mirror of
https://github.com/apache/zeppelin
synced 2026-05-24 09:38:26 +00:00
24 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
astroshim
|
b7307d49de |
[ZEPPELIN-1567] Let JDBC interpreter use user credential information.
### What is this PR for? This PR is for the multi-tenant of JDBC Interpreter. User can create a user/password for JDBC account at the [Credential page](http://zeppelin.apache.org/docs/0.7.0-SNAPSHOT/security/datasource_authorization.html). The `Entity` of `Credential` is match with JDBC interpreter group name. If the account for JDBC is not setted in the `Interpreter property` then use `Credential`'s. ### What type of PR is it? Improvement ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-1567 ### How should this be tested? Please refer to testMultiTenant() of JDBCInterpreterTest/ ### Screenshots (if appropriate) ### Questions: - Does the licenses files need update? no - Is there breaking changes for older versions? no - Does this needs documentation? no Author: astroshim <hsshim@nflabs.com> Closes #1539 from astroshim/jdbc-impersonation and squashes the following commits: |
||
|
Lee moon soo
|
5b1b811540 |
[ZEPPELIN-1644] make document easier to follow key instructions
### What is this PR for? Doc should deliver key features and recommended usage more simple and easy way. - docs/install/install.md has lots of duplicated section with README.md. - docs/install/install.md includes install from binary as well as build from source. I've seen that makes some beginners try download binary and then source build it again. - recommended and key usage need to be highlighted. - Be less verbose in key instructions. Move optional, additional info from in the middle of key instruction to end of the each page. ### What type of PR is it? Improvement ### Todos * [x] - improve doc ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-1644 ### How should this be tested? Run doc locally ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: Lee moon soo <moon@apache.org> Closes #1615 from Leemoonsoo/ZEPPELIN-1644 and squashes the following commits: |
||
|
hkropp
|
f866d234a1 |
[Zeppelin-1611] - Support PAM (System User) Authentication
### What is this PR for?
This PR adds [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) authentication support based on the introduced Shiro security implementation. With PAM support system users have immediate access to a secured Zeppelin instance.
### What type of PR is it?
Feature
### Todos
* [x] - Create PAM realm
* [x] - Create test for PAM authentication
* [x] - Test with running Zeppelin instance
### What is the Jira issue?
[ZEPPELIN-1611](https://issues.apache.org/jira/browse/ZEPPELIN-1611])
### How should this be tested?
`PamRealmTest` executes an automated test if the environment variables `PAM_USER` and `PAM_PASS` are set. This should be set to system username and password.
The test also includes a main function to manually execute the test. Setting the environment variables for example on MacOS for your IDE use `launchctl setenv PAM_USER user` and `launchctl setenv PAM_PASS xxxxx`, the test can then be run from your IDE.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Yes
Author: hkropp <hkropp@hortonworks.com>
Closes #1589 from hkropp/ZEPPELIN-1611 and squashes the following commits:
|
||
|
Mohammad Amin Khashkhashi Moghaddam
|
9071a09b13 |
[DOC] Add /ws for nginx websocket configuration
### What is this PR for?
It's a bit misleading that both regular webserver location and websocket location use the exact same address. It's better to specify that websocket requests should be proxy-passed to `/ws` subdirectory.
