I don't want boring you with this problem but I implemented the definitive
solution keeping zeppenlin authorization as is. I think is the more clean
solution.
Use apache proxy to overcome CORS problems
I did proceed in this way:
Zeppelin: modify zeppelin-site.xml change property zeppelin.server.context.path
from "/" to "/zeppelin"
Apache2 in the same host (in my case 192.168.56.107) where your app lives:
enable module proxy proxy_http
add the following lines to , ie. http-vhost.conf
ProxyPass /zeppelin http://192.168.56.105:9090/zeppelin
timeout=600
ProxyPassReverse /zeppelin http://192.168.56.105:9090/zeppelin
timeout=600
Your app: call zeppelin rest api using Apache2 host,
ie. http://192.168.56.107/zeppelin/api/login ,
http://192.168.56.107/zeppelin/api/notebook etc.
STOP.
if you would include paragraph link into any iframes of your app rebembers to
proxy websocket too
Best regards,
Alessandro
On 2021/10/18 10:57:25, Alessandro Busato <[email protected]> wrote:
> it is better
> /api/notebook/** = authcBasic
> /** = authc
>
> this replacement permits logging-in to webapp with no basic authentication
> browser
> popup and a the same time to use rest notepbook api in CORS mode with no
> problem.
>
> Alessandro
>
> On 2021/10/18 06:58:02, Alessandro Busato <[email protected]>
> wrote:
> > I solved in this way,
> > I exploited the BasicAuthentication of shiro,
> > I edited conf/shiro.ini and changed /** = authc into /** = authcBasic
> > I think this "workaround" is less secure than others but
> > in this way I can make CORS request even if the jquery doen't set JSESSIONID
> > $.ajax({
> > url: "http://192.168.56.105:9090/zeppelin/api/notebook";,
> > type: 'GET',
> > cache: false,
> > xhrFields: {withCredentials: true},
> > crossDomain: true,
> > "async": true,
> > "headers": {
> > "Authorization":"Basic YWRtaW46cGFzc3dvcmQx"
> > }
> > }).done(function (data) {
> >
> > console.log(data)
> >
> > }).fail(reason => {
> > console.log(reason);
> > });
> >
> > Best regards,
> > Alessandro
> >
> >
> > On 2021/10/17 11:16:12, Alessandro Busato <[email protected]>
> > wrote:
> > >
> > >
> > > On 2021/10/17 11:11:21, Jeff Zhang <[email protected]> wrote:
> > > > Do you embed zeppelin as an iframe in your app ?
> > >
> > > No, it isn't.
> > >
> > > Best regards,
> > > Alessandro
> > >
> > > >
> > > > Alessandro Busato <[email protected]> 于2021年10月17日周日 下午6:11写道:
> > > >
> > > > > Evewrithing works in the if zeppelin and my webapp lives in the same
> > > > > origin,
> > > > > but NOT when I'm trying to connecto to zeppelin server via CORS,
> > > > > the login step works,
> > > > > but others as "notebook list"
> > > > > jquery cannot set JSESSIONID so Zeppelin respond with redirect to
> > > > > /api/login
> > > > > throwing an exception because authencation params missing.
> > > > >
> > > > > $('#ab_test1').on('click', function (event) {
> > > > > event.preventDefault();
> > > > >
> > > > > $.ajax({
> > > > > url: "http://192.168.56.105:9090/api/notebook";,
> > > > > type: 'GET',
> > > > > cache: false,
> > > > > processData: false,
> > > > > timeout: 3000,
> > > > > xhrFields: {withCredentials: true},
> > > > > crossDomain: true,
> > > > > }).done(function (data) {
> > > > > console.log(data)
> > > > > }).fail(reason => {
> > > > > console.log(reason);
> > > > > });
> > > > > })
> > > > >
> > > > > In the same origin trial jquery set cookie correctly,
> > > > > I tried to access to response headers "Set-Cookie" to set manually
> > > > > the
> > > > > cookie but only "Content-Type" and "Content-Length" are available.
> > > > >
> > > > > I've configured zeppelin-site.xml to allow my origin (example: ALLOW
> > > > > FROM
> > > > > http://192.168.56.107)
> > > > > Any suggestion?
> > > > > does exists a way to bypass JSESSIONID passing ticket got with api
> > > > > login?
> > > > >
> > > > > Regards,
> > > > > Alessandro
> > > > >
> > > > >
> > > >
> > > > --
> > > > Best Regards
> > > >
> > > > Jeff Zhang
> > > >
> > >
> >
>
