You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by mi...@apache.org on 2016/11/05 04:49:29 UTC
svn commit: r1768149 [2/2] - in /zeppelin/site/docs/0.7.0-SNAPSHOT: ./
development/ displaysystem/ install/ rest-api/ security/
Modified: zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html
URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html?rev=1768149&r1=1768148&r2=1768149&view=diff
==============================================================================
--- zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html (original)
+++ zeppelin/site/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html Sat Nov 5 04:49:29 2016
@@ -215,7 +215,12 @@ limitations under the License.
<p>You can setup <strong>Zeppelin notebook authentication</strong> in some simple steps.</p>
-<h3>1. Secure the HTTP channel</h3>
+<h3>1. Enable Shiro</h3>
+
+<p>By default in <code>conf</code>, you will find <code>shiro.ini.template</code>, this file is used as an example and it is strongly recommended
+to create a <code>shiro.ini</code> file by doing the following command line <code>cp conf/shiro.ini.template conf/shiro.ini</code>.</p>
+
+<h3>2. Secure the HTTP channel</h3>
<p>To secure the HTTP channel, you have to change both <strong>anon</strong> and <strong>authc</strong> settings in <code>conf/shiro.ini</code>. In here, <strong>anon</strong> means "the access is anonymous" and <strong>authc</strong> means "formed auth security".</p>
@@ -229,16 +234,16 @@ limitations under the License.
</code></pre></div>
<p>For the further information about <code>shiro.ini</code> file format, please refer to <a href="http://shiro.apache.org/configuration.html#Configuration-INISections">Shiro Configuration</a>.</p>
-<h3>2. Secure the Websocket channel</h3>
+<h3>3. Secure the Websocket channel</h3>
<p>Set to property <strong>zeppelin.anonymous.allowed</strong> to <strong>false</strong> in <code>conf/zeppelin-site.xml</code>. If you don't have this file yet, just copy <code>conf/zeppelin-site.xml.template</code> to <code>conf/zeppelin-site.xml</code>.</p>
-<h3>3. Start Zeppelin</h3>
+<h3>4. Start Zeppelin</h3>
<div class="highlight"><pre><code class="text language-text" data-lang="text">bin/zeppelin-daemon.sh start (or restart)
</code></pre></div>
<p>Then you can browse Zeppelin at <a href="http://localhost:8080">http://localhost:8080</a>.</p>
-<h3>4. Login</h3>
+<h3>5. Login</h3>
<p>Finally, you can login using one of the below <strong>username/password</strong> combinations.</p>
@@ -326,8 +331,8 @@ securityManager.realms = $zeppelinHubRea
<h2>Secure your Zeppelin information (optional)</h2>
-<p>By default, anyone who defined in <code>[users]</code> can share <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information in Apache Zeppelin.
-Sometimes you might want to hide these information for your use case.
+<p>By default, anyone who defined in <code>[users]</code> can share <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information in Apache Zeppelin.
+Sometimes you might want to hide these information for your use case.
Since Shiro provides <strong>url-based security</strong>, you can hide the information by commenting or uncommenting these below lines in <code>conf/shiro.ini</code>.</p>
<div class="highlight"><pre><code class="text language-text" data-lang="text">[urls]
@@ -335,7 +340,7 @@ Since Shiro provides <strong>url-based s
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
</code></pre></div>
-<p>In this case, only who have <code>admin</code> role can see <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information.
+<p>In this case, only who have <code>admin</code> role can see <strong>Interpreter Setting</strong>, <strong>Credential</strong> and <strong>Configuration</strong> information.
If you want to grant this permission to other users, you can change <strong>roles[ ]</strong> as you defined at <code>[users]</code> section.</p>
<p><br/></p>