Repository: zeppelin Updated Branches: refs/heads/master 5991a3577 -> 2f79852d3
[ZEPPELIN-1590] Move shiro.ini to shiro.ini.template ### What is this PR for? Move shiro.ini to shiro,ini.template for consistency. ### What type of PR is it? [Improvement] ### Todos - [ ] - Move Shiro.ini -> Shiro.ini.template ### What is the Jira issue? - [ZEPPELIN-1590](https://issues.apache.org/jira/browse/ZEPPELIN-1590) ### Questions: - Does the licenses files need update? No - Is there breaking changes for older versions? No - Does this needs documentation? Yes Author: Anthony Corbacho <[email protected]> Closes #1568 from anthonycorbacho/fix/ShiroConfTemplate and squashes the following commits: b1285ac [Anthony Corbacho] add shiro.ini to gitignore 73682e3 [Anthony Corbacho] Handle getShiroPath() to return shiro.ini path if exist otherwise use shiro.ini.template 9fc10ab [Anthony Corbacho] Change shiro.ini to shiro.ini.template Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/2f79852d Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/2f79852d Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/2f79852d Branch: refs/heads/master Commit: 2f79852d340713176bedb16ab6d5e714fed37e63 Parents: 5991a35 Author: Anthony Corbacho <[email protected]> Authored: Sat Oct 29 16:17:48 2016 +0900 Committer: Jongyoul Lee <[email protected]> Committed: Mon Oct 31 14:20:43 2016 +0900 ---------------------------------------------------------------------- .gitignore | 1 + conf/shiro.ini | 82 -------------------- conf/shiro.ini.template | 82 ++++++++++++++++++++ .../zeppelin/conf/ZeppelinConfiguration.java | 5 +- 4 files changed, 87 insertions(+), 83 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/2f79852d/.gitignore ---------------------------------------------------------------------- diff --git a/.gitignore b/.gitignore index 1c359d6..2e958f9 100644 --- a/.gitignore +++ b/.gitignore @@ -21,6 +21,7 @@ lens/lens-cli-hist.log conf/zeppelin-env.sh conf/zeppelin-env.cmd conf/zeppelin-site.xml +conf/shiro.ini conf/keystore conf/truststore conf/interpreter.json http://git-wip-us.apache.org/repos/asf/zeppelin/blob/2f79852d/conf/shiro.ini ---------------------------------------------------------------------- diff --git a/conf/shiro.ini b/conf/shiro.ini deleted file mode 100644 index 0562ba2..0000000 --- a/conf/shiro.ini +++ /dev/null @@ -1,82 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -[users] -# List of users with their password allowed to access Zeppelin. -# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections -admin = password1, admin -user1 = password2, role1, role2 -user2 = password3, role3 -user3 = password4, role2 - -# Sample LDAP configuration, for user Authentication, currently tested for single Realm -[main] -### A sample for configuring Active Directory Realm -#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm -#activeDirectoryRealm.systemUsername = userNameA - -#use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html -#activeDirectoryRealm.systemPassword = passwordA -#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks -#activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM -#activeDirectoryRealm.url = ldap://ldap.test.com:389 -#activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr" -#activeDirectoryRealm.authorizationCachingEnabled = false - -### A sample for configuring LDAP Directory Realm -#ldapRealm = org.apache.zeppelin.server.LdapGroupRealm -## search base for ldap groups (only relevant for LdapGroupRealm): -#ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM -#ldapRealm.contextFactory.url = ldap://ldap.test.com:389 -#ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM -#ldapRealm.contextFactory.authenticationMechanism = SIMPLE - -### A sample for configuring ZeppelinHub Realm -#zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm -## Url of ZeppelinHub -#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com -#securityManager.realms = $zeppelinHubRealm - -sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager - -### If caching of user is required then uncomment below lines -#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager -#securityManager.cacheManager = $cacheManager - -securityManager.sessionManager = $sessionManager -# 86,400,000 milliseconds = 24 hour -securityManager.sessionManager.globalSessionTimeout = 86400000 -shiro.loginUrl = /api/login - -[roles] -role1 = * -role2 = * -role3 = * -admin = * - -[urls] -# This section is used for url-based security. -# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. -# anon means the access is anonymous. -# authc means Form based Auth Security -# To enfore security, comment the line below and uncomment the next one -/api/version = anon -#/api/interpreter/** = authc, roles[admin] -#/api/configurations/** = authc, roles[admin] -#/api/credential/** = authc, roles[admin] -/** = anon -#/** = authc http://git-wip-us.apache.org/repos/asf/zeppelin/blob/2f79852d/conf/shiro.ini.template ---------------------------------------------------------------------- diff --git a/conf/shiro.ini.template b/conf/shiro.ini.template new file mode 100644 index 0000000..0562ba2 --- /dev/null +++ b/conf/shiro.ini.template @@ -0,0 +1,82 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +[users] +# List of users with their password allowed to access Zeppelin. +# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections +admin = password1, admin +user1 = password2, role1, role2 +user2 = password3, role3 +user3 = password4, role2 + +# Sample LDAP configuration, for user Authentication, currently tested for single Realm +[main] +### A sample for configuring Active Directory Realm +#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm +#activeDirectoryRealm.systemUsername = userNameA + +#use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html +#activeDirectoryRealm.systemPassword = passwordA +#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks +#activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM +#activeDirectoryRealm.url = ldap://ldap.test.com:389 +#activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr" +#activeDirectoryRealm.authorizationCachingEnabled = false + +### A sample for configuring LDAP Directory Realm +#ldapRealm = org.apache.zeppelin.server.LdapGroupRealm +## search base for ldap groups (only relevant for LdapGroupRealm): +#ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM +#ldapRealm.contextFactory.url = ldap://ldap.test.com:389 +#ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM +#ldapRealm.contextFactory.authenticationMechanism = SIMPLE + +### A sample for configuring ZeppelinHub Realm +#zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm +## Url of ZeppelinHub +#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com +#securityManager.realms = $zeppelinHubRealm + +sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager + +### If caching of user is required then uncomment below lines +#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager +#securityManager.cacheManager = $cacheManager + +securityManager.sessionManager = $sessionManager +# 86,400,000 milliseconds = 24 hour +securityManager.sessionManager.globalSessionTimeout = 86400000 +shiro.loginUrl = /api/login + +[roles] +role1 = * +role2 = * +role3 = * +admin = * + +[urls] +# This section is used for url-based security. +# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. +# anon means the access is anonymous. +# authc means Form based Auth Security +# To enfore security, comment the line below and uncomment the next one +/api/version = anon +#/api/interpreter/** = authc, roles[admin] +#/api/configurations/** = authc, roles[admin] +#/api/credential/** = authc, roles[admin] +/** = anon +#/** = authc http://git-wip-us.apache.org/repos/asf/zeppelin/blob/2f79852d/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java ---------------------------------------------------------------------- diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java index 414aed2..88cc4ee 100644 --- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java +++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java @@ -17,6 +17,7 @@ package org.apache.zeppelin.conf; +import java.io.File; import java.net.URL; import java.util.Arrays; import java.util.HashMap; @@ -401,7 +402,9 @@ public class ZeppelinConfiguration extends XMLConfiguration { } public String getShiroPath() { - return getRelativeDir(String.format("%s/shiro.ini", getConfDir())); + String shiroPath = getRelativeDir(String.format("%s/shiro.ini", getConfDir())); + return new File(shiroPath).exists() ? shiroPath + : getRelativeDir(String.format("%s/shiro.ini.template", getConfDir())); } public String getInterpreterRemoteRunnerPath() {