### What type of PR is it?
Documentation
### Questions:
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? no
Author: Mohammad Amin Khashkhashi Moghaddam <amin.moghaddamV@gmail.com>
Closes #1573 from m30m/patch-2 and squashes the following commits:
|
||
|
Anthony Corbacho
|
f7c7efdb86 |
[DOC] Update shiro after merging #1568
### What is this PR for? A simple update of the documentation to let user know how that they need to copy `shiro.ini.template` to `shiro.ini` ### What type of PR is it? [Documentation] ### Screenshots (if appropriate)  ### Questions: * Does the licenses files need update? NO * Is there breaking changes for older versions? NO * Does this needs documentation? NO Author: Anthony Corbacho <corbacho.anthony@gmail.com> Closes #1571 from anthonycorbacho/doc/ShiroTemplate and squashes the following commits: |
||
|
AhyoungRyu
|
821b61bb6b |
[DOCS] Fix dead link in docs/datasource_authorization.md
### What is this PR for? A link for `the community interpreters` in [here](http://zeppelin.apache.org/docs/0.7.0-SNAPSHOT/security/datasource_authorization.html#please-note) is pointing to `../manual/interpreterinstallation.md#available-community-managed-interpreters` now. It should be `../manual/interpreterinstallation.html#available-community-managed-interpreters`. ### What type of PR is it? Bug Fix & Documenation ### What is the Jira issue? no Jira issue ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: AhyoungRyu <ahyoungryu@apache.org> Closes #1498 from AhyoungRyu/fix/deadlink and squashes the following commits: |
||
|
Rohit Choudhary
|
5ac3faeba4 |
[ZEPPELIN-530] Added changes for Credential Provider, using hadoop commons Credential apis
### What is this PR for? This is the first step in order to ensure clear text passwords are not stored in the configuration files. To start with this PR will take care of getting AD system password from the .jceks file, configured by the user specified in the shiro.ini file. Going forward the same keystore can be used to read passwords for other systems as well. If the hadoopSecurityCredentialPath path is present and not empty in the shiro.ini, then the password is read from the keystore file and it need not be stored inside the shiro.ini file. ### What type of PR is it? [ Improvement] ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-530 ### How should this be tested? Create a keystore file using the hadoop credential commandline, for this the hadoop commons should be in the classpath `hadoop credential create activeDirectoryRealm.systempassword -provider jceks://file/user/zeppelin/conf/zeppelin.jceks` Change the following values in the Shiro.ini file, and uncomment the line: `activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/conf/zeppelin.jceks` ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No. This is an additional option. * Does this needs documentation? Yes ### Tasks * Documentation Author: Rohit Choudhary <rconline@gmail.com> Closes #1315 from rconline/ZEPPELIN-530 and squashes the following commits: |
||
|
AhyoungRyu
|
85d4df4f0c |
[ZEPPELIN-1219] Add searching feature to Zeppelin docs site
### What is this PR for? As more and more document pages are added, it's really hard to find specific pages. So I added searching feature to Zeppelin documentation site([jekyll](https://jekyllrb.com/) based site) using [lunr.js](http://lunrjs.com/). - **How does it work?** I created [`search_data.json`]( |
||
|
Anthony Corbacho
|
e6f51e7183 |
[ZEPPELIN-1164] ZeppelinHub Realm
### What is this PR for? Add a new Shiro Realm that lets users authenticate in Apache Zeppelin using their ZeppelinHub credentials. ### What type of PR is it? `Feature` ### Todos * [x] - Create ZeppelinHub Realm that extends `AuthorizingRealm`. * [x] - Update `shiro.ini` file and add ZeppelinHub configuration template. * [x] - Add documentation ### What is the Jira issue? [Issue 1164](https://issues.apache.org/jira/browse/ZEPPELIN-1164) ### How should this be tested? - Assuming that you already have an account [Zeppelinhub](https://www.zeppelinhub.com/register), edit `conf/shiro.ini` file and uncomment ZeppelinHub related configuration. - Start your Zeppelin - Login with your ZeppelinHub credentials. ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? YES Author: Anthony Corbacho <corbacho.anthony@gmail.com> Closes #1173 from anthonycorbacho/feat/ZeppelinHubAuthentication and squashes the following commits: |
||
