Elgato_dark/zeppelin
1
0
Fork 0
mirror of https://github.com/apache/zeppelin synced 2026-05-24 09:38:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Enabling authentication with OpenId connect

Browse source
This commit is contained in:
andrea 2017-05-16 17:33:41 +01:00
parent 07a5b15d16
commit 4ce91213ee
5 changed files with 86 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
conf/shiro.ini.template
View file

@ -55,6 +55,30 @@ user3 = password4, role2
#zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com
#securityManager.realms = $zeppelinHubRealm
### A sample for configuring OIDC Pac4J managed login(i.e. Keycloak)
#oidcConfig = org.pac4j.oidc.config.OidcConfiguration
#oidcConfig.discoveryURI = <your instance>/realms/<your realm>/.well-known/openid-configuration
#oidcConfig.clientId = <your client name>
#oidcConfig.secret = <your secret>
#oidcConfig.clientAuthenticationMethodAsString = client_secret_basic
#oidcClient = org.pac4j.oidc.client.OidcClient
#oidcClient.configuration = $oidcConfig
#clients = org.pac4j.core.client.Clients
#clients.callbackUrl = http://<zeppelin ip>:8080/api/callback
#clients.clients = $oidcClient
#requireRoleAdmin = org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer
#requireRoleAdmin.elements = <your role>
#config = org.pac4j.core.config.Config
#config.clients = $clients
#config.authorizers = admin:$requireRoleAdmin
#pac4jRealm = io.buji.pac4j.realm.Pac4jRealm
#pac4jSubjectFactory = io.buji.pac4j.subject.Pac4jSubjectFactory
#securityManager.subjectFactory = $pac4jSubjectFactory
#oidcSecurityFilter = io.buji.pac4j.filter.SecurityFilter
#oidcSecurityFilter.config = $config
#oidcSecurityFilter.clients = oidcClient
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
@ -82,5 +106,6 @@ admin = *
#/api/interpreter/** = authc, roles[admin]
#/api/configurations/** = authc, roles[admin]
#/api/credential/** = authc, roles[admin]
#/api/callback = callbackFilter
#/** = anon
/** = authc

21
pom.xml
View file

@ -105,7 +105,9 @@
<commons.io.version>2.4</commons.io.version>
<commons.collections.version>3.2.1</commons.collections.version>
<commons.logging.version>1.1.1</commons.logging.version>
<shiro.version>1.2.3</shiro.version>
<shiro.version>1.3.2</shiro.version>
<pac4j.version>1.9.8</pac4j.version>
<buji.version>2.2.0</buji.version>
<!-- test library versions -->
<junit.version>4.12</junit.version>
@ -252,6 +254,23 @@
<version>${shiro.version}</version>
</dependency>
<!-- OpenId Connect -->
<dependency>
<groupId>io.buji</groupId>
<artifactId>buji-pac4j</artifactId>
<version>${buji.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-core</artifactId>
<version>${pac4j.version}</version>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oidc</artifactId>
<version>${pac4j.version}</version>
</dependency>
<!-- Test libraries -->
<dependency>
<groupId>junit</groupId>

23
zeppelin-server/pom.xml
View file

@ -113,6 +113,27 @@
<artifactId>shiro-web</artifactId>
</dependency>
<dependency>
<groupId>io.buji</groupId>
<artifactId>buji-pac4j</artifactId>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-core</artifactId>
</dependency>
<dependency>
<groupId>org.pac4j</groupId>
<artifactId>pac4j-oidc</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.kohsuke</groupId>
<artifactId>libpam4j</artifactId>
@ -487,7 +508,7 @@
</dependencies>
</dependencyManagement>
</profile>
<profile>
<id>using-source-tree</id>
<activation>

19
zeppelin-web/src/app/app.js
View file

@ -129,6 +129,7 @@ let zeppelinWebApp = angular.module('zeppelinWebApp', requiredModules)
// handel logout on API failure
.config(function ($httpProvider, $provide) {
$httpProvider.defaults.headers.common['X-Requested-With'] = 'XMLHttpRequest'
$provide.factory('httpInterceptor', function ($q, $rootScope) {
return {
'responseError': function (rejection) {
@ -146,6 +147,7 @@ let zeppelinWebApp = angular.module('zeppelinWebApp', requiredModules)
})
.constant('TRASH_FOLDER_ID', '~Trash')
function auth () {
let $http = angular.injector(['ng']).get('$http')
let baseUrlSrv = angular.injector(['zeppelinWebApp']).get('baseUrlSrv')
@ -158,12 +160,27 @@ function auth () {
},
crossDomain: true
})
return $http.get(baseUrlSrv.getRestApiBase() + '/security/ticket').then(function (response) {
var config = {headers: {
"X-Requested-With": "XMLHttpRequest"
}
}
return $http.get(baseUrlSrv.getRestApiBase() + '/security/ticket', config).then(function (response) {
zeppelinWebApp.run(function ($rootScope) {
$rootScope.ticket = angular.fromJson(response.data).body
$rootScope.ticket.screenUsername = $rootScope.ticket.principal
if ($rootScope.ticket.principal.startsWith("#Pac4j")) {
let re = ", name=(.*?),"
$rootScope.ticket.screenUsername = $rootScope.ticket.principal.match(re)[1]
}
})
}, function (errorResponse) {
// Handle error case
var redirect = errorResponse.headers('Location')
if (errorResponse.status == 401 && redirect != undefined) {
//handle page redirect
window.location.href = redirect
}
})
}

2
zeppelin-web/src/components/navbar/navbar.html
View file

@ -86,7 +86,7 @@ limitations under the License.
<i ng-if="!navbar.connected" class="fa fa-circle server-disconnected"
uib-tooltip="WebSocket Disconnected" tooltip-placement="bottom" style="margin-top: 7px; vertical-align: top"></i>
<button ng-if="ticket" class="nav-btn dropdown-toggle" type="button" data-toggle="dropdown" style="margin:11px 5px 0 0; padding-left: 0px;">
<span class="username">{{ticket.principal}}</span>
<span class="username">{{ticket.screenUsername}}</span>
<span class="caret" style="margin-bottom: 8px"></span>
</button>
<span ng-if="!ticket" style="margin: 5px;"></span>