Repository: zeppelin Updated Branches: refs/heads/master 0f56337ce -> f7c7efdb8
[DOC] Update shiro after merging #1568 ### What is this PR for? A simple update of the documentation to let user know how that they need to copy `shiro.ini.template` to `shiro.ini` ### What type of PR is it? [Documentation] ### Screenshots (if appropriate)  ### Questions: * Does the licenses files need update? NO * Is there breaking changes for older versions? NO * Does this needs documentation? NO Author: Anthony Corbacho <[email protected]> Closes #1571 from anthonycorbacho/doc/ShiroTemplate and squashes the following commits: 2f73f56 [Anthony Corbacho] Fix typo :: copy -> cp ^^ bcba1db [Anthony Corbacho] Fix typo number 2 Yo f933a6a [Anthony Corbacho] Fix typo 3f11260 [Anthony Corbacho] Update shiro part about coping shiro.ini.template to shiro.ini in conf Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/f7c7efdb Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/f7c7efdb Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/f7c7efdb Branch: refs/heads/master Commit: f7c7efdb86f30df6fbd7dd61f16cd22236fcc61b Parents: 0f56337 Author: Anthony Corbacho <[email protected]> Authored: Mon Oct 31 22:43:29 2016 +0900 Committer: Anthony Corbacho <[email protected]> Committed: Wed Nov 2 12:41:10 2016 +0900 ---------------------------------------------------------------------- docs/security/shiroauthentication.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/f7c7efdb/docs/security/shiroauthentication.md ---------------------------------------------------------------------- diff --git a/docs/security/shiroauthentication.md b/docs/security/shiroauthentication.md index 969e61e..2ce69ec 100644 --- a/docs/security/shiroauthentication.md +++ b/docs/security/shiroauthentication.md @@ -31,7 +31,11 @@ When you connect to Apache Zeppelin, you will be asked to enter your credentials ## Security Setup You can setup **Zeppelin notebook authentication** in some simple steps. -### 1. Secure the HTTP channel +### 1. Enable Shiro +By default in `conf`, you will find `shiro.ini.template`, this file is used as an example and it is strongly recommended +to create a `shiro.ini` file by doing the following command line `cp conf/shiro.ini.template conf/shiro.ini`. + +### 2. Secure the HTTP channel To secure the HTTP channel, you have to change both **anon** and **authc** settings in `conf/shiro.ini`. In here, **anon** means "the access is anonymous" and **authc** means "formed auth security". The default status of them is @@ -49,10 +53,10 @@ Deactivate the line "/** = anon" and activate the line "/** = authc" in `conf/sh For the further information about `shiro.ini` file format, please refer to [Shiro Configuration](http://shiro.apache.org/configuration.html#Configuration-INISections). -### 2. Secure the Websocket channel +### 3. Secure the Websocket channel Set to property **zeppelin.anonymous.allowed** to **false** in `conf/zeppelin-site.xml`. If you don't have this file yet, just copy `conf/zeppelin-site.xml.template` to `conf/zeppelin-site.xml`. -### 3. Start Zeppelin +### 4. Start Zeppelin ``` bin/zeppelin-daemon.sh start (or restart) @@ -60,7 +64,7 @@ bin/zeppelin-daemon.sh start (or restart) Then you can browse Zeppelin at [http://localhost:8080](http://localhost:8080). -### 4. Login +### 5. Login Finally, you can login using one of the below **username/password** combinations. <center><img src="../assets/themes/zeppelin/img/docs-img/zeppelin-login.png"></center> @@ -94,7 +98,7 @@ ldapRealm.contextFactory.url = ldap://ldap.test.com:389 ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM ldapRealm.contextFactory.authenticationMechanism = SIMPLE ``` - + also define roles/groups that you want to have in system, like below; ``` @@ -159,8 +163,8 @@ securityManager.realms = $zeppelinHubRealm > Note: ZeppelinHub is not releated to apache Zeppelin project. ## Secure your Zeppelin information (optional) -By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin. -Sometimes you might want to hide these information for your use case. +By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin. +Sometimes you might want to hide these information for your use case. Since Shiro provides **url-based security**, you can hide the information by commenting or uncommenting these below lines in `conf/shiro.ini`. ``` @@ -171,9 +175,8 @@ Since Shiro provides **url-based security**, you can hide the information by com /api/credential/** = authc, roles[admin] ``` -In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information. +In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information. If you want to grant this permission to other users, you can change **roles[ ]** as you defined at `[users]` section. <br/> > **NOTE :** All of the above configurations are defined in the > `conf/shiro.ini` file. This documentation is originally from > [SECURITY-README.md](https://github.com/apache/zeppelin/blob/master/SECURITY-README.md). -