|
AhyoungRyu
|
1a2cceddf3 |
[ZEPPELIN-987] Enable user to secure interpreter setting, credentials and configurations info
### What is this PR for? For some user cases, people might want to hide **Interpreter Setting**, **Credentials** and **Configurations** information to other users (who are defined in `conf/shiro.ini`). So I added ``` #/api/interpreter/** = authc, roles[admin] #/api/configurations/** = authc, roles[admin] #/api/credential/** = authc, roles[admin] ``` below the [ [urls] ](https://github.com/apache/zeppelin/blob/master/conf/shiro.ini#L38) section. This issue was originally suggested at [Zeppelin user mailing list](https://mail-archives.apache.org/mod_mbox/zeppelin-users/201606.mbox/%3CCAPgU7Y%3DBJrXQ_P0ond4PTukoya0FEjwoPuUb31iN3qwo8iyM1Q%40mail.gmail.com%3E) by TomNorden ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Add `interpreter`, `credential` and `configuration` url to `conf/shiro.ini` * [x] - Update `shiroauthentication.md` for this change * [x] - Redirect to home with ngToast error message when status is `401` * [x] - Rebase after #1100 merged and add error message to `Credential` menu as well ### What is the Jira issue? [ZEPPELIN-987](https://issues.apache.org/jira/browse/ZEPPELIN-987) ### How should this be tested? 1. Apply this patch and restart Zeppelin 2. Login with `admin` and `password1` 3. Go to interpreter, credential and configuration tab -> You can see all of the information in each tabs 4. Logout -> Login again with `user1` and `password2` 5. Go to interpreter, credential and configuration tab -> In this time, you can't see all of the information in each tabs ### Screenshots (if appropriate) - When you login with `user1` (doesn't have permission to see the interpreter, credential and cofiguration info) - interpreter menu  - configuration menu  - credential menu  - `shiroauthentication.md` <img width="807" alt="screen shot 2016-06-10 at 12 25 02 pm" src="https://cloud.githubusercontent.com/assets/10060731/15976949/a49bc542-2f0a-11e6-8869-8575ba8f1875.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? Yes, so I updated. Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #993 from AhyoungRyu/ZEPPELIN-987 and squashes the following commits: |
||
|
AhyoungRyu
|
d87f2e5dfb |
[ZEPPELIN-1054] Improve "Credentials" UI
### What is this PR for? Currently, users can add new their credential info for data source authentication in Zeppelin "Credentials" menu. Even though it was saved successfully, they can't see the whole list of credentials in Zeppelin UI. This PR enables to `get` all credential list, `edit` and `remove` via UI. *NOTE : Since this patch was implemented based on #1030 API, should be tested after #1030 merged.* ### What type of PR is it? Improvement & Documentation ### Todos * [x] - rename `interpreter_authorization.md` -> `datasource_authorization.md` * [x] - remove `Interpreter Authorization` section (since we don't have this feature yet : [ZEPPELIN-945](https://issues.apache.org/jira/browse/ZEPPELIN-945)) * [x] - rebase after #1030 & #1064 merged * [ ] - address reviews ### What is the Jira issue? [ZEPPELIN-1054](https://issues.apache.org/jira/browse/ZEPPELIN-1054) ### How should this be tested? 1. Apply this patch and build `zeppelin-web` as described in [here](https://github.com/apache/zeppelin/tree/master/zeppelin-web#configured-environment). 2. Go to `Credentials` menu. 3. Add new credentials -> you can see the credential info in the credential list table. 4. You can edit & delete them. -> Compare with `conf/credentials.json` ### Screenshots (if appropriate) - Before <img width="952" alt="screen shot 2016-06-28 at 12 37 10 am" src="https://cloud.githubusercontent.com/assets/10060731/16407604/69b0c4d8-3cc9-11e6-8284-9abe2969cdc1.png"> - After  If there is no credential <img width="957" alt="screen shot 2016-06-28 at 12 19 46 am" src="https://cloud.githubusercontent.com/assets/10060731/16407620/7838995e-3cc9-11e6-90ba-1bd0173a1b49.png"> - `datasource_authorization.md` <img width="845" alt="screen shot 2016-06-28 at 7 58 24 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439169/d4026034-3d6a-11e6-930f-86de12e5fc49.png"> <img width="851" alt="screen shot 2016-06-28 at 7 58 44 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439170/d62f2842-3d6a-11e6-9d3f-ecc5cda29c77.png"> <img width="846" alt="screen shot 2016-06-28 at 8 00 20 pm" src="https://cloud.githubusercontent.com/assets/10060731/16439200/fed58390-3d6a-11e6-9aa2-8cff5a1b7b66.png"> ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? yes Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #1100 from AhyoungRyu/ZEPPELIN-1054 and squashes the following commits: |
||
