Issue with permissionsByRole field in Shiro integration

[Yan Yang <ya...@deserve.com>]

Hi

I am trying to integrate Shiro with LDAP auth.

I have followed the setup guide on
https://zeppelin.apache.org/docs/latest/setup/security/shiro_authentication.html
and
noticed one issue.

The example refers to this configuration:

ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*,
*:ToDoItem:*:*; admin_role = *


Per the Shrio implementation
<https://github.com/apache/shiro/blob/master/config/ogdl/src/main/java/org/apache/shiro/config/ReflectionBuilder.java#L470-L486>,
the right format should be:

ldapRealm.permissionsByRole= user_role : "*:ToDoItemsJdo:*:*,
*:ToDoItem:*:*", admin_role: *


However, even if I use this format, I still could not get the correct
*permissionsByRole* field in my *LdapRealm* object. The issue seems to lie
in the fact that the field is defined as *Map<String, List<String>>* and
the current Shiro ini format cannot take care of such nested collection
types. (This is the only field in the class with a nested collection type)

The parsing of the ini file will skip this particular configuration and the
generated *LdapRealm* object will have null *permissionsByRole*. (Please
refer to the attached sample *shiro.ini* and *ShiroTest.java* to illustrate
this problem)

If I change the configuration to

ldapRealm.permissionsByRole[user_role] = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*

ldapRealm.permissionsByRole[admin_role] = *


the parsing of the ini file will result in a *Map<String, String> *field
and will hit type mismatch downstream when checking for permissions.

Thanks
Yan