +108,10 @@ To learn more about Apache Shiro Realm, please check [this documentation](http:/ We also provide community custom Realms. ### Active Directory - -``` -activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm -activeDirectoryRealm.systemUsername = userNameA -activeDirectoryRealm.systemPassword = passwordA -activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks -activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM -activeDirectoryRealm.url = ldap://ldap.test.com:389 -activeDirectoryRealm.groupRolesMap = "CN=aGroupName,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"group1" -activeDirectoryRealm.authorizationCachingEnabled = false -``` - - -Also instead of specifying systemPassword in clear text in shiro.ini administrator can choose to specify the same in "hadoop credential". -Create a keystore file using the hadoop credential commandline, for this the hadoop commons should be in the classpath -`hadoop credential create activeDirectoryRealm.systempassword -provider jceks://file/user/zeppelin/conf/zeppelin.jceks` - -Change the following values in the Shiro.ini file, and uncomment the line: -`activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks` +TBD ### LDAP - -``` -ldapRealm = org.apache.zeppelin.server.LdapGroupRealm -# search base for ldap groups (only relevant for LdapGroupRealm): -ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM -ldapRealm.contextFactory.url = ldap://ldap.test.com:389 -ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM -ldapRealm.contextFactory.authenticationMechanism = SIMPLE -``` +TBD ### ZeppelinHub [ZeppelinHub](https://www.zeppelinhub.com) is a service that synchronize your Apache Zeppelin notebooks and enables you to collaborate easily.
