ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rkam...@apache.org
Subject ambari git commit: AMBARI-20362: Enable Authentication in Zeppelin out of Box (Prabhjyot Singh via r-kamath)
Date Thu, 09 Mar 2017 15:12:01 GMT
Repository: ambari
Updated Branches:
  refs/heads/branch-2.5 c47662934 -> 47f924334


AMBARI-20362: Enable Authentication in Zeppelin out of Box (Prabhjyot Singh via r-kamath)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/47f92433
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/47f92433
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/47f92433

Branch: refs/heads/branch-2.5
Commit: 47f924334b850e572298fbd8700a993cdb19065c
Parents: c476629
Author: Renjith Kamath <renjith.kamath@gmail.com>
Authored: Thu Mar 9 20:40:19 2017 +0530
Committer: Renjith Kamath <renjith.kamath@gmail.com>
Committed: Thu Mar 9 20:40:19 2017 +0530

----------------------------------------------------------------------
 .../configuration/zeppelin-shiro-ini.xml        | 71 ++++++++++++++------
 1 file changed, 49 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/47f92433/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
index 3e2da1e..971e4af 100644
--- a/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
+++ b/ambari-server/src/main/resources/common-services/ZEPPELIN/0.6.0.2.5/configuration/zeppelin-shiro-ini.xml
@@ -24,39 +24,66 @@
 [users]
 # List of users with their password allowed to access Zeppelin.
 # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
-#admin = password1
-#user1 = password2, role1, role2
-#user2 = password3, role3
-#user3 = password4, role2
+admin = admin, admin
+user1 = user1, role1, role2
+user2 = user2, role3
+user3 = user3, role2
 
 # Sample LDAP configuration, for user Authentication, currently tested for single Realm
 [main]
-#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
-#activeDirectoryRealm.systemUsername = CN=Administrator,CN=Users,DC=HW,DC=EXAMPLE,DC=COM
-#activeDirectoryRealm.systemPassword = Password1!
-#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/zeppelin.jceks
-#activeDirectoryRealm.searchBase = CN=Users,DC=HW,DC=TEST,DC=COM
-#activeDirectoryRealm.url = ldap://ad-nano.test.example.com:389
-#activeDirectoryRealm.groupRolesMap = ""
-#activeDirectoryRealm.authorizationCachingEnabled = true
-
-#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
-#ldapRealm.userDnTemplate = uid={0},cn=users,cn=accounts,dc=example,dc=com
-#ldapRealm.contextFactory.url = ldap://ldaphost:389
+### A sample for configuring Active Directory Realm
+#activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
+#activeDirectoryRealm.systemUsername = userNameA
+
+#use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html
+#activeDirectoryRealm.systemPassword = passwordA
+#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
+#activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM
+#activeDirectoryRealm.url = ldap://ldap.test.com:389
+#activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr"
+#activeDirectoryRealm.authorizationCachingEnabled = false
+
+### A sample for configuring LDAP Directory Realm
+#ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm
+## search base for ldap groups (only relevant for LdapGroupRealm):
+#ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM
+#ldapRealm.contextFactory.url = ldap://ldap.test.com:389
+#ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM
 #ldapRealm.contextFactory.authenticationMechanism = SIMPLE
-#sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
-#securityManager.sessionManager = $sessionManager
+
+### A sample PAM configuration
+#pamRealm=org.apache.zeppelin.realm.PamRealm
+#pamRealm.service=sshd
+
+
+sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
+### If caching of user is required then uncomment below lines
+cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
+securityManager.cacheManager = $cacheManager
+
+securityManager.sessionManager = $sessionManager
 # 86,400,000 milliseconds = 24 hour
-#securityManager.sessionManager.globalSessionTimeout = 86400000
+securityManager.sessionManager.globalSessionTimeout = 86400000
 shiro.loginUrl = /api/login
 
+[roles]
+role1 = *
+role2 = *
+role3 = *
+admin = *
+
 [urls]
+# This section is used for url-based security.
+# You can secure interpreter, configuration and credential information by urls. Comment or
uncomment the below urls that you want to hide.
 # anon means the access is anonymous.
-# authcBasic means Basic Auth Security
+# authc means Form based Auth Security
 # To enfore security, comment the line below and uncomment the next one
 /api/version = anon
-/** = anon
-#/** = authc
+#/api/interpreter/** = authc, roles[admin]
+#/api/configurations/** = authc, roles[admin]
+#/api/credential/** = authc, roles[admin]
+#/** = anon
+/** = authc
       </value>
     <on-ambari-upgrade add="true"/>
   </property>


Mime
View raw message