[ZEPPELIN-2913] Support for both user and role for AuthorizationFilter#3004
Closed
prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
Closed
[ZEPPELIN-2913] Support for both user and role for AuthorizationFilter#3004prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
Conversation
Change-Id: I5a83e5701d22ac40b37cc8c3d4c9414ef007b99c
Contributor
Author
|
@zjffdu @VipinRathor can you help review this PR |
prabhjyotsingh
force-pushed
the
ZEPPELIN-2913
branch
from
29ab8b7 to
724192f
Compare
VipinRathor
reviewed
Jun 5, 2018
| * Basically, it's the same as {@link RolesAuthorizationFilter} but using {@literal OR} instead | ||
| * of {@literal AND} on the specified roles or user. | ||
| */ | ||
| public class AnyOfRolesUserAuthorizationFilter extends RolesAuthorizationFilter { |
Contributor
There was a problem hiding this comment.
@prabhjyotsingh how about updating AnyOfRolesAuthorizationFilter class instead of adding a new AnyOfRolesUserAuthorizationFilter?
Contributor
Author
There was a problem hiding this comment.
Sure, I've made the suggested changes.
…lter Change-Id: Idb3cf44a177522a6003e552660777dd57bcfabfd
Contributor
|
LGTM |
asfgit
pushed a commit
that referenced
this pull request
Jun 7, 2018
Currently, Zeppelin only supports roles for AuthorizationFilter, but there can be a condition as described in https://issues.apache.org/jira/browse/ZEPPELIN-2913 where Zeppelin's user does not belong to a group/role, and the administrator wants to have control using user only. [Feature] * [x] - Add documentation * https://issues.apache.org/jira/browse/ZEPPELIN-2913 add the following in shiro.ini: ``` [main] ... anyofroles = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter [urls] ... /api/interpreter/** = authc, anyofroles[admin, user1] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] ``` With the above config both user (user1) and users the belong to role admin will have access to interpreter setting page. Author: Prabhjyot Singh <[email protected]> Closes #3004 from prabhjyotsingh/ZEPPELIN-2913 and squashes the following commits: e05d72a [Prabhjyot Singh] rename AnyOfRolesAuthorizationFilter to AnyOfRolesUserAuthorizationFilter 724192f [Prabhjyot Singh] add doc 53c0c03 [Prabhjyot Singh] [ZEPPELIN-2913] support for both user and role Change-Id: I63cdebf66d76a67cfca0054283c7d1c65a9b5805 (cherry picked from commit d45d878) Signed-off-by: Prabhjyot Singh <[email protected]> # Conflicts: # zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesUserAuthorizationFilter.java
prabhjyotsingh
added a commit
to prabhjyotsingh/zeppelin
that referenced
this pull request
Jul 4, 2018
Currently, Zeppelin only supports roles for AuthorizationFilter, but there can be a condition as described in https://issues.apache.org/jira/browse/ZEPPELIN-2913 where Zeppelin's user does not belong to a group/role, and the administrator wants to have control using user only. [Feature] * [x] - Add documentation * https://issues.apache.org/jira/browse/ZEPPELIN-2913 add the following in shiro.ini: ``` [main] ... anyofroles = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter [urls] ... /api/interpreter/** = authc, anyofroles[admin, user1] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] ``` With the above config both user (user1) and users the belong to role admin will have access to interpreter setting page. Author: Prabhjyot Singh <[email protected]> Closes apache#3004 from prabhjyotsingh/ZEPPELIN-2913 and squashes the following commits: e05d72a [Prabhjyot Singh] rename AnyOfRolesAuthorizationFilter to AnyOfRolesUserAuthorizationFilter 724192f [Prabhjyot Singh] add doc 53c0c03 [Prabhjyot Singh] [ZEPPELIN-2913] support for both user and role Change-Id: I63cdebf66d76a67cfca0054283c7d1c65a9b5805 (cherry picked from commit d45d878) Signed-off-by: Prabhjyot Singh <[email protected]>
mckartha
pushed a commit
to syntechdev/zeppelin
that referenced
this pull request
Aug 9, 2018
Currently, Zeppelin only supports roles for AuthorizationFilter, but there can be a condition as described in https://issues.apache.org/jira/browse/ZEPPELIN-2913 where Zeppelin's user does not belong to a group/role, and the administrator wants to have control using user only. [Feature] * [x] - Add documentation * https://issues.apache.org/jira/browse/ZEPPELIN-2913 add the following in shiro.ini: ``` [main] ... anyofroles = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter [urls] ... /api/interpreter/** = authc, anyofroles[admin, user1] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] ``` With the above config both user (user1) and users the belong to role admin will have access to interpreter setting page. Author: Prabhjyot Singh <[email protected]> Closes apache#3004 from prabhjyotsingh/ZEPPELIN-2913 and squashes the following commits: e05d72a [Prabhjyot Singh] rename AnyOfRolesAuthorizationFilter to AnyOfRolesUserAuthorizationFilter 724192f [Prabhjyot Singh] add doc 53c0c03 [Prabhjyot Singh] [ZEPPELIN-2913] support for both user and role Change-Id: I63cdebf66d76a67cfca0054283c7d1c65a9b5805
mckartha
pushed a commit
to syntechdev/zeppelin
that referenced
this pull request
Aug 9, 2018
Currently, Zeppelin only supports roles for AuthorizationFilter, but there can be a condition as described in https://issues.apache.org/jira/browse/ZEPPELIN-2913 where Zeppelin's user does not belong to a group/role, and the administrator wants to have control using user only. [Feature] * [x] - Add documentation * https://issues.apache.org/jira/browse/ZEPPELIN-2913 add the following in shiro.ini: ``` [main] ... anyofroles = org.apache.zeppelin.utils.AnyOfRolesUserAuthorizationFilter [urls] ... /api/interpreter/** = authc, anyofroles[admin, user1] /api/configurations/** = authc, roles[admin] /api/credential/** = authc, roles[admin] ``` With the above config both user (user1) and users the belong to role admin will have access to interpreter setting page. Author: Prabhjyot Singh <[email protected]> Closes apache#3004 from prabhjyotsingh/ZEPPELIN-2913 and squashes the following commits: e05d72a [Prabhjyot Singh] rename AnyOfRolesAuthorizationFilter to AnyOfRolesUserAuthorizationFilter 724192f [Prabhjyot Singh] add doc 53c0c03 [Prabhjyot Singh] [ZEPPELIN-2913] support for both user and role Change-Id: I63cdebf66d76a67cfca0054283c7d1c65a9b5805 (cherry picked from commit d45d878) Signed-off-by: Prabhjyot Singh <[email protected]> # Conflicts: # zeppelin-server/src/main/java/org/apache/zeppelin/utils/AnyOfRolesUserAuthorizationFilter.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this PR for?
Currently, Zeppelin only supports roles for AuthorizationFilter, but there can be a condition as described in https://issues.apache.org/jira/browse/ZEPPELIN-2913 where Zeppelin's user does not belong to a group/role, and the administrator wants to have control using user only.
What type of PR is it?
[Feature]
Todos
What is the Jira issue?
How should this be tested?
add the following in shiro.ini:
With the above config both user (user1) and users the belong to role admin will have access to interpreter setting page.