shiro.ini [urls] authorization: lock Zeppelin to one user

[Ruslan Dautkhanov <da...@gmail.com>]

Until we have a good multitenancy support in Zeppelin, we'd have to run
individual Zeppelin instances for each user.

We were trying to use following shiro.ini configurations:

> [urls]
> /api/version = anon
> /** = user["rdautkhanov@CORP.DOMAIN"]


Also tried

> /** = authc, user["rdautkhanov@CORP.DOMAIN"]


none works in a sense that other users after successful LDAP authentication
can create their own notebooks in other user's Zeppelin instances.

shiro.ini has [users] and [roles] sections are empty.

[main] section configures LDAP authentication backend which works as
expected.

rdautkhanov@CORP.DOMAIN is actual user name which is used in LDAP
authentication.

How to make [urls] section let only one specific user in?
Again, neither

> /** = user["rdautkhanov@CORP.DOMAIN"]

nor

> /** = authc, user["rdautkhanov@CORP.DOMAIN"]

work as we expect.

LDAP authentication works as expected; we're struggling with authorization
-
to lock Zeppelin in [urls] to one user (or a few users).


Thank you,
Ruslan