Github user hayssams commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/586#issuecomment-168236215
@elbamos
#### Step 1: Require HTTP Auth
In conf/shiro.ini file, replace the lines 31 and 32 below
```
/** = anon
#/** = authcBasic
```
by
```
#/** = anon
/** = authcBasic
```
#### Step 2: Secure the Websocket channel
Rename the conf/zeppelin-site.xml.template to conf/zeppelin-site.xml.
The property that does it all is the following one :
```
<property>
<name>zeppelin.anonymous.allowed</name>
<value>false</value>
<description>Anonymous user allowed by default</description>
</property>
```
#### Step 3: Start Zeppelin and Authenticate
To authenticate, use one of the user/password set in the cons/shiro.ini
file. See below
```
admin = password1
user1 = password2
user2 = password3
```
I've also included a SECURITY-README file in the PR.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
