Github user hayssams commented on the pull request:
https://github.com/apache/incubator-zeppelin/pull/586#issuecomment-168367611
@anthonycorbacho
#### Question 1 : What's the purpose of ticket ?
I added an implementation note in the security-readme file. It explains why
we need a ticket to handle webscoket connections. Basically, it works as
follows :
1. Shiro sits as a servlet filter and protect HTTP requests. That's enough
to secure HTTP REST requests.
2. To secure web sockets connections, we make sure that the user submitted
the right credentials on the HTTP REST channel. We do this by issuing a ticket
on the HTTP channel (/ticket method) that the browser must submit with each
websocket message.
#### Question 2 : Ticket saved in notebook ?
In this PR( #586) Principal and ticket are not saved in the notebook.
#### Question 3 : What will happen if switching from secure to non secure
version and vice-versa
In this PR( #586). It will work as expected since no change is made to the
notebook structure.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