|
AhyoungRyu
|
5975125f18 |
[ZEPPELIN-1018] Apply auto "Table of Contents" generator to Zeppelin docs website
### What is this PR for? I added auto TOC(Table of Contents) generator for Zeppelin documentation website. TOC can help people looking through whole contents at a glance and finding what they want quickly. I just added `<div id="toc"></div>` to the each documentation header. [`toc`](https://github.com/apache/zeppelin/compare/master...AhyoungRyu:ZEPPELIN-1018?expand=1#diff-85af09fb498a5667ea455391533f945dR3) recognize `<h2>` & `<h3>` as a title in the docs and it automatically generate TOC. So I set a rule for this work. (I'll write this rule on `docs/CONTRIBUTING.md` or [docs/howtocontributewebsite](https://zeppelin.apache.org/docs/0.6.0-SNAPSHOT/development/howtocontributewebsite.html)). ``` # Level-1 Heading <- Use only for the main title of the page ## Level-2 Heading <- Start with this one ### Level-3 heading <- Only use this one for child of Level-2 toc only recognize Level-2 & Level-3 ``` Please see the below attached screenshot image. ### What type of PR is it? Improvement & Documentation ### Todos * [x] - Add TOC generator * [x] - Apply TOC(`<div id="toc"></div>`) to every documentation and reorganize each headers(apply the above rule) * [x] - Fix some broken code block in several docs * [x] - Apply TOC to `r.md` (Currently R docs has some duplicated info since [this one]( |
||
|
Prabhjyot Singh
|
24922e1036 |
[Zeppelin 946] Permissions not honoring group
### What is this PR for? Error: Insufficient privileges to write notebook. Allowed users or roles: [admin, zeppelinWrite] But the user randerson belongs to: [randerson] It's seems clear that user randerson isn't mapped to any roles, or groups (even though he of course is a member of the zeppelinWrite group in AD and as a result also part of the local admin Role). A TCPDUMP reveals that during login, all of my group memberships are in fact returned during the ldap bind operation. However, when I attempt to modify a notebook, a call is never made to AD, to pull back my group memberships. It doesn't seem to look at my local group memberships (/etc/group) either. ### What type of PR is it? [Bug Fix] ### Todos * [x] - fix for permissions not honoring group * [x] - read roles from shiro.ini * [x] - at times group name was displaying instead of user/principal name. * [x] - doc ### What is the Jira issue? [ZEPPELIN-946](https://issues.apache.org/jira/browse/ZEPPELIN-946) ### Screenshots/How should this be tested? Use one of the following setting for IniRealm, LDAP or AD in shiro.ini [main] admin = password1, admin finance1 = finance1, finance finance2 = finance2, finance hr1 = hr1, hr hr2 = hr2, hr activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm activeDirectoryRealm.systemUsername = userNameA activeDirectoryRealm.systemPassword = passwordA activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM activeDirectoryRealm.url = ldap://ldap.test.com:389 activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr" activeDirectoryRealm.authorizationCachingEnabled = false ldapRealm = org.apache.zeppelin.server.LdapGroupRealm # search base for ldap groups (only relevant for LdapGroupRealm): ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM ldapRealm.contextFactory.url = ldap://ldap.test.com:389 ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM ldapRealm.contextFactory.authenticationMechanism = SIMPLE [roles] admin = * hr = * finance = * group1 = * [urls] /api/version = anon /** = authc Login as user1 (say finance1), and set a permission of a notebook as "finance" <img width="1282" alt="screen shot 2016-06-11 at 9 50 32 