You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by anthonycorbacho <gi...@git.apache.org> on 2016/11/01 04:24:11 UTC
[GitHub] zeppelin pull request #1567: [ZEPPELIN-1586] Add security check in NotebookR...
GitHub user anthonycorbacho reopened a pull request:
https://github.com/apache/zeppelin/pull/1567
[ZEPPELIN-1586] Add security check in NotebookRestApi
### What is this PR for?
Bring some security check in `NotebookRestApi`.
### What type of PR is it?
[Bug Fix | Improvement | Refactoring]
### Todos
- [x] - Create a proper way to throw webapp error
- [x] - Add in `NotebookAuthorization` some method to check if user is owner, reader or writer
- [ ] - Add Authorization check in `NotebookRestapi`
### What is the Jira issue?
- [ZEPPELIN-1586](https://issues.apache.org/jira/browse/ZEPPELIN-1586)
### How should this be tested?
First, force Zeppelin to use auth.
- In `conf/zeppelin-site.xml` change `zeppelin.anonymous.allowed` to **false**
```
<property>
<name>zeppelin.anonymous.allowed</name>
<value>false</value>
<description>Anonymous user allowed by default</description>
</property>
```
- In `conf/shiro.ini` set Shiro to use `Auth` at the end of the file
```
#/** = anon
/** = authc
```
- Start Zeppelin, login and set some permission to a note
- try to get a note from Zeppelin Rest Api `http://localhost:8080/api/notebook/{noteId}` (you can use your browser or curl (if you use curl please add shiro token to curl cookie))
### Screenshots (if appropriate)
### Questions:
- Does the licenses files need update? No
- Is there breaking changes for older versions? No
- Does this needs documentation? Maybe
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/anthonycorbacho/incubator-zeppelin fix/ZEPPELIN-1586
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/1567.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1567
----
commit a69a4e10c46452dcaaf8174c37e51705d6bc3214
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T05:49:10Z
Add new method on ZeppelinConfiguration to get is zeppelin is running on anonimous mode or not
commit 859fba52799bc1690b0726dc6dc672f9c4b016a7
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T07:22:13Z
Add new method to help to determinate if user is part of writer and/or owner for the given note
commit 67c63148233c0bf31715c9d97b37f4702fb3d2e6
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T09:56:04Z
Add new method to check if user and roles are member of the note (at least owner, reader, writer)
commit 43ec38932300db156a602507ae82a34a0b416257
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T09:57:06Z
Replace check of aninonimous by method
commit 860f4b4ff789ac7087932920f71a73b30cbc9ba8
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T11:19:32Z
Add webapp exception handler :)
commit 01bec7ae0ece70fe5eed6f068bc40b4cc61ffd8d
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-28T11:19:54Z
Handle security check
commit c0b98ffe2f1a3c4ee005ffe8b376bdc507eab2f0
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-10-29T05:58:04Z
Rename permission check note :: be more meaningful
commit a1cc1b81bd8f69f068803e6e87d110805905a039
Author: Anthony Corbacho <co...@gmail.com>
Date: 2016-11-01T03:33:20Z
Change cxf version from 2.7.7 to 2.7.8 to avoid method not found where throw WebAppException
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---