[GitHub] zeppelin pull request #2402: [ZEPPELIN-2636] User role lookup via interfaces

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin pull request #2402: [ZEPPELIN-2636] User role lookup via interfaces

zjffdu
GitHub user volumeint opened a pull request:

    https://github.com/apache/zeppelin/pull/2402

    [ZEPPELIN-2636] User role lookup via interfaces

    ### What is this PR for?
    Adds an interface (UserLookup) that a realm can implement to support looking up users and roles.  This makes it easier to implement a Realm and allows Zeppelin to ask the configured realms for user and role information without having to know which implementation of Realm that it is interacting with.  The pre-exising lookup code that was contained in GetUserList.java has been moved into the Realm implementations.
    This PR includes a change to SecurityUtils to allow it to get the Roles of the currently authenticated user regardless of Realm used.  
    This PR also includes an endpoint /xlogin to make it easier to configure shiro to work with indirect authorization (eXternal login) like OAuth or OpenID through buji-pac4j.  
    This PR expands the shiro security coverage to the entire application (/*).  It previously only covered /api/*.
   
    ### What type of PR is it?
    Improvement
   
    ### Todos
    * [ ] -
   
    ### What is the Jira issue?
    [ZEPPELIN-2636] - https://issues.apache.org/jira/browse/ZEPPELIN-2636
   
    ### How should this be tested?
    Configure shiro.ini to use the various realms (Ini, Jdbc, Pam, etc).  Verify that the user and role lookup functionality used for notebook sharing still works.  I've been checking /api/security/userlist/<searchtext>
   
    ### Screenshots (if appropriate)
    N/A
   
    ### Questions:
    * Does the licenses files need update? No
    * Is there breaking changes for older versions?  using the stock shiro JdbcRealm, you won't be able to lookup users and roles... Transition to org.apache.zeppelin.realms.JdbcRealm.  
    * Does this needs documentation?


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/volumeint/zeppelin user-role-lookup-via-interfaces

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2402.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2402
   
----
commit 19500d5c7ea92caf477f9fdf6cf07791b6666825
Author: Thomas Grant <[hidden email]>
Date:   2017-05-03T15:41:01Z

    ZEPPELIN-2268. Adding png and jpg support for helium module imports.

commit c736dbed0b47cf5262e47422863d2950298356a1
Author: Thomas Grant <[hidden email]>
Date:   2017-05-03T15:45:26Z

    Merge branch 'master' of https://github.com/apache/zeppelin

commit 672b789d796442f3f6500f8b9ab1ff168a3737f5
Author: Thomas Grant <[hidden email]>
Date:   2017-05-04T13:47:15Z

    Merge branch 'master' of https://github.com/apache/zeppelin

commit c50f9f8f6c3fa88de58de33f8f7e336ad367128e
Author: Thomas Grant <[hidden email]>
Date:   2017-06-05T16:25:54Z

    Merge branch 'master' of https://github.com/apache/zeppelin

commit 23f6caa5bccefaac47a45227620d006ea489550f
Author: Thomas Grant <[hidden email]>
Date:   2017-06-07T16:40:17Z

    Using UserLookup interface to query realms for users and roles.

commit e14b221b5877272d1ce453d1b470468b88985a5d
Author: Thomas Grant <[hidden email]>
Date:   2017-06-09T02:20:15Z

    Using java.security.Principal.getName() if appropriate

commit 0d31b446e508ec6421d8705c85df573a2aece9b7
Author: Thomas Grant <[hidden email]>
Date:   2017-06-09T02:21:14Z

    Securing the entire application, not just /api/*

commit 2f87887860aaca9f03e206898687758ac20cdae8
Author: Thomas Grant <[hidden email]>
Date:   2017-06-09T19:02:40Z

    Adding a browser endpoint that can be protected by shiro.ini to trigger indirect login attempts

commit 14c27ecaa414f9b733ea75e24bfb12f0d94259c3
Author: Thomas Grant <[hidden email]>
Date:   2017-06-09T19:45:52Z

    Merge branch 'master' of https://github.com/apache/zeppelin

commit e45cd234f89b9e51bbc114af4060d39b3b740323
Author: Thomas Grant <[hidden email]>
Date:   2017-06-09T19:47:38Z

    Merge remote-tracking branch 'origin/master' into user-role-lookup-via-interfaces

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---
Reply | Threaded
Open this post in threaded view
|

[GitHub] zeppelin issue #2402: [ZEPPELIN-2636] User role lookup via interfaces

zjffdu
Github user jongyoul commented on the issue:

    https://github.com/apache/zeppelin/pull/2402
 
    Thanks for contribution. I suggest you'd better divide this PR into three or more different PRs as you mentioned in description. This PR includes many changes. I hope every PR changes as small as possible. Can you do that? And there's no test. If you add some tests, it makes your implementation concrete and easy to understand what you want to change.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [hidden email] or file a JIRA ticket
with INFRA.
---