Regarding the latter message on invalid token. That stacktrace possible when someone logs out from Zeppelin but keeps the window open in browser. Then it keeps sending websocket ping messages with invalid ticket which errors in Zeppelin.
On Thu, Sep 8, 2016 at 11:06 AM, Polina Marasanova < polina.marasan...@quantium.com.au> wrote: > One more thing. In Zeppelin logs there are many messages like this: > > 16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE << PING > 16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE PRINCIPAL << > 16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE TICKET << > 16/09/08 02:03:46 DEBUG NotebookServer: RECEIVE ROLES << > 16/09/08 02:03:46 ERROR NotebookServer: Can't handle message > java.lang.Exception: Invalid ticket != f2810e7a-de64-4e41-b615- > f31cd5bf7d68 > at org.apache.zeppelin.socket.NotebookServer.onMessage( > NotebookServer.java:117) > at org.apache.zeppelin.socket.NotebookSocket.onWebSocketText( > NotebookSocket.java:56) > at org.eclipse.jetty.websocket.common.events. > JettyListenerEventDriver.onTextMessage(JettyListenerEventDriver.java:128) > at org.eclipse.jetty.websocket.common.message.SimpleTextMessage. > messageComplete(SimpleTextMessage.java:69) > at org.eclipse.jetty.websocket.common.events.AbstractEventDriver. > appendMessage(AbstractEventDriver.java:65) > at org.eclipse.jetty.websocket.common.events. > JettyListenerEventDriver.onTextFrame(JettyListenerEventDriver.java:122) > at org.eclipse.jetty.websocket.common.events.AbstractEventDriver. > incomingFrame(AbstractEventDriver.java:161) > at org.eclipse.jetty.websocket.common.WebSocketSession. > incomingFrame(WebSocketSession.java:309) > at org.eclipse.jetty.websocket.common.extensions. > ExtensionStack.incomingFrame(ExtensionStack.java:214) > at org.eclipse.jetty.websocket.common.Parser.notifyFrame( > Parser.java:220) > at org.eclipse.jetty.websocket.common.Parser.parse(Parser. > java:258) > at org.eclipse.jetty.websocket.common.io. > AbstractWebSocketConnection.readParse(AbstractWebSocketConnection. > java:632) > at org.eclipse.jetty.websocket.common.io. > AbstractWebSocketConnection.onFillable(AbstractWebSocketConnection. > java:480) > at org.eclipse.jetty.io.AbstractConnection$2.run( > AbstractConnection.java:544) > at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob( > QueuedThreadPool.java:635) > > Looks like it's related to auth process. > ________________________________________ > From: Polina Marasanova [polina.marasan...@quantium.com.au] > Sent: Wednesday, 17 August 2016 10:48 AM > To: users@zeppelin.apache.org > Subject: Authenticate 1 user per notebook > > Hi everyone, > > I'm back with my authentication questions. Here is my shiro.ini config > file. The problem is that it lets in all users from search base > "OU=Users,DC=companyname,DC=local" > How can I restrict the access to only one user who owns a notebook? The > process zeppelin-daemon.sh is running by this user > > [main] > activeDirectoryRealm = org.apache.zeppelin.server. > ActiveDirectoryGroupRealm > activeDirectoryRealm.systemUsername = userNameA > activeDirectoryRealm.systemPassword = passwordA > activeDirectoryRealm.searchBase = "OU=Users,DC=companyname,DC=local" > activeDirectoryRealm.principalSuffix = @companyname.local > activeDirectoryRealm.url = ldap://ldapserver.companyname.local:389 > activeDirectoryRealm.groupRolesMap = "OU=Users,DC=companyname,DC= > local":"admin" > activeDirectoryRealm.authorizationCachingEnabled = false > securityManager.realms = $activeDirectoryRealm > > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > > securityManager.sessionManager = $sessionManager > securityManager.sessionManager.globalSessionTimeout = 86400000 > shiro.loginUrl = /api/login > > [roles] > admin = * > > [urls] > /** = authc > > > Thanks > Cheers > Polina >
