You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2017/04/12 09:28:57 UTC

zeppelin git commit: ZEPPELIN-2366 In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.

Repository: zeppelin
Updated Branches:
  refs/heads/master b55231464 -> 35fa9d287


ZEPPELIN-2366 In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.

### What is this PR for?
In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.

### What type of PR is it?
Bug Fix

### Todos
* [ ] - Task

### What is the Jira issue?
[ZEPPELIN-2366](https://issues.apache.org/jira/browse/ZEPPELIN-2366)

### How should this be tested?
Configure AD system user password using hadoop credential in shiro.ini. _(sample config in JIRA ticket)_

### Screenshots (if appropriate)

### Questions:
* Does the licenses files need update? n/a
* Is there breaking changes for older versions? n/a
* Does this needs documentation? n/a

Author: Renjith Kamath <re...@gmail.com>

Closes #2230 from r-kamath/ZEPPELIN-2366 and squashes the following commits:

11a8ab43d [Renjith Kamath] ZEPPELIN-2366 In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store.


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/35fa9d28
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/35fa9d28
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/35fa9d28

Branch: refs/heads/master
Commit: 35fa9d287fd7535dc9fed9ca8cc84e7851b045b5
Parents: b552314
Author: Renjith Kamath <re...@gmail.com>
Authored: Thu Apr 6 20:55:38 2017 +0530
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Wed Apr 12 14:58:50 2017 +0530

----------------------------------------------------------------------
 .../realm/ActiveDirectoryGroupRealm.java        | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/35fa9d28/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
index 7990d5f..8a9d66b 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java
@@ -24,6 +24,8 @@ import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
 import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
 import org.apache.shiro.realm.Realm;
@@ -91,6 +93,11 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
 
   LdapContextFactory ldapContextFactory;
 
+  protected void onInit() {
+    super.onInit();
+    this.getLdapContextFactory();
+  }
+
   public LdapContextFactory getLdapContextFactory() {
     if (this.ldapContextFactory == null) {
       if (log.isDebugEnabled()) {
@@ -109,6 +116,32 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm {
     return this.ldapContextFactory;
   }
 
+  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
+      throws AuthenticationException {
+    try {
+      AuthenticationInfo info = this.queryForAuthenticationInfo(token,
+          this.getLdapContextFactory());
+      return info;
+    } catch (javax.naming.AuthenticationException var5) {
+      throw new AuthenticationException("LDAP authentication failed.", var5);
+    } catch (NamingException var6) {
+      String msg = "LDAP naming error while attempting to authenticate user.";
+      throw new AuthenticationException(msg, var6);
+    }
+  }
+
+  protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+    try {
+      AuthorizationInfo info = this.queryForAuthorizationInfo(principals,
+          this.getLdapContextFactory());
+      return info;
+    } catch (NamingException var5) {
+      String msg = "LDAP naming error while attempting to " +
+          "retrieve authorization for user [" + principals + "].";
+      throw new AuthorizationException(msg, var5);
+    }
+  }
+
   private String getSystemPassword() {
     String password = "";
     if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) {