astroshim
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 11 additions & 5 deletions b/‎CONTRIBUTING.md‎
Lines changed: 11 additions & 5 deletions
diff --git a/‎SECURITY-README.md‎
Lines changed: 43 additions & 0 deletions b/‎SECURITY-README.md‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎conf/shiro.ini‎
Lines changed: 33 additions & 0 deletions b/‎conf/shiro.ini‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎conf/zeppelin-site.xml.template‎
Lines changed: 6 additions & 0 deletions b/‎conf/zeppelin-site.xml.template‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎dev/create_release.sh‎
Lines changed: 1 addition & 1 deletion b/‎dev/create_release.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/index.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/index.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ignite/src/main/java/org/apache/zeppelin/ignite/IgniteInterpreter.java‎
Lines changed: 1 addition & 0 deletions b/‎ignite/src/main/java/org/apache/zeppelin/ignite/IgniteInterpreter.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎ignite/src/main/java/org/apache/zeppelin/ignite/IgniteSqlInterpreter.java‎
Lines changed: 2 additions & 0 deletions b/‎ignite/src/main/java/org/apache/zeppelin/ignite/IgniteSqlInterpreter.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎lens/src/main/java/org/apache/zeppelin/lens/LensInterpreter.java‎
Lines changed: 2 additions & 1 deletion b/‎lens/src/main/java/org/apache/zeppelin/lens/LensInterpreter.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lens/src/main/java/org/apache/zeppelin/lens/LensJLineShellComponent.java‎
Lines changed: 6 additions & 1 deletion b/‎lens/src/main/java/org/apache/zeppelin/lens/LensJLineShellComponent.java‎
Lines changed: 6 additions & 1 deletion
@@ -68,7 +68,8 @@ Here are some things you will need to build and test Zeppelin.
 
 ### Software Configuration Management (SCM)
 
-Zeppelin uses Git for its SCM system. Hosted by github.com. `https://github.com/apache/incubator-zeppelin` you'll need git client installed in your development machine.
+Zeppelin uses Git for its SCM system. `http://git.apache.org/incubator-zeppelin.git` you'll need git client installed in your development machine.
+For write access, `https://git-wip-us.apache.org/repos/asf/incubator-zeppelin.git`
 
 ### Integrated Development Environment (IDE)
 
@@ -114,26 +115,31 @@ To build the code, install
  * Apache Maven
 
 ## Getting the source code
-First of all, you need the Zeppelin source code. The official location for Zeppelin is [https://github.com/apache/incubator-zeppelin](https://github.com/apache/incubator-zeppelin)
+First of all, you need the Zeppelin source code. The official location for Zeppelin is [http://git.apache.org/incubator-zeppelin.git](http://git.apache.org/incubator-zeppelin.git).
 
 ### git access
 
 Get the source code on your development machine using git.
 
 ```
-git clone git@github.com:apache/incubator-zeppelin.git zeppelin
+git clone http://git.apache.org/incubator-zeppelin.git zeppelin
 ```
 
 You may also want to develop against a specific release. For example, for branch-0.1
 
 ```
-git clone -b branch-0.1 git@github.com:apache/incubator-zeppelin.git zeppelin
+git clone -b branch-0.1 http://git.apache.org/incubator-zeppelin.git zeppelin
 ```
 
+or with write access
+
+```
+git clone https://git-wip-us.apache.org/repos/asf/incubator-zeppelin.git
+```
 
 ### Fork repository
 
-If you want not only build Zeppelin but also make change, then you need fork Zeppelin repository and make pull request.
+If you want not only build Zeppelin but also make change, then you need fork Zeppelin github mirror repository (https://github.com/apache/incubator-zeppelin) and make pull request.
 
