Modified: zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html?rev=1768149&r1=1768148&r2=1768149&view=diff ============================================================================== --- zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html (original) +++ zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html Sat Nov 5 04:49:29 2016 @@ -215,7 +215,12 @@ limitations under the License. <p>You can setup <strong>Zeppelin notebook authentication</strong> in some simple steps.</p> -<h3>1. Secure the HTTP channel</h3> +<h3>1. Enable Shiro</h3> + +<p>By default in <code>conf</code>, you will find <code>shiro.ini.template</code>, this file is used as an example and it is strongly recommended +to create a <code>shiro.ini</code> file by doing the following command line <code>cp conf/shiro.ini.template conf/shiro.ini</code>.</p> + +<h3>2. Secure the HTTP channel</h3> <p>To secure the HTTP channel, you have to change both <strong>anon</strong> and <strong>authc</strong> settings in <code>conf/shiro.ini</code>. In here, <strong>anon</strong> means "the access is anonymous" and <strong>authc</strong> means "formed auth security".</p> @@ -229,16 +234,16 @@ limitations under the License. </code></pre></div> <p>For the further information about <code>shiro.ini</code> file format, please refer to <a href="http://shiro.apache.org/configuration.html#Configuration-INISections";>Shiro Configuration</a>.</p> -<h3>2. Secure the Websocket channel</h3> +<h3>3. Secure the Websocket channel</h3> <p>Set to property <strong>zeppelin.anonymous.allowed</strong> to <strong>false</strong> in <code>conf/zeppelin-site.xml</code>. If you don't have this file yet, just copy <code>conf/zeppelin-site.xml.template</code> to <code>conf/zeppelin-site.xml</code>.</p> -<h3>3. Start Zeppelin</h3> +<h3>4. Start Zeppelin</h3> <div class="highlight"><pre><code class="text language-text" data-lang="text">bin/zeppelin-daemon.sh start (or restart) </code></pre></div> <p>Then you can browse Zeppelin at <a href="http://localhost:8080";>http://localhost:8080</a>.</p> -<h3>4. Login</h3> +<h3>5. Login</h3> <p>Finally, you can login using one of the below <strong>username/password</strong> combinations.</p> @@ -326,8 +331,8 @@ securityManager.realms = $zeppelinHubRea <h2>Secure your Zeppelin information (optional)</h2> -<p>By default, anyone who defined in <code>[users]</code> can share <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information in Apache Zeppelin. -Sometimes you might want to hide these information for your use case. +<p>By default, anyone who defined in <code>[users]</code> can share <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information in Apache Zeppelin. +Sometimes you might want to hide these information for your use case. Since Shiro provides <strong>url-based security</strong>, you can hide the information by commenting or uncommenting these below lines in <code>conf/shiro.ini</code>.</p> <div class="highlight"><pre><code class="text language-text" data-lang="text">[urls] @@ -335,7 +340,7 @@ Since Shiro provides <strong>url-based s /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] </code></pre></div> -<p>In this case, only who have <code>admin</code> role can see <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information. +<p>In this case, only who have <code>admin</code> role can see <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information. If you want to grant this permission to other users, you can change <strong>roles[ ]</strong> as you defined at <code>[users]</code> section.</p> <p><br/></p>
