The UserFiler <https://shiro.apache.org/static/latest/apidocs/org/apache/shiro/web/filter/authc/UserFilter.html> does take a username as an arg, it only verifies a user's principal exists (authenticated or remembered)
Your best bet is probably to use permissions or roles <http://shiro.apache.org/web.html#urls-> Let us know if this isn't what you are looking for On Wed, Nov 30, 2016 at 6:08 PM, Ruslan Dautkhanov <dautkha...@gmail.com> wrote: > Until we have a good multitenancy support in Zeppelin, we'd have to run > individual Zeppelin instances for each user. Apache Zeppelin uses Shiro for > authentication. > > So we were trying to use following shiro.ini configurations: > >> [urls] >> /api/version = anon >> /** = user["rdautkhanov@CORP.DOMAIN"] > > > Also tried > >> /** = authc, user["rdautkhanov@CORP.DOMAIN"] > > > none works in a sense that other users after successful LDAP > authentication > can create their own notebooks in other user's Zeppelin instances. > > shiro.ini has [users] and [roles] sections are empty. > > [main] section configures LDAP authentication backend which works as > expected. > > rdautkhanov@CORP.DOMAIN is actual user name which is used in LDAP > authentication. > > How to make [urls] section let only one specific user in? > Again, neither > >> /** = user["rdautkhanov@CORP.DOMAIN"] > > nor > >> /** = authc, user["rdautkhanov@CORP.DOMAIN"] > > work as we expect - any authenticated user still can access /** (all > pages). > > LDAP authentication works as expected; we're struggling with authorization > - > to lock Zeppelin in [urls] to one user (or a few users). > > > Thank you, > Ruslan >
