Github user rconline commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/53#issuecomment-167797523
@jongyoul @elbamos @hayssams this change is an important one, and we should
try to get this in. My two cents on how we could divide the whole pull request
into:
- inclusion of libraries and dependencies
- Addition of security filter, changes in Angular Object, configurable -
turned off by default. With a basic set of test-cases, which ensure the changes
are non-breaking.
- Front-end changes, which include -display of username, accepting header
parameters of principal, ticket.
- Subsequently, addition of more test cases, before we call it done. Till
such time we keep the feature as default off.
(Each of the above steps will have user guides/documentation).
If the committers can provide some bandwidth for review, I'm willing to
make the above changes + documentation.
As side notes:
- We will need to include the notion of proxy-users at sometime, which
enable command execution of secure spark/hdfs clusters
- Subsequently, there will have to be a mechanism of how to provide default
access to the cluster users, either by way of import of AD/LDAP users, through
some auth_to_local kind of rules.
I'm of the opinion that Shiro is a good strategy, larger projects such as
https://knox.apache.org/ use Shiro, for HDFS Api gateway security.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
