GitHub user volumeint opened a pull request:
https://github.com/apache/zeppelin/pull/2402
[ZEPPELIN-2636] User role lookup via interfaces
### What is this PR for?
Adds an interface (UserLookup) that a realm can implement to support
looking up users and roles. This makes it easier to implement a Realm and
allows Zeppelin to ask the configured realms for user and role information
without having to know which implementation of Realm that it is interacting
with. The pre-exising lookup code that was contained in GetUserList.java has
been moved into the Realm implementations.
This PR includes a change to SecurityUtils to allow it to get the Roles of
the currently authenticated user regardless of Realm used.
This PR also includes an endpoint /xlogin to make it easier to configure
shiro to work with indirect authorization (eXternal login) like OAuth or OpenID
through buji-pac4j.
This PR expands the shiro security coverage to the entire application (/*).
It previously only covered /api/*.
### What type of PR is it?
Improvement
### Todos
* [ ] -
### What is the Jira issue?
[ZEPPELIN-2636] - https://issues.apache.org/jira/browse/ZEPPELIN-2636
### How should this be tested?
Configure shiro.ini to use the various realms (Ini, Jdbc, Pam, etc).
Verify that the user and role lookup functionality used for notebook sharing
still works. I've been checking /api/security/userlist/<searchtext>
### Screenshots (if appropriate)
N/A
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? using the stock shiro
JdbcRealm, you won't be able to lookup users and roles... Transition to
org.apache.zeppelin.realms.JdbcRealm.
* Does this needs documentation?
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/volumeint/zeppelin
user-role-lookup-via-interfaces
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2402.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2402
----
commit 19500d5c7ea92caf477f9fdf6cf07791b6666825
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-05-03T15:41:01Z
ZEPPELIN-2268. Adding png and jpg support for helium module imports.
commit c736dbed0b47cf5262e47422863d2950298356a1
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-05-03T15:45:26Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit 672b789d796442f3f6500f8b9ab1ff168a3737f5
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-05-04T13:47:15Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit c50f9f8f6c3fa88de58de33f8f7e336ad367128e
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-05T16:25:54Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit 23f6caa5bccefaac47a45227620d006ea489550f
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-07T16:40:17Z
Using UserLookup interface to query realms for users and roles.
commit e14b221b5877272d1ce453d1b470468b88985a5d
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-09T02:20:15Z
Using java.security.Principal.getName() if appropriate
commit 0d31b446e508ec6421d8705c85df573a2aece9b7
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-09T02:21:14Z
Securing the entire application, not just /api/*
commit 2f87887860aaca9f03e206898687758ac20cdae8
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-09T19:02:40Z
Adding a browser endpoint that can be protected by shiro.ini to trigger
indirect login attempts
commit 14c27ecaa414f9b733ea75e24bfb12f0d94259c3
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-09T19:45:52Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit e45cd234f89b9e51bbc114af4060d39b3b740323
Author: Thomas Grant <tgr...@volumeintegration.com>
Date: 2017-06-09T19:47:38Z
Merge remote-tracking branch 'origin/master' into
user-role-lookup-via-interfaces
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