am" src="https://cloud.githubusercontent.com/assets/674497/15983178/aad710ee-2fbc-11e6-861d-508ecc8c7b74.png"> Save setting <img width="1281" alt="screen shot 2016-06-11 at 9 51 05 am" src="https://cloud.githubusercontent.com/assets/674497/15983180/aad86ea8-2fbc-11e6-8b68-4571496ec733.png"> Now logout and login as user2 (say finance2) which belong to the same group as above "finance", verify that you have access to the same notebook. <img width="1282" alt="screen shot 2016-06-11 at 9 51 25 am" src="https://cloud.githubusercontent.com/assets/674497/15983181/aad9a78c-2fbc-11e6-8a41-a3dc108cabdc.png"> Logout and login again, this time as a user that does not belong to the group "finance", a user say hr1. Verify that this user does not have permission to view the same notebook. <img width="1281" alt="screen shot 2016-06-11 at 9 51 42 am" src="https://cloud.githubusercontent.com/assets/674497/15983179/aad7794e-2fbc-11e6-9002-f7b0fc54ac59.png"> ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes #986 from prabhjyotsingh/ZEPPELIN-946 and squashes the following commits: |
||
|
Prabhjyot Singh
|
5252ea7a74 |
[ZEPPELIN-980] missing "incubation-" references
### What is this PR for?
This is extension to https://github.com/apache/zeppelin/pull/983, with missing references of incubation.
### What type of PR is it?
[Improvement]
### What is the Jira issue?
[ZEPPELIN-980](https://issues.apache.org/jira/browse/ZEPPELIN-980)
### Questions:
* Does the licenses files need update? no
* Is there breaking changes for older versions? no
* Does this needs documentation? no
Author: Prabhjyot Singh <prabhjyotsingh@gmail.com>
Closes #992 from prabhjyotsingh/ZEPPELIN-980 and squashes the following commits:
|
||
|
Mina Lee
|
81adf09f21 |
[ZEPPELIN-980] Move git repository from incubator-zeppelin to zeppelin
### What is this PR for? git repo infra have moved from incubator-zeppelin to zeppelin ### What type of PR is it? Hot Fix ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Mina Lee <minalee@apache.org> Closes #983 from minahlee/ZEPPELIN-980 and squashes the following commits: |
||
|
AhyoungRyu
|
8553a08803 |
[ZEPPELIN-939] Improve notebook authorization documentation
### What is this PR for? Currently Zeppelin provides authorization mechanism on each notebooks. But it seems many users can not get much useful information through [the existing notebook authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/notebook_authorization.html). So I add some information so that users can follow step by step. Moreover, [interpreter authorization docs](https://zeppelin.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/interpreter_authorization.html) doesn't provide much information so far. This can be confused to users. So I removed it temporally. We can add it again when we have specific(?) feature for `interpreter & data source authorization`. ### What type of PR is it? Improvement | Documentation ### Todos * [x] - Remove security_overview.md & interpreter_authorization.md * [x] - Improve notebook authorization docs ### What is the Jira issue? [ZEPPELIN-939](https://issues.apache.org/jira/browse/ZEPPELIN-939) ### How should this be tested? ### Screenshots (if appropriate) - **Before** <img width="1107" alt="screen shot 2016-06-01 at 5 46 22 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730358/cf8074ec-2820-11e6-8e55-d0552896d95d.png"> - **After** <img width="1030" alt="screen shot 2016-06-01 at 5 48 17 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730384/1b6c8a08-2821-11e6-89ae-7d054ec87c57.png"> <img width="1007" alt="screen shot 2016-06-01 at 5 48 31 pm" src="https://cloud.githubusercontent.com/assets/10060731/15730386/1ea6e42a-2821-11e6-9630-da2ca67970f0.png"> ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #947 from AhyoungRyu/ZEPPELIN-939 and squashes the following commits: |
||
|
Jongyoul Lee
|
43baa0af49 |
ZEPPELIN-925 Merge HiveInterpreter into JDBCInterpreter
