I have completed all the Todos in the pull request https://github.com/apache/incubator-zeppelin/pull/681 except: "Find way to get roles for a user in SecurityUtils (see SHIRO-492)". I am curious to know what people think of the approach I have taken with Shiro authorization and would appreciate any suggestions on how to implement SecurityUtils.getRoles.
Thanks, Prasad On Tue, Feb 2, 2016 at 5:07 AM, Eric Charles <e...@apache.org> wrote: > (see my answers inline) > > On 01/02/16 20:18, Prasad Wagle wrote: > >> Thanks Moon and Eric. I created a pull request - >> https://github.com/apache/incubator-zeppelin/pull/681 and am looking >> forward to community feedback. >> >> I am getting a Travis CI build error >> <https://travis-ci.org/apache/incubator-zeppelin/builds/106159585>. Is >> it caused by the code in this PR? Can someone help me find the root >> cause? Btw, do we have a chat room (like gitter) for discussing Zeppelin >> topics? >> >> Hi Eric - Here are my responses to your questions. Sorry if I didn't >> understand them correctly. >> >> > I read you will use an external server for authentication which will >> redirect to a zeppelin server url. >> Yes, we need to do that in our company environment. In my PR, I use >> Shiro authentication. >> >> > Thx for the info. > > > I wonder if you pull request will support multiple user for a single >> server or if, just like now, we need a server deployment by user (with >> all the fun with the http ports...) ? (this is not defined in your >> document) >> >> What do you mean by "server deployment by user"? Doesn't Shiro >> authentication support multiple users on a single server? >> >> > I was thinking to some completely separated environments (notes workspace, > interpreters settings/bindings...) by user. > > For now, every authenticated user on the zeppelin-server sees the changes > that other users are doing (changes in the interpreter settings, stop/start > of the interpreter, changes in a paragraph of a note...). > > But I get your idea and it makes sense to me to introduce this step. > > > >> Regards, >> Prasad >> >> >> On Sun, Jan 31, 2016 at 1:38 AM, Eric Charles <e...@apache.org >> <mailto:e...@apache.org>> wrote: >> >> Very nice doc! >> >> I read you will use an external server for authentication which will >> redirect to a zeppelin server url. >> >> I wonder if you pull request will support multiple user for a single >> server or if, just like now, we need a server deployment by user >> (with all the fun with the http ports...) ? (this is not defined in >> your document) >> >> On 31/01/16 01:57, moon soo Lee wrote: >> >> Thanks Prasad for sharing the design document. >> I think your document really nicely defined authorization in >> Zeppelin >> and I think your approach for Notebook Authorization really make >> sense. >> >> Like DuyHai mentioned, Zeppelin uses Shiro for authentication. If >> authorization can works smoothly with Shiro, that would be great. >> >> Thanks again for sharing nice documentation. And looking forward >> to a >> pull request. >> >> Best, >> moon >> >> On Fri, Jan 29, 2016 at 7:57 PM DuyHai Doan >> <doanduy...@gmail.com <mailto:doanduy...@gmail.com> >> <mailto:doanduy...@gmail.com <mailto:doanduy...@gmail.com>>> >> wrote: >> >> Have you look at the commit done by hayssams for Apache Shiro >> integration with Zeppelin ? >> https://github.com/apache/incubator-zeppelin/pull/586 ? >> >> There is also a JIRA to implement authorization on notes: >> https://issues.apache.org/jira/browse/ZEPPELIN-549 >> >> On Fri, Jan 29, 2016 at 5:30 AM, Prasad Wagle >> <prasadwa...@gmail.com <mailto:prasadwa...@gmail.com> >> <mailto:prasadwa...@gmail.com >> <mailto:prasadwa...@gmail.com>>> wrote: >> >> Hi, >> >> My team has implemented Notebook authorization using the >> approach described in the design document here >> >> <https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20> and >> would >> like to get feedback from the community. It would be >> great if we >> could reach agreement on the high-level design before >> we work on >> a pull request. >> >> Thanks, >> Prasad >> >> >> >> >> >> -- >> Prasad Wagle >> 408.476.6261 <tel:408.476.6261> | twitter.com/prasadwagle >> <http://twitter.com/prasadwagle> | prasadwa...@gmail.com >> <mailto:prasadwa...@gmail.com> | www.linkedin.com/in/prasadwagle >> <http://www.linkedin.com/in/prasadwagle> >> >
