[GitHub] incubator-zeppelin pull request: Added Shiro security

Tue, 29 Dec 2015 09:39:52 -0800 

Github user jeffsteinmetz commented on the pull request:

    https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167839396
  
    Is there an example of how shiro would be pluggable with other forms of
    authentication and authorization?
    Such as Java Web tokens (JWT), which require storing a secret.  And the JWT
    contains authorization roles.
    On Dec 29, 2015 6:11 AM, "rconline" <notificati...@github.com> wrote:
    
    > @jongyoul <https://github.com/jongyoul> @elbamos
    > <https://github.com/elbamos> @hayssams <https://github.com/hayssams> this
    > change is an important one, and we should try to get this in. My two cents
    > on how we could divide the whole pull request into:
    >
    >    - inclusion of libraries and dependencies
    >    - Addition of security filter, changes in Angular Object, configurable
    >    - turned off by default. With a basic set of test-cases, which ensure 
the
    >    changes are non-breaking.
    >    - Front-end changes, which include -display of username, accepting
    >    header parameters of principal, ticket.
    >    - Subsequently, addition of more test cases, before we call it done.
    >    Till such time we keep the feature as default off. (Each of the above 
steps
    >    will have user guides/documentation).
    >
    > If the committers can provide some bandwidth for review, I'm willing to
    > make the above changes + documentation.
    >
    > As side notes:
    >
    >    - We will need to include the notion of proxy-users at sometime, which
    >    enable command execution of secure spark/hdfs clusters
    >    - Subsequently, there will have to be a mechanism of how to provide
    >    default access to the cluster users, either by way of import of AD/LDAP
    >    users, through some auth_to_local kind of rules.
    >
    > I'm of the opinion that Shiro is a good strategy, larger projects such as
    > https://knox.apache.org/ use Shiro, for HDFS Api gateway security.
    >
    > —
    > Reply to this email directly or view it on GitHub
    > 
<https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167797523>
    > .
    >



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to