### What is this PR for? This removes hive module and adds example setting for using Hive in a JdbcInterpreter by using loading dynamic dependencies. It reduces Zeppelin's binary size. There's no codes' modification except removing hive directory and remove the module from pom.xml ### What type of PR is it? [Feature] ### Todos * [x] - Remove hive module * [x] - Add an example for using Hive in JDBC ### What is the Jira issue? * https://issues.apache.org/jira/browse/ZEPPELIN-925 ### How should this be tested? Set the interpreter properties and test it ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Jongyoul Lee <jongyoul@gmail.com> Closes #943 from jongyoul/ZEPPELIN-925 and squashes the following commits: |
||
|
Prasad Wagle
|
bdc78da0e6 |
[ZEPPELIN-828] Use individual user credentials for data source authentication
### What is this PR for? The purpose of this pull request is to allow users to use their own credentials to authenticate with data sources. It contains the following: - web UI and rest API to let users input their credentials - changes to AuthenticationInfo to add data source credentials - changes to Paragraph to set data source credentials in AuthenticationInfo - changes to HiveInterpreter to use the user credentials and simplification to use a new connection for every query. We made this change since we found an issue with closed vertica connections. Since we are using HiveInterpreter for analytics, the cost of creating a new connection is small compared to query execution. We don't have to merge this change into master. ### What type of PR is it? Feature ### Todos * [x] - Save user credentials in a file * [x] - Do not persist AuthenticationInfo in paragraph since it contains sensitive information * [ ] - Add tests * [ ] - Add documentation ### What is the Jira issue? [ZEPPELIN-828] (https://issues.apache.org/jira/browse/ZEPPELIN-828) ### How should this be tested? 1. In conf/shiro.ini, use /** = authc 1. Login to Zeppelin 2. Enter credentials for a data source 3. Check if the interpreter is using the correct credentials ### Screenshots (if appropriate) https://gfycat.com/LiquidGentleKatydid ### Questions: * Does this needs documentation? Yes. Author: Prasad Wagle <pwagle@twitter.com> Closes #860 from prasadwagle/ZEPPELIN-828 and squashes the following commits: |
||
|
AhyoungRyu
|
aff2755eb7 |
Update/shiro docs
### What is this PR for? Currently, Zeppelin has two authentication docs. One is [**Authentication**](https://zeppelin.incubator.apache.org/docs/0.6.0-incubating-SNAPSHOT/security/authentication.html) and the other is [**Shiro Authentication**](https://zeppelin.incubator.apache.org/docs/0.6.0-incubating-SNAPSHOT/manual/shiroauthentication.html). As a user, it's little bit confused. So I changed the category of `shiroauthentication.md` file from `manual` to `security` and also changed the name of `Authentication` to `Authentication for NGINX`. Please see the below screenshot images :) ### What type of PR is it? Improvement ### Todos * [x] - Add `conf/shiro.ini` file to `.gitignore` * [x] - Update `zeppelin-login.png` screenshot image file in `shiroauthentication.md` * [x] - Change the category of `shiroauthentication.md` file from `manual` -> `security` * [x] - Change `Authentication` -> `Authentication for NGINX` ### What is the Jira issue? ### How should this be tested? ### Screenshots (if appropriate) 1. Updating zeppelin-login.png - before  - after <img width="1272" alt="zeppelin-login" src="https://cloud.githubusercontent.com/assets/10060731/15422244/812541e6-1eb2-11e6-89bc-ed635bc9aaa8.png"> 2. Changing the category of **Shiro Authentication** & Changing **Authentication** -> **Authentication for NGINX** - before  - after  ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: AhyoungRyu <fbdkdud93@hanmail.net> Closes #907 from AhyoungRyu/update/shiroDocs and squashes the following commits: |
||
|
Jesang Yoon
|
be8f476289 |
Revise documentation about basic authentication
### What is this PR for? Revised documentation about nginx authentication after receive few comments about it. Especially for users who using old version of nginx (older than 1.3) facing websocket failures when using zeppelin after follow instructions. I put more information for those users to encourage use of latest version of nginx if possible + fix few grammars for readability. ### What type of PR is it? Documentation Author: Jesang Yoon <yoonjs2@kanizsalab.com> Closes #877 from yoonjs2/nginx-auth-revised and squashes the following commits: |
||
|
hsshim
|
a63e034ba0 |
Fix nginx config to use single port for websocket and REST.