 
 ## Build
 
@@ -0,0 +1,43 @@
+<!--
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+# Shiro Authentication
+To connect to Zeppelin, users will be asked to enter their credentials. Once logged, a user has access to all notes including other users notes.
+This a a first step toward full security as implemented by this pull request (https://github.com/apache/incubator-zeppelin/pull/53).
+
+# Security setup
+1. Secure the HTTP channel: Comment the line "/** = anon" and uncomment the line "/** = authcBasic" in the file conf/shiro.ini. Read more about he shiro.ini file format at the following URL http://shiro.apache.org/configuration.html#Configuration-INISections.  
+2. Secure the Websocket channel : Set to property "zeppelin.anonymous.allowed" to "false" in the file conf/zeppelin-site.xml. You can start by renaming conf/zeppelin-site.xml.template to conf/zeppelin-site.xml
+3. Start Zeppelin : bin/zeppelin.sh
+4. point your browser to http://localhost:8080
+5. Login using one of the user/password combinations defined in the conf/shiro.ini file.
+
+# Implementation notes
+## Vocabulary
+username, owner and principal are used interchangeably to designate the currently authenticated user
+## What are we securing ?
+Zeppelin is basically a web application that spawn remote interpreters to run commands and return HTML fragments to be displayed on the user browser.
+The scope of this PR is to require credentials to access Zeppelin. To achieve this, we use Apache Shiro. 
+## HTTP Endpoint security
+Apache Shiro sits as a servlet filter between the browser and the exposed services and handles the required authentication without any programming required. (See Apache Shiro for more info).
+## Websocket security
+Securing the HTTP endpoints is not enough, since Zeppelin also communicates with the browser through websockets. To secure this channel, we take the following approach:
+1. The browser on startup requests a ticket through HTTP
+2. The Apache Shiro Servlet filter handles the user auth
+3. Once the user is authenticated, a ticket is assigned to this user and the ticket is returned to the browser
+
+All websockets communications require the username and ticket  to be submitted by the browser. Upon receiving a websocket message, the server checks that the ticket received is the one assigned to the username through the HTTP request (step 3 above).
+
+
+ 
@@ -0,0 +1,33 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+[users]
+# List of users with their password allowed to access Zeppelin.
+# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
+admin = password1
+user1 = password2
+user2 = password3
+
+
+[urls]
+
+# anon means the access is anonymous.
+# authcBasic means Basic Auth Security
+# To enfore security, comment the line below and uncomment the next one
+/** = anon
+#/** = authcBasic
+
@@ -180,5 +180,11 @@
   <description>Allowed sources for REST and WebSocket requests (i.e. http://onehost:8080,http://otherhost.com). If you leave * you are vulnerable to https://issues.apache.org/jira/browse/ZEPPELIN-173</description>
 </property>
 
+<property>
+  <name>zeppelin.anonymous.allowed</name>
+  <value>true</value>
+  <description>Anonymous user allowed by default</description>
+</property>
+
 </configuration>
 
@@ -125,7 +125,7 @@ function make_binary_release() {
     rm -rf ${WORKING_DIR}/zeppelin-${RELEASE_NAME}-bin-${BIN_RELEASE_NAME}
 }
 
-make_binary_release all "-Pspark-1.5 -Phadoop-2.4 -Pyarn -Ppyspark"
+make_binary_release all "-Pspark-1.6 -Phadoop-2.4 -Pyarn -Ppyspark"
 
 # remove non release files and dirs
 rm -rf ${WORKING_DIR}/zeppelin
 
@@ -117,7 +117,7 @@ This way, you can easily embed it as an iframe inside of your website.</p>
 <br />
 ### 100% Opensource
 
-Apache Zeppelin (incubating) is Apache2 Licensed software. Please check out the [source repository](https://github.com/apache/incubator-zeppelin) and [How to contribute](./development/howtocontribute.html)
+Apache Zeppelin (incubating) is Apache2 Licensed software. Please check out the [source repository](http://git.apache.org/incubator-zeppelin.git) and [How to contribute](./development/howtocontribute.html)
 
 Zeppelin has a very active development community.
 Join the [Mailing list](./community.html) and report issues on our [Issue tracker](https://issues.apache.org/jira/browse/ZEPPELIN).
 
@@ -211,6 +211,7 @@ private Ignite getIgnite() {
 
         initEx = null;
       } catch (Exception e) {
+        logger.error("Error in IgniteInterpreter while getIgnite: " , e);
         initEx = e;
       }
     }
 
@@ -154,6 +154,7 @@ public InterpreterResult interpret(String st, InterpreterContext context) {
         }
       }
     } catch (Exception e) {
+      logger.error("Exception in IgniteSqlInterpreter while InterpreterResult interpret: ", e);
       return IgniteInterpreterUtils.buildErrorResult(e);
     } finally {
       curStmt = null;
@@ -169,6 +170,7 @@ public void cancel(InterpreterContext context) {
         curStmt.cancel();
       } catch (SQLException e) {
         // No-op.
+        logger.info("No-op while cancel in IgniteSqlInterpreter", e);
       } finally {
         curStmt = null;
       }
 
