You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Suchit gupta (Jira)" <ji...@apache.org> on 2021/01/11 17:09:00 UTC

[jira] [Created] (ZEPPELIN-5196) Shiro how to secure the data source password

Suchit gupta created ZEPPELIN-5196:
--------------------------------------

             Summary: Shiro how to secure the data source password
                 Key: ZEPPELIN-5196
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5196
             Project: Zeppelin
          Issue Type: Bug
          Components: JdbcInterpreter, security
            Reporter: Suchit gupta


I have been exploring Apache Shiro with Zeppelin and so far has been able to make authentication work with JdbcRealm but one thing that is not going well is giving the data source password as plain text.
 
Is there a way to avoid that?
 
My shiro.ini looks like:
 
{code:java}
[main]
dataSource                    = org.postgresql.ds.PGPoolingDataSource
dataSource.serverName         = localhost
dataSource.databaseName       = dp
dataSource.user               = dp_test
dataSource.password           = Password123

ps = org.apache.shiro.authc.credential.DefaultPasswordService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps

jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealmCredentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher


jdbcRealm.dataSource = $dataSource
jdbcRealm.credentialsMatcher = $pm


shiro.loginUrl = /api/login

[roles]

admin = *

[urls]

/** = authc

{code}
Is there a way to avoid giving data source password as plain text
{noformat}
dataSource.password = Password123{noformat}
?
Would like to give something like: {{$shiro1$SHA-256$500000$YdUEhfDpsx9KLGeyshFegQ==$m+4wcq4bJZo1HqDAGECx50LcEkRZI0zCyq99gtRqZDk=}}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)