Raghavender Rao Guruvannagari created ZEPPELIN-3405: -------------------------------------------------------
Summary: Zeppelin fails to display the User home page if user belongs to roles with space in its name. Key: ZEPPELIN-3405 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3405 Project: Zeppelin Issue Type: Bug Components: zeppelin-server Affects Versions: 0.7.3 Reporter: Raghavender Rao Guruvannagari If user belongs to a role which has a space in its name, zeppelin will not display the User home page correctly and doesnt allow to create any new notebooks. This issue can be recreated in Lab with HDP2.6.3. Zeppelin log has below error where user logs in to zeppelin UI. {code:java} WARN [2018-01-07 00:16:53,121] (\{qtp331844619-121} LoginRestApi.java[postLogin]:119) - \{"status":"OK","message":"","body":{"principal":"sinnajus1","ticket":"c7de5bad-d848-49b6-a7b7-cd7759e597f5","roles":"[NCSQL16_Databaseaccess_Prod_sv_Hmc_RW_OS, NCSQL31_DBO_ONSHORE, NCSQL23-sql_CA_All_Onshore_DBO, sql10_DatabaseAccess_UAT_HMCproguide_DBO, NCSQL16_Databaseaccess_Prod_sv_Hmc_DBO_OS, FolderClaimRetrieval, FolderAccess_File02_Shared_Nemesis, RDDevITOfficeUsers, Duo 2FA Enabled, VisualSVNSQLRepositoryReadWrite, NCSQL18_DBA_SERVER_ADMIN, NCSQ23_sql_CA_offshoreonlyDB_RW, Citrix_Profile_Management, Folderaccess_NCFILE05_SAS_Analytics, VisualSVNDataManagementRepositoryReadWrite, Folderaccess_NCSAS01_Eden_Full, FolderQueryDevelopment, Webstrat01-QueryUsers, ShareAccess_File01_Ancillary_Audits, PI_EDW_Onshore, NCinfobright01_Edrive_ETLDevshared_Modify, SCIOMine_ExtHumana_Database_Onshore, NCSQL16_DBA_SERVER_ADMIN, FolderSASDBShared01, Azure_SV_RDP_Access, NCSQL22_DBA_SERVER_ADMIN, sciomineonshoreadmins, FolderMySocratesDocuments, scioSQL02DevAdmins, NCSQL23_sql_CA_offshoreonlyDB_DBO, App_ExtHumana_ScioWorkflow, NCSQL17_SQLExtHumanaPowerUsers, AppAccess_Hadoop_sas_admin_Onshore, FolderAccessSCIOITDevShared, NCSQL22_RDP_ADMIN, App_Catamaran_SCIOMINE, EtLusersSql10_Sciosql02, NCFILE03_RDP_OFFSHORE_NONADMIN, ShareAccess_File02_Shared_Nemesis, sciovantage_sql10sciosql02_DBO, SV_SQL_DBO_Onshore, App_ExtHumana_ScioSelection, SCIOMine_ExtHumana_Support_Onshore, sql10_databaseaccess_hmcreporting_RW, NCSQL18_SQLExtHumanaPowerUsers, NCFILE02_RDP_ADMIN, NCSQL16_Databaseaccess_CA_DEMO_RW_OS, NCSQL17_RDP_ADMIN, NullDefaultGroupForClients, NCSQL16_HMC_BENCHMARK_OFFSHORE_RW, FolderAccess_sciowebsvn01_Tableau_Onshore, App_Catamaran_SELECTION, NCFILE03_RPD_ADMIN, SCIOMine_Demo_Users, NCSQL17_DBA_SERVER_ADMIN, SCIOMine_Support_Onshore, NCSQL30_DBO_Onshore, App_PPExtractUtility, FolderAccess_SAS_Care_Analytics_Consulting_Onshore, NCSQL18_RDP_ADMIN, DBO_OffShoreSCIOMine, SQLITAdmins, sql10_ssrs, NCSQL16_sqlaccess_honeywell_Offshore_RW, AppAssistedSelection, ApplicationAccess_Mremote, HighMarkPPOnshore, CitrixAccess_VdeskSAS1_Users, ncsql23_sql_appuser, App_Catamaran_CONFIG, ApplicationAccess_MS_VisualStudio, admin, SCIOWEBDEV01_RDPaccess_Administrator_offshore, Folderaccess_NCSAS01_LocktonOutput_RW, Wintest01-Admin, SCIOMineExtITAdmin, NCSQL16_HMC_BENCHMARK_OFFSHORE_DBO, ShareAccess_SAS01_E_CARE_ANALYTICS, CitrixAccess_VdeskDevUS_Users, sql10_Databaseaccess_UAT_hmcproguide_RW, SAS_Users, SCIOMine_Database_Onshore, FolderAccess_NCFile05_SCIOMINEDevCN, WEB03_RDPaccess_User_onshore, Opserver_Admin, LinuxAccess_Hadoop_SSH, FolderAccess_NCFile05_SCIOBI_Onshore_RW, FolderAccess_NCFile05_SCIOBI_Offshore_RW, FolderAccess_SAS_Prod_Onshore_Full, CitrixAccess_VDIDEVUS_Users, WebSandbox01Admins, NCinfobright01_Edrive_ETLprodshared_Modify, Folder_Access_File01_Ancillary_Audits, NCSQL16_Databaseaccess_CA_DEMO_DBO_OS, PI_EDW_Offshore, Websandbox01_RDP_Access_User]"}} ERROR [2018-01-07 00:16:53,173] (\{qtp331844619-119} NotebookServer.java[onMessage]:358) - Can't handle message com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Unterminated array at line 1 column 265 at com.google.gson.Gson.fromJson(Gson.java:805) at com.google.gson.Gson.fromJson(Gson.java:757) at com.google.gson.Gson.fromJson(Gson.java:706) {code} >From HDP2.6.3, it looks that all the AD groups user belongs to are mapped as >role to user with same name. In this case user belongs to a group "Duo 2FA Enabled" which has space and now mapping user to the role with same name results in "com.google.gson.stream.MalformedJsonException". This can also be recreated if role name with space is defined in shiro.ini. *Workaround * Currently workaround is to disallow zeppelin to map the user to AD groups with same role names by defining it in shiro.ini as below. {code:java} ldapRealm.rolesByGroup = "hadoop_admin":admin,"Remote hadoop users":remote_hadoop_users {code} Or change the AD group names to have no spaces or any special characters. This workaround might not be feasible in many customer environment, If there are multiple groups that are required to be defined in shiro.ini. This issue can happen even with any group names with any special characters besides space. This issue occurs only if "org.apache.zeppelin.realm.LdapRealm" is used for ldap authentication, realm "org.apache.zeppelin.realm.ActiveDirectoryGroupRealm" doesnt have this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)