Thanks for your sharing, could you contribute it to Zeppelin doc ? Alessandro Busato <alessandro.bus...@gmail.com> 于2021年10月21日周四 下午3:54写道:
> I don't want boring you with this problem but I implemented the definitive > solution keeping zeppenlin authorization as is. I think is the more clean > solution. > > Use apache proxy to overcome CORS problems > I did proceed in this way: > Zeppelin: modify zeppelin-site.xml change property > zeppelin.server.context.path from "/" to "/zeppelin" > Apache2 in the same host (in my case 192.168.56.107) where your app lives: > enable module proxy proxy_http > add the following lines to , ie. http-vhost.conf > ProxyPass /zeppelin http://192.168.56.105:9090/zeppelin > timeout=600 > ProxyPassReverse /zeppelin > http://192.168.56.105:9090/zeppelin timeout=600 > Your app: call zeppelin rest api using Apache2 host, > ie. http://192.168.56.107/zeppelin/api/login , > http://192.168.56.107/zeppelin/api/notebook etc. > > STOP. > > if you would include paragraph link into any iframes of your app rebembers > to proxy websocket too > > Best regards, > Alessandro > > > On 2021/10/18 10:57:25, Alessandro Busato <alessandro.bus...@gmail.com> > wrote: > > it is better > > /api/notebook/** = authcBasic > > /** = authc > > > > this replacement permits logging-in to webapp with no basic > authentication browser > > popup and a the same time to use rest notepbook api in CORS mode with no > problem. > > > > Alessandro > > > > On 2021/10/18 06:58:02, Alessandro Busato <alessandro.bus...@gmail.com> > wrote: > > > I solved in this way, > > > I exploited the BasicAuthentication of shiro, > > > I edited conf/shiro.ini and changed /** = authc into /** = authcBasic > > > I think this "workaround" is less secure than others but > > > in this way I can make CORS request even if the jquery doen't set > JSESSIONID > > > $.ajax({ > > > url: "http://192.168.56.105:9090/zeppelin/api/notebook > ", > > > type: 'GET', > > > cache: false, > > > xhrFields: {withCredentials: true}, > > > crossDomain: true, > > > "async": true, > > > "headers": { > > > "Authorization":"Basic YWRtaW46cGFzc3dvcmQx" > > > } > > > }).done(function (data) { > > > > > > console.log(data) > > > > > > }).fail(reason => { > > > console.log(reason); > > > }); > > > > > > Best regards, > > > Alessandro > > > > > > > > > On 2021/10/17 11:16:12, Alessandro Busato <alessandro.bus...@gmail.com> > wrote: > > > > > > > > > > > > On 2021/10/17 11:11:21, Jeff Zhang <zjf...@gmail.com> wrote: > > > > > Do you embed zeppelin as an iframe in your app ? > > > > > > > > No, it isn't. > > > > > > > > Best regards, > > > > Alessandro > > > > > > > > > > > > > > Alessandro Busato <alessandro.bus...@gmail.com> 于2021年10月17日周日 > 下午6:11写道: > > > > > > > > > > > Evewrithing works in the if zeppelin and my webapp lives in the > same > > > > > > origin, > > > > > > but NOT when I'm trying to connecto to zeppelin server via CORS, > > > > > > the login step works, > > > > > > but others as "notebook list" > > > > > > jquery cannot set JSESSIONID so Zeppelin respond with redirect to > > > > > > /api/login > > > > > > throwing an exception because authencation params missing. > > > > > > > > > > > > $('#ab_test1').on('click', function (event) { > > > > > > event.preventDefault(); > > > > > > > > > > > > $.ajax({ > > > > > > url: "http://192.168.56.105:9090/api/notebook";, > > > > > > type: 'GET', > > > > > > cache: false, > > > > > > processData: false, > > > > > > timeout: 3000, > > > > > > xhrFields: {withCredentials: true}, > > > > > > crossDomain: true, > > > > > > }).done(function (data) { > > > > > > console.log(data) > > > > > > }).fail(reason => { > > > > > > console.log(reason); > > > > > > }); > > > > > > }) > > > > > > > > > > > > In the same origin trial jquery set cookie correctly, > > > > > > I tried to access to response headers "Set-Cookie" to set > manually the > > > > > > cookie but only "Content-Type" and "Content-Length" are > available. > > > > > > > > > > > > I've configured zeppelin-site.xml to allow my origin (example: > ALLOW FROM > > > > > > http://192.168.56.107) > > > > > > Any suggestion? > > > > > > does exists a way to bypass JSESSIONID passing ticket got with > api login? > > > > > > > > > > > > Regards, > > > > > > Alessandro > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Best Regards > > > > > > > > > > Jeff Zhang > > > > > > > > > > > > > > > -- Best Regards Jeff Zhang
