GitHub user hkropp opened a pull request:
https://github.com/apache/zeppelin/pull/1589
[Zeppelin-1611] - Support PAM (System User) Authentication
### What is this PR for?
This PR adds
[PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module)
authentication support based on the introduced Shiro security implementation.
With PAM support system users have immediate access to a secured Zeppelin
instance.
### What type of PR is it?
Feature
### Todos
* [x] - Create PAM realm
* [x] - Create test for PAM authentication
* [x] - Test with running Zeppelin instance
### What is the Jira issue?
[ZEPPELIN-1611](https://issues.apache.org/jira/browse/ZEPPELIN-1611])
### How should this be tested?
`PamRealmTest` executes an automated test if the environment variables
`PAM_USER` and `PAM_PASS` are set. This should be set to system username and
password.
The test also includes a main function to manually execute the test.
Setting the environment variables for example on MacOS for your IDE use
`launchctl setenv PAM_USER user` and `launchctl setenv PAM_PASS x`, the
test can then be run from your IDE.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Yes
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/hkropp/incubator-zeppelin ZEPPELIN-1611
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/1589.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1589
commit 257f14e333c28c1b4b8f37e47ba9963221287c5c
Author: hkropp <hkr...@hortonworks.com>
Date: 2016-11-03T09:35:36Z
ZEPPELIN-1611
commit b673c76be855d7a13f7b34fda0032c2f8040694c
Author: hkropp <hkr...@hortonworks.com>
Date: 2016-11-03T09:35:45Z
Merge branch 'master' of github.com:apache/incubator-zeppelin into
ZEPPELIN-1611
commit efa79afa47147d6e1caa0767d4929e3c752c64e3
Author: hkropp <hkr...@hortonworks.com>
Date: 2016-11-03T09:35:36Z
ZEPPELIN-1611
commit 00cc0320840a08a76925dbfbf0494f0623c0e558
Author: Anthony Corbacho <corbacho.anth...@gmail.com>
Date: 2016-11-03T02:59:07Z
[ZEPPELIN-1586] Add security check in NotebookRestApi
### What is this PR for?
Bring some security check in `NotebookRestApi`.
### What type of PR is it?
[Bug Fix | Improvement | Refactoring]
### Todos
- [x] - Create a proper way to throw webapp error
- [x] - Add in `NotebookAuthorization` some method to check if user is
owner, reader or writer
- [x] - Add Authorization check in `NotebookRestapi`
- [x] - Add New test for security in notebook rest api
### What is the Jira issue?
- [ZEPPELIN-1586](https://issues.apache.org/jira/browse/ZEPPELIN-1586)
### How should this be tested?
First, force Zeppelin to use auth.
- In `conf/zeppelin-site.xml` change `zeppelin.anonymous.allowed` to
**false**
```
zeppelin.anonymous.allowed
false
Anonymous user allowed by default
```
- In `conf/shiro.ini` set Shiro to use `Auth` at the end of the file
```
#/** = anon
/** = authc
```
- Start Zeppelin, login and set some permission to a note
- try to get a note from Zeppelin Rest Api
`http://localhost:8080/api/notebook/{noteId}` (you can use your browser or curl
(if you use curl please add shiro token to curl cookie))
### Screenshots (if appropriate)
![note_permission_rest_api](https://cloud.githubusercontent.com/assets/3139557/19827600/ffd68a06-9dea-11e6-8dd5-43f3bd401011.gif)
### Questions:
- Does the licenses files need update? No
- Is there breaking changes for older versions? No
- Does this needs documentation? Maybe
Author: Anthony Corbacho <corbacho.anth...@gmail.com>
Closes #1567 from anthonycorbacho/fix/ZEPPELIN-1586 and squashes the
following commits:
6615935 [Anthony Corbacho] Clean anonymous allowed property when shutting
down zeppelin server
30815c1 [Anthony Corbacho] Fix typo
bab7e60 [Anthony Corbacho] Rewording
decd1e9 [Anthony Corbacho] Simple implementation of notebook test with
shiro (security)
b412266 [Anthony Corbacho] Refactored Abstract rest api test to also handle
the case of tests with shiro (security), I also added some utility http method
to do action with authenticated user
db0c39c [Anthony Corbacho] Adress review and fix typos
eacfa8e [Anthony Corbacho] Fix typo and bad copy paste for isOwner
c8c42b2 [Anthony Corbacho] Change cxf version from 2.7.7 to 2.7.8 to avoid
method not found where throw WebApp