You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Hadrien Kohl (Jira)" <ji...@apache.org> on 2019/12/19 16:03:00 UTC

[jira] [Created] (ZEPPELIN-4495) Shiro session from websocket

Hadrien Kohl created ZEPPELIN-4495:
--------------------------------------

             Summary: Shiro session from websocket
                 Key: ZEPPELIN-4495
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4495
             Project: Zeppelin
          Issue Type: Improvement
          Components: NotebookRepo, zeppelin-server
    Affects Versions: 0.8.2
            Reporter: Hadrien Kohl


Hi,

I am looking at shiro integration with zeppelin. My goal was to get a hold of the shiro subject/principal in the notebook repository in order to forward a JWT (OICD integration).

Since the NotebookRepo contains AuthenticationInfo in all its methods I expected to be able to find the user session as describe on their documentation:
{code:java}
Subject currentUser = SecurityUtils.getSubject();
Session session = currentUser.getSession();
{code}
This approach does not work since the methods of the notebook repository interface are getting called from the websocket listener and shiro does not seem to intercept websocket calls (I could not find much information about this I must say so I am not event sure this is possible).

Regardless, after digging a bit I realized that the security model for the websocket is based on some sort of "ticket" map where the key is the user name. 

I am wondering if that could be done using a normal servlet/filter/shiro pattern? If so, is this something that is planned to be done at some point?

 

Regards, 

Hadrien



--
This message was sent by Atlassian Jira
(v8.3.4#803005)