Eric Charles created ZEPPELIN-193:
-------------------------------------
Summary: Kerberos (SPNEGO) Support
Key: ZEPPELIN-193
URL: https://issues.apache.org/jira/browse/ZEPPELIN-193
Project: Zeppelin
Issue Type: New Feature
Components: GUI
Affects Versions: 0.5.1
Reporter: Eric Charles
Fix For: 0.5.1
The goal is to restrict WEB access to users being previoulsy authenticated by a
Kerberos server (so having a valid Kerberos Ticket).
I will submit a PR which implements a filter (from hadoop-auth jar) in case a
new configuration key zeppelin.security.authentication is set to kerberos.
I will also add session management to maintain the set of authenticated users.
This is needed to ensure the websocket is also secured.
This is related to:
- ZEPPELIN-173 (Zeppelin websocket server is vulnerable to Cross-Site WebSocket
Hijacking)
- ZEPPELIN-113 (Provide HTTP Keep Alive for Web and Web Sockets)
I will try to rely on ZEPPELIN-172 (Websocket connection without separate
port) as it may be easier to secure a single webapp managed by jetty.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
