You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@zeppelin.apache.org by Ruslan Dautkhanov <da...@gmail.com> on 2016/11/30 18:39:21 UTC
shiro.ini [urls] authorization: lock Zeppelin to one user
Until we have a good multitenancy support in Zeppelin, we'd have to run
individual Zeppelin instances for each user.
We were trying to use following shiro.ini configurations:
> [urls]
> /api/version = anon
> /** = user["rdautkhanov@CORP.DOMAIN"]
Also tried
> /** = authc, user["rdautkhanov@CORP.DOMAIN"]
none works in a sense that other users after successful LDAP authentication
can create their own notebooks in other user's Zeppelin instances.
shiro.ini has [users] and [roles] sections are empty.
[main] section configures LDAP authentication backend which works as
expected.
rdautkhanov@CORP.DOMAIN is actual user name which is used in LDAP
authentication.
How to make [urls] section let only one specific user in?
Again, neither
> /** = user["rdautkhanov@CORP.DOMAIN"]
nor
> /** = authc, user["rdautkhanov@CORP.DOMAIN"]
work as we expect.
LDAP authentication works as expected; we're struggling with authorization
-
to lock Zeppelin in [urls] to one user (or a few users).
Thank you,
Ruslan