[jira] [Created] (ZEPPELIN-3061) Zeppelin's SecurityUtils.getRoles() is not retreiving roles from Shiro's doGetAuthorizationInfo() for a custom realm.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Created] (ZEPPELIN-3061) Zeppelin's SecurityUtils.getRoles() is not retreiving roles from Shiro's doGetAuthorizationInfo() for a custom realm.

JIRA jira@apache.org
Jithin Chandran created ZEPPELIN-3061:
-----------------------------------------

             Summary: Zeppelin's SecurityUtils.getRoles() is not retreiving roles from Shiro's doGetAuthorizationInfo() for a custom realm.
                 Key: ZEPPELIN-3061
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-3061
             Project: Zeppelin
          Issue Type: Bug
            Reporter: Jithin Chandran


On logging in to Zeppelin, SecurityUtils.getRoles() method is called to retreive the principal and role details. However, the getRoles() method is currently checking and retreiving the roles only if the classname equals "org.apache.shiro.realm.text.IniRealm", or "org.apache.zeppelin.realm.LdapRealm", or "org.apache.zeppelin.realm.ActiveDirectoryGroupRealm".

In the case of a Shiro CAS implementation with a custom realm, the doGetAuthorizationInfo(PrincipalCollection principals) is overriden, and the roles are retreived from the method which are present in principals as attributes. Since the SecurityUtils.getRoles() method is always checking for the classnames with the above mentioned 3 classes, the method is always returning roles as an empty list, regardless of the fact that the roles are present within the Subject in the custom realm.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)