You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@zeppelin.apache.org by Xun Liu <ne...@163.com> on 2018/12/01 02:17:48 UTC

Re: Zeppelin Ticket Inconsistency

Hi Bradley Barber,

You need to use httpclient to support setting up the session(org.apache.httpcomponents:httpclient:4.5.3).
Log in to zeppelin's login, get the ticket, set it to the http session, Then you can do other operations.

You can also use the following steps to verify and experiment with curl.
The first step is to authentic through the API with a POST to /api/login

curl -i --data 'userName=admin&password=password1' -X POST http://127.0.0.1:9995/api/login
This should return a response like the following:

HTTP/1.1 200 OK
Date: Wed, 17 Aug 2016 10:07:22 GMT
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
Date: Wednesday, August 17, 2016 10:07:22 AM UTC
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
Content-Type: application/json
Date: Wed, 17 Aug 2016 10:07:22 GMT
Content-Length: 118
Server: Jetty(9.2.15.v20160210)

{"status":"OK","message":"","body":{"principal":"admin","ticket":"47a1fe3a-593d-47ce-85bb-f6e7238c6dcb","roles":"[]"}}
The important thing to see here is the Set-Cookie in the response headers.

Look for the following:

Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
Using this cookie we can make authorized request to the API by simply setting this as a cookie in the cURL request.

curl -i -b 'JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly' http://127.0.0.1:9995/api/notebook
This request should now return a 200 OK response after adding the JSESSIONID cookie.

HTTP/1.1 200 OK
Date: Wed, 17 Aug 2016 10:10:44 GMT
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization,Content-Type
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
Date: Wednesday, August 17, 2016 10:10:44 AM UTC
Content-Type: application/json
Date: Wed, 17 Aug 2016 10:10:44 GMT
Content-Length: 1012


> 在 2018年12月1日，上午1:34，Bradley Barber <bb...@phemi.com> 写道：
> 
> Hi all,
> 
> I'm noticing when I log into Zeppelin (0.8) via the REST api, although a Zeppelin Ticket is returned in the response, the Ticket value is not accessible within my Notebook via z.getInterpreterContext.getAuthenticationInfo.getTicket. It is accessible via this call when logging in with the GUI, however. My question is: is there a way to have the Ticket value set in the AuthinticationInfo object when logging in via REST? I am using authc authentication with shiro btw, in case that is relevant.
> 
> Thanks, 
> Bradley

Re: Zeppelin Ticket Inconsistency

Posted by Bradley Barber <bb...@phemi.com>.

Hi Xun Liu,

Thanks for the quick response. The curl commands you provided are the ones
I have been using. I then have been using the following to run a notebook:
*curl -i -b '<auth_cookie>' -X POST
http://<zeppelin_host_uri>/api/notebook/job/<notebook_id>*

However, one of the paragraphs in the notebook is currently expecting the
Zeppelin Ticket value to be set in the AuthinticationInfo object
(z.getInterpreterContext.getAuthenticationInfo.getTicket). This has worked
when running the notebook from the GUI, but now the requirement has arisen
to be able to run our notebooks from the Zeppelin REST endpoint as well.

When running the curl commands you suggested to authenticate the user then
trying to run the notebook using the returned cookie, the notebook is
failing because z.getInterpreterContext.getAuthenticationInfo.getTicket
returns an empty string. I have confirmed this by printing the
AuthenticationInfo object in another paragraph, the ticket field was indeed
empty when running the notebook via a REST call. Is the only way to set
this field by using an httpClient? If so, can you give an example of how an
httpClient could be used to set this field? I don't see how this would be
possible, but I must admit I am not very experienced with http.

On Fri, Nov 30, 2018 at 6:18 PM Xun Liu <ne...@163.com> wrote:

> Hi Bradley Barber,
>
> You need to use httpclient to support setting up the
> session(org.apache.httpcomponents:httpclient:4.5.3).
> Log in to zeppelin's login, get the ticket, set it to the http session,
> Then you can do other operations.
>
> You can also use the following steps to verify and experiment with curl.
>
> The first step is to authentic through the API with a POST to /api/login
>
>
>    1. curl -i --data 'userName=admin&password=password1' -X POST http://127.0.0.1:9995/api/login
>
> This should return a response like the following:
>
>
>    1. HTTP/1.1 200 OK
>    2. Date: Wed, 17 Aug 2016 10:07:22 GMT
>    3. Access-Control-Allow-Origin:
>    4. Access-Control-Allow-Credentials: true
>    5. Access-Control-Allow-Headers: authorization,Content-Type
>    6. Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
>    7. Date: Wednesday, August 17, 2016 10:07:22 AM UTC
>    8. Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
>    9. Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
>    10. Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 16-Aug-2016 10:07:22 GMT
>    11. Content-Type: application/json
>    12. Date: Wed, 17 Aug 2016 10:07:22 GMT
>    13. Content-Length: 118
>    14. Server: Jetty(9.2.15.v20160210)
>    15.
>    16. {"status":"OK","message":"","body":{"principal":"admin","ticket":"47a1fe3a-593d-47ce-85bb-f6e7238c6dcb","roles":"[]"}}
>
> The important thing to see here is the Set-Cookie in the response headers.
>
> Look for the following:
>
>
>    1. Set-Cookie: JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly
>
> Using this cookie we can make authorized request to the API by simply
> setting this as a cookie in the cURL request.
>
>
>    1. curl -i -b 'JSESSIONID=b1f15e00-4571-4079-a699-338bf619b0c4; Path=/; HttpOnly' http://127.0.0.1:9995/api/notebook
>
> This request should now return a 200 OK response after adding the
> JSESSIONID cookie.
>
>
>    1. HTTP/1.1 200 OK
>    2. Date: Wed, 17 Aug 2016 10:10:44 GMT
>    3. Access-Control-Allow-Origin:
>    4. Access-Control-Allow-Credentials: true
>    5. Access-Control-Allow-Headers: authorization,Content-Type
>    6. Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, HEAD, DELETE
>    7. Date: Wednesday, August 17, 2016 10:10:44 AM UTC
>    8. Content-Type: application/json
>    9. Date: Wed, 17 Aug 2016 10:10:44 GMT
>    10. Content-Length: 1012
>
>
>
> 在 2018年12月1日，上午1:34，Bradley Barber <bb...@phemi.com> 写道：
>
> Hi all,
>
> I'm noticing when I log into Zeppelin (0.8) via the REST api, although a
> Zeppelin Ticket is returned in the response, the Ticket value is not
> accessible within my Notebook
> via z.getInterpreterContext.getAuthenticationInfo.getTicket. It is
> accessible via this call when logging in with the GUI, however. My question
> is: is there a way to have the Ticket value set in the AuthinticationInfo
> object when logging in via REST? I am using authc authentication with shiro
> btw, in case that is relevant.
>
> Thanks,
> Bradley
>
>
>