[GitHub] zeppelin pull request #1784: [ZEPPELIN-1840] Allow fully qualified username ...

[vrathor-hwx]

GitHub user vrathor-hwx opened a pull request:

    https://github.com/apache/zeppelin/pull/1784

    [ZEPPELIN-1840] Allow fully qualified username when principalSuffix is used

    ### What is this PR for?
    When principalSuffix is defined in shiro.ini, only the short username are 
allowed and any attempt with fully qualified user name will result in the login 
error.
    
    ### What type of PR is it?
    [Bug Fix]
    
    ### What is the Jira issue?
    [ZEPPELIN-1840](https://issues.apache.org/jira/browse/ZEPPELIN-1840)
    
    ### How should this be tested?
    1. Configure Zeppelin for Active Directory user authentication by using 
ActiveDirectoryGroupRealm in shiro.ini
    2. Define activeDirectoryGroupRealm.principalSuffix = @DOMAIN.COM in 
shiro.ini
    3. Restart Zeppelin and try to login via short username i.e. "user1" and 
fully qualified username i.e. "us...@domain.com".
    4. Expected Result: Login should be permitted for both type of user names
    
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vrathor-hwx/zeppelin fix-principal-suffix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/1784.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1784
    
----
commit c8d4cc0a992d4ff074bc3985be9914a6879ff5da
Author: Vipin Rathor <vrat...@hortonworks.com>
Date:   2016-12-19T20:06:33Z

    Allow fully qualified username to be used for login when principalSuffix is 
defined
    
    Adding extra check in ActiveDirectoryGroupRealm for principalSuffix. Now the
    principalSuffix will be added to username only when the supplied username 
does
    not contain any domain name starting with '@'.
    
    This will allow AD user authentication with both short & fully qualified 
user
    names.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---