You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by volumeint <gi...@git.apache.org> on 2017/06/09 20:04:53 UTC
[GitHub] zeppelin pull request #2402: [ZEPPELIN-2636] User role lookup via interfaces
GitHub user volumeint opened a pull request:
https://github.com/apache/zeppelin/pull/2402
[ZEPPELIN-2636] User role lookup via interfaces
### What is this PR for?
Adds an interface (UserLookup) that a realm can implement to support looking up users and roles. This makes it easier to implement a Realm and allows Zeppelin to ask the configured realms for user and role information without having to know which implementation of Realm that it is interacting with. The pre-exising lookup code that was contained in GetUserList.java has been moved into the Realm implementations.
This PR includes a change to SecurityUtils to allow it to get the Roles of the currently authenticated user regardless of Realm used.
This PR also includes an endpoint /xlogin to make it easier to configure shiro to work with indirect authorization (eXternal login) like OAuth or OpenID through buji-pac4j.
This PR expands the shiro security coverage to the entire application (/*). It previously only covered /api/*.
### What type of PR is it?
Improvement
### Todos
* [ ] -
### What is the Jira issue?
[ZEPPELIN-2636] - https://issues.apache.org/jira/browse/ZEPPELIN-2636
### How should this be tested?
Configure shiro.ini to use the various realms (Ini, Jdbc, Pam, etc). Verify that the user and role lookup functionality used for notebook sharing still works. I've been checking /api/security/userlist/<searchtext>
### Screenshots (if appropriate)
N/A
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? using the stock shiro JdbcRealm, you won't be able to lookup users and roles... Transition to org.apache.zeppelin.realms.JdbcRealm.
* Does this needs documentation?
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/volumeint/zeppelin user-role-lookup-via-interfaces
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2402.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2402
----
commit 19500d5c7ea92caf477f9fdf6cf07791b6666825
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-05-03T15:41:01Z
ZEPPELIN-2268. Adding png and jpg support for helium module imports.
commit c736dbed0b47cf5262e47422863d2950298356a1
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-05-03T15:45:26Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit 672b789d796442f3f6500f8b9ab1ff168a3737f5
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-05-04T13:47:15Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit c50f9f8f6c3fa88de58de33f8f7e336ad367128e
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-05T16:25:54Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit 23f6caa5bccefaac47a45227620d006ea489550f
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-07T16:40:17Z
Using UserLookup interface to query realms for users and roles.
commit e14b221b5877272d1ce453d1b470468b88985a5d
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-09T02:20:15Z
Using java.security.Principal.getName() if appropriate
commit 0d31b446e508ec6421d8705c85df573a2aece9b7
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-09T02:21:14Z
Securing the entire application, not just /api/*
commit 2f87887860aaca9f03e206898687758ac20cdae8
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-09T19:02:40Z
Adding a browser endpoint that can be protected by shiro.ini to trigger indirect login attempts
commit 14c27ecaa414f9b733ea75e24bfb12f0d94259c3
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-09T19:45:52Z
Merge branch 'master' of https://github.com/apache/zeppelin
commit e45cd234f89b9e51bbc114af4060d39b3b740323
Author: Thomas Grant <tg...@volumeintegration.com>
Date: 2017-06-09T19:47:38Z
Merge remote-tracking branch 'origin/master' into user-role-lookup-via-interfaces
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin issue #2402: [ZEPPELIN-2636] User role lookup via interfaces
Posted by jongyoul <gi...@git.apache.org>.
Github user jongyoul commented on the issue:
https://github.com/apache/zeppelin/pull/2402
Thanks for contribution. I suggest you'd better divide this PR into three or more different PRs as you mentioned in description. This PR includes many changes. I hope every PR changes as small as possible. Can you do that? And there's no test. If you add some tests, it makes your implementation concrete and easy to understand what you want to change.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] zeppelin pull request #2402: [ZEPPELIN-2636] User role lookup via interfaces
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/zeppelin/pull/2402
---