You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Hadrien Kohl (Jira)" <ji...@apache.org> on 2019/12/19 16:03:00 UTC
[jira] [Created] (ZEPPELIN-4495) Shiro session from websocket
Hadrien Kohl created ZEPPELIN-4495:
--------------------------------------
Summary: Shiro session from websocket
Key: ZEPPELIN-4495
URL: https://issues.apache.org/jira/browse/ZEPPELIN-4495
Project: Zeppelin
Issue Type: Improvement
Components: NotebookRepo, zeppelin-server
Affects Versions: 0.8.2
Reporter: Hadrien Kohl
Hi,
I am looking at shiro integration with zeppelin. My goal was to get a hold of the shiro subject/principal in the notebook repository in order to forward a JWT (OICD integration).
Since the NotebookRepo contains AuthenticationInfo in all its methods I expected to be able to find the user session as describe on their documentation:
{code:java}
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
{code}
This approach does not work since the methods of the notebook repository interface are getting called from the websocket listener and shiro does not seem to intercept websocket calls (I could not find much information about this I must say so I am not event sure this is possible).
Regardless, after digging a bit I realized that the security model for the websocket is based on some sort of "ticket" map where the key is the user name.
I am wondering if that could be done using a normal servlet/filter/shiro pattern? If so, is this something that is planned to be done at some point?
Regards,
Hadrien
--
This message was sent by Atlassian Jira
(v8.3.4#803005)