### What is this PR for? Zeppelin uses single port number for REST and websocket since 0.5.5 so It should be fixed nginx config to use single port for websocket and RESTAPI. ### What type of PR is it? Bug Fix | Documentation ### Todos * [x] - fix to use single port nubmer for websocket and REST. ### How should this be tested? Try to set up the nginx config to use single port number for websocket and REST. ### Screenshots (if appropriate)  ### Questions: * Does the licenses files need update? no * Is there breaking changes for older versions? no * Does this needs documentation? no Author: hsshim <astroshim@gmail.com> Closes #814 from astroshim/fix-nginx-config and squashes the following commits: |
||
|
Cheng-Yu Hsu
|
a313e492c4 |
Fix typos in docs
### What is this PR for?
1. Fix some typos in docs.
2. Remove trailing white spaces for each line.
3. Remove leading white spaces if a line contains no content.
4. Add trailing new line for each file.
### What type of PR is it?
Improvement | Documentation
### Todos
None
### What is the Jira issue?
N/A
### How should this be tested?
Build the doc site and check.
### Screenshots (if appropriate)
N/A
### Questions:
* Does the licenses files need update? *no*
* Is there breaking changes for older versions? *no*
* Does this needs documentation? *no*
Author: Cheng-Yu Hsu <m@cyhsu.me>
Closes #852 from cyhsutw/fix-typos-in-docs and squashes the following commits:
|
||
|
Jesang Yoon
|
79b2aa43af |
Add documentation about setup HTTP basic auth via NGINX
### What is this PR for? Provide a guide to setup basic authentication using NGINX with detailed instruction for users who wants to use NGINX as a separate authentication server. Shiro Security is preferred way to provide a basic authentication for future releases, but we may need to provide a way to workaround when user need other options. ### What type of PR is it? Documentation ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Jesang Yoon <yoonjs2@kanizsalab.com> Closes #775 from yoonjs2/add-nginx-auth-documentation and squashes the following commits: |
||
|
Prasad Wagle
|
738c10e211 |
Notebook Authorization
### What is this PR for? The goal of the PR is to add authorization for notebooks according to the design document [here] (https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20). The PR uses Shiro authentication. ### What type of PR is it? Feature ### Todos * [x] - Find way to get roles for a user in SecurityUtils (Not possible at the moment, see SHIRO-492) * [x] - Investigate how to use Shiro authorization * [x] - Use groups associated with user to determine if operation is permitted * [x] - Check if user has permissions to modify note permissions * [x] - Add checks in more NotebookServer operations * [x] - Improve UI (explain permissions, error messages) * [x] - Add unit tests * [x] - Documentation ### Is there a relevant Jira issue? ZEPPELIN-549 ### How should this be tested? 1. Enable Basic Auth Security by changing conf/shiro.ini. 1. Create a note. By default all operations are allowed by any authenticated user. 1. Update readers, writers and owners by clicking on the lock icon in the top right area. 1. Check if users can or cannot perform operations according to the permissions. ### Screenshots (if appropriate)  ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Prasad Wagle <pwagle@twitter.com> Closes #681 from prasadwagle/notebook_authorization and squashes the following commits: |