@@ -128,7 +128,7 @@ public LensInterpreter(Properties property) {
       s_logger.info("LensInterpreter created");
     }
     catch (Exception e) {
-      e.printStackTrace();
+      s_logger.error(e.toString(), e);
       s_logger.error("unable to create lens interpreter", e);
     }
   }
@@ -375,6 +375,7 @@ public void cancel(InterpreterContext context) {
         closeShell(s_paraToQH.get(context.getParagraphId()).getShell());
       } catch (Exception e) {
         // ignore
+        s_logger.info("Exception in LensInterpreter while cancel finally, ignore", e);
       }
       s_paraToQH.remove(context.getParagraphId());
       closeShell(shell);
 
@@ -17,6 +17,9 @@
 
 import java.util.Map;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.BeanFactoryUtils;
 import org.springframework.beans.factory.InitializingBean;
@@ -56,6 +59,8 @@ public class LensJLineShellComponent extends JLineShell
   private ExecutionStrategy executionStrategy = new LensSimpleExecutionStrategy();
   private SimpleParser parser = new SimpleParser();
 
+  private static final Logger LOGGER = LoggerFactory.getLogger(LensJLineShellComponent.class);
+
   public SimpleParser getSimpleParser() {
     return parser;
   }
@@ -123,7 +128,7 @@ public void waitForComplete() {
     try {
       shellThread.join();
     } catch (InterruptedException e) {
-      e.printStackTrace();
+      LOGGER.error(e.toString(), e);
     }
   }
Original file line number	Diff line number	Diff line change
`@@ -125,7 +125,7 @@ function make_binary_release() {`
`125`	`125`	`rm -rf ${WORKING_DIR}/zeppelin-${RELEASE_NAME}-bin-${BIN_RELEASE_NAME}`
`126`	`126`	`}`
`127`	`127`
`128`		`-make_binary_release all "-Pspark-1.5 -Phadoop-2.4 -Pyarn -Ppyspark"`
	`128`	`+make_binary_release all "-Pspark-1.6 -Phadoop-2.4 -Pyarn -Ppyspark"`
`129`	`129`
`130`	`130`	`# remove non release files and dirs`
`131`	`131`	`rm -rf ${WORKING_DIR}/zeppelin`
Original file line number	Diff line number	Diff line change
`@@ -211,6 +211,7 @@ private Ignite getIgnite() {`
`211`	`211`
`212`	`212`	`initEx = null;`
`213`	`213`	`} catch (Exception e) {`
	`214`	`+ logger.error("Error in IgniteInterpreter while getIgnite: " , e);`
`214`	`215`	`initEx = e;`
`215`	`216`	`}`
`216`	`217`	`}`
Original file line number	Diff line number	Diff line change
`@@ -154,6 +154,7 @@ public InterpreterResult interpret(String st, InterpreterContext context) {`
`154`	`154`	`}`
`155`	`155`	`}`
`156`	`156`	`} catch (Exception e) {`
	`157`	`+ logger.error("Exception in IgniteSqlInterpreter while InterpreterResult interpret: ", e);`
`157`	`158`	`return IgniteInterpreterUtils.buildErrorResult(e);`
`158`	`159`	`} finally {`
`159`	`160`	`curStmt = null;`
`@@ -169,6 +170,7 @@ public void cancel(InterpreterContext context) {`
`169`	`170`	`curStmt.cancel();`
`170`	`171`	`} catch (SQLException e) {`
`171`	`172`	`// No-op.`
	`173`	`+ logger.info("No-op while cancel in IgniteSqlInterpreter", e);`
`172`	`174`	`} finally {`
`173`	`175`	`curStmt = null;`
`174`	`176`	`}`
Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,7 @@ public LensInterpreter(Properties property) {`
`128`	`128`	`s_logger.info("LensInterpreter created");`
`129`	`129`	`}`
`130`	`130`	`catch (Exception e) {`
`131`		`- e.printStackTrace();`
	`131`	`+ s_logger.error(e.toString(), e);`
`132`	`132`	`s_logger.error("unable to create lens interpreter", e);`
`133`	`133`	`}`
`134`	`134`	`}`
`@@ -375,6 +375,7 @@ public void cancel(InterpreterContext context) {`
`375`	`375`	`closeShell(s_paraToQH.get(context.getParagraphId()).getShell());`
`376`	`376`	`} catch (Exception e) {`
`377`	`377`	`// ignore`
	`378`	`+ s_logger.info("Exception in LensInterpreter while cancel finally, ignore", e);`
`378`	`379`	`}`
`379`	`380`	`s_paraToQH.remove(context.getParagraphId());`
`380`	`381`	`closeShell(shell);`