You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by vrathor-hwx <gi...@git.apache.org> on 2016/12/19 20:35:37 UTC

[GitHub] zeppelin pull request #1784: [ZEPPELIN-1840] Allow fully qualified username ...

GitHub user vrathor-hwx opened a pull request:

    https://github.com/apache/zeppelin/pull/1784

    [ZEPPELIN-1840] Allow fully qualified username when principalSuffix is used

    ### What is this PR for?
    When principalSuffix is defined in shiro.ini, only the short username are allowed and any attempt with fully qualified user name will result in the login error.
    
    ### What type of PR is it?
    [Bug Fix]
    
    ### What is the Jira issue?
    [ZEPPELIN-1840](https://issues.apache.org/jira/browse/ZEPPELIN-1840)
    
    ### How should this be tested?
    1. Configure Zeppelin for Active Directory user authentication by using ActiveDirectoryGroupRealm in shiro.ini
    2. Define activeDirectoryGroupRealm.principalSuffix = @DOMAIN.COM in shiro.ini
    3. Restart Zeppelin and try to login via short username i.e. "user1" and fully qualified username i.e. "user1@DOMAIN.COM".
    4. Expected Result: Login should be permitted for both type of user names
    
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vrathor-hwx/zeppelin fix-principal-suffix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/1784.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1784
    
----
commit c8d4cc0a992d4ff074bc3985be9914a6879ff5da
Author: Vipin Rathor <vr...@hortonworks.com>
Date:   2016-12-19T20:06:33Z

    Allow fully qualified username to be used for login when principalSuffix is defined
    
    Adding extra check in ActiveDirectoryGroupRealm for principalSuffix. Now the
    principalSuffix will be added to username only when the supplied username does
    not contain any domain name starting with '@'.
    
    This will allow AD user authentication with both short & fully qualified user
    names.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1784: [ZEPPELIN-1840] Allow fully qualified username ...

Posted by vrathor-hwx <gi...@git.apache.org>.

GitHub user vrathor-hwx reopened a pull request:

    https://github.com/apache/zeppelin/pull/1784

    [ZEPPELIN-1840] Allow fully qualified username when principalSuffix is used

    ### What is this PR for?
    When principalSuffix is defined in shiro.ini, only the short username are allowed and any attempt with fully qualified user name will result in the login error.
    
    ### What type of PR is it?
    [Bug Fix]
    
    ### What is the Jira issue?
    [ZEPPELIN-1840](https://issues.apache.org/jira/browse/ZEPPELIN-1840)
    
    ### How should this be tested?
    1. Configure Zeppelin for Active Directory user authentication by using ActiveDirectoryGroupRealm in shiro.ini
    2. Define activeDirectoryGroupRealm.principalSuffix = @DOMAIN.COM in shiro.ini
    3. Restart Zeppelin and try to login via short username i.e. "user1" and fully qualified username i.e. "user1@DOMAIN.COM".
    4. Expected Result: Login should be permitted for both type of user names
    
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions? No
    * Does this needs documentation? No


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/vrathor-hwx/zeppelin fix-principal-suffix

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/1784.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1784
    
----
commit c8d4cc0a992d4ff074bc3985be9914a6879ff5da
Author: Vipin Rathor <vr...@hortonworks.com>
Date:   2016-12-19T20:06:33Z

    Allow fully qualified username to be used for login when principalSuffix is defined
    
    Adding extra check in ActiveDirectoryGroupRealm for principalSuffix. Now the
    principalSuffix will be added to username only when the supplied username does
    not contain any domain name starting with '@'.
    
    This will allow AD user authentication with both short & fully qualified user
    names.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1784: [ZEPPELIN-1840] Allow fully qualified username when pr...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/1784
  
    Merging this if no more discussion.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin issue #1784: [ZEPPELIN-1840] Allow fully qualified username when pr...

Posted by prabhjyotsingh <gi...@git.apache.org>.

Github user prabhjyotsingh commented on the issue:

    https://github.com/apache/zeppelin/pull/1784
  
    LGTM!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1784: [ZEPPELIN-1840] Allow fully qualified username ...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/zeppelin/pull/1784


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] zeppelin pull request #1784: [ZEPPELIN-1840] Allow fully qualified username ...

Posted by vrathor-hwx <gi...@git.apache.org>.

Github user vrathor-hwx closed the pull request at:

    https://github.com/apache/zeppelin/pull/1784


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---