zeppelin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jongy...@apache.org
Subject zeppelin git commit: Improved comment, removed admin user definition per default
Date Thu, 08 Jun 2017 01:58:26 GMT
Repository: zeppelin
Updated Branches:
  refs/heads/master 169fb742f -> dc71877f7


Improved comment, removed admin user definition per default

### What is this PR for?
Improved shiro.ini.template.

Since the file is just a template, it should be such that if the user copies it from shiro.ini.template
to shiro.ini the auth settings are comparable conservative.
Hence: The admin user has been commented out to avoid enabling admin by
default with a default password.

In addition, the comment in the url section was misleading. It has been clarified. The comment
"To enfore security, comment the line below and uncomment the next one“ was
misleading, since the setting was already on "authc" and it was not the "line below". This
has been fixed.

### What type of PR is it?
[ Improvement]

### Todos
* N/A

### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-2588

### How should this be tested?
Non regression test / unit testing.

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? *NO*
* Is there breaking changes for older versions? *NO*
* Does this needs documentation? *NO*

Author: Christian Fries <email@christian-fries.de>

Closes #2368 from cfries/improved-shiro-ini and squashes the following commits:

e7606497 [Christian Fries] Improved comment, removed admin user definition per default


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/dc71877f
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/dc71877f
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/dc71877f

Branch: refs/heads/master
Commit: dc71877f720b17934af64c2263a34d0a0536b048
Parents: 169fb74
Author: Christian Fries <email@christian-fries.de>
Authored: Fri May 26 13:29:13 2017 +0200
Committer: Jongyoul Lee <jongyoul@apache.org>
Committed: Thu Jun 8 10:58:24 2017 +0900

----------------------------------------------------------------------
 conf/shiro.ini.template | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/dc71877f/conf/shiro.ini.template
----------------------------------------------------------------------
diff --git a/conf/shiro.ini.template b/conf/shiro.ini.template
index 0a3187a..06ad971 100644
--- a/conf/shiro.ini.template
+++ b/conf/shiro.ini.template
@@ -18,7 +18,8 @@
 [users]
 # List of users with their password allowed to access Zeppelin.
 # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
-admin = password1, admin
+# To enable admin user, uncomment the following line and set an appropriate password.
+#admin = password1, admin
 user1 = password2, role1, role2
 user2 = password3, role3
 user3 = password4, role2
@@ -73,14 +74,22 @@ role3 = *
 admin = *
 
 [urls]
-# This section is used for url-based security.
-# You can secure interpreter, configuration and credential information by urls. Comment or
uncomment the below urls that you want to hide.
+# This section is used for url-based security. For details see the shiro.ini documentation.
+#
+# You can secure interpreter, configuration and credential information by urls.
+# Comment or uncomment the below urls that you want to hide:
 # anon means the access is anonymous.
-# authc means Form based Auth Security
-# To enfore security, comment the line below and uncomment the next one
+# authc means form based auth Security.
+#
+# IMPORTANT: Order matters: URL path expressions are evaluated against an incoming request
+# in the order they are defined and the FIRST MATCH WINS.
+#
+# To allow anonymous access to all but the stated urls,
+# uncomment the line second last line (/** = anon) and comment the last line (/** = authc)
+#
 /api/version = anon
-#/api/interpreter/** = authc, roles[admin]
-#/api/configurations/** = authc, roles[admin]
-#/api/credential/** = authc, roles[admin]
+/api/interpreter/** = authc, roles[admin]
+/api/configurations/** = authc, roles[admin]
+/api/credential/** = authc, roles[admin]
 #/** = anon
 /** = authc


Mime
View raw message