ZEPPELIN-2825 - Fix Zeppelin to support any of the Shiro roles

2026-05-24 09:38:26 +00:00 · 2017-08-02 15:40:01 -07:00 · 2017-08-02 15:40:01 -07:00 · c5fc9deac9
commit c5fc9deac9
parent c66f909179
1 changed files with 37 additions and 0 deletions
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesAuthorizationFilter.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesAuthorizationFilter.java
@ -0,0 +1,37 @@
+package org.apache.zeppelin.utils;
+
+import org.apache.shiro.subject.Subject;
+import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;
+
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import java.io.IOException;
+
+/**
+ * Allows access if current user has at least one role of the specified list.
+ * <p>
+ * Basically, it's the same as {@link RolesAuthorizationFilter} but using {@literal OR} instead
+ * of {@literal AND} on the specified roles.
+ */
+public class AnyOfRolesAuthorizationFilter extends RolesAuthorizationFilter {
+
+  @Override
+  public boolean isAccessAllowed(ServletRequest request, ServletResponse response,
+                                 Object mappedValue) throws IOException {
+
+    final Subject subject = getSubject(request, response);
+    final String[] rolesArray = (String[]) mappedValue;
+
+    if (rolesArray == null || rolesArray.length == 0) {
+      //no roles specified, so nothing to check - allow access.
+      return true;
+    }
+
+    for (String roleName : rolesArray) {
+      if (subject.hasRole(roleName)) {
+        return true;
+      }
+    }
+    return false;
+  }
+}