Skip to content

Commit 529ab3e

Browse files
prabhjyotsinghprabhjyotsingh
committed
ZEPPELIN-3526: Zeppelin auth mechanisms (LDAP or password based) should be mutually exclusive
Change-Id: I9e0602c41462997c14a2dbb7378489ffab3ca0b4
1 parent 663918c commit 529ab3e

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,12 @@
1616
*/
1717
package org.apache.zeppelin.server;
1818

19+
import java.util.Collection;
1920
import org.apache.commons.lang.StringUtils;
21+
import org.apache.shiro.realm.Realm;
22+
import org.apache.shiro.realm.text.IniRealm;
2023
import org.apache.shiro.web.env.EnvironmentLoaderListener;
24+
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
2125
import org.apache.shiro.web.servlet.ShiroFilter;
2226
import org.eclipse.jetty.http.HttpVersion;
2327
import org.eclipse.jetty.server.HttpConfiguration;
@@ -98,6 +102,21 @@ public class ZeppelinServer extends Application {
98102

99103
public ZeppelinServer() throws Exception {
100104
ZeppelinConfiguration conf = ZeppelinConfiguration.create();
105+
Collection<Realm> realms = ((DefaultWebSecurityManager) org.apache.shiro.SecurityUtils
106+
.getSecurityManager()).getRealms();
107+
if (realms.size() > 1) {
108+
Boolean isIniRealmEnabled = false;
109+
for (Object realm : realms) {
110+
if (realm instanceof IniRealm && ((IniRealm) realm).getIni().get("users") != null) {
111+
isIniRealmEnabled = true;
112+
break;
113+
}
114+
}
115+
if (isIniRealmEnabled) {
116+
throw new Exception("IniRealm/password based auth mechanisms should be exclusive. "
117+
+ "Consider removing [users] block from shiro.ini");
118+
}
119+
}
101120

102121
InterpreterOutput.limit = conf.getInt(ConfVars.ZEPPELIN_INTERPRETER_OUTPUT_LIMIT);
103122

0 commit comments

Comments
 (0)