Overview
Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. In this documentation, we will explain step by step how Shiro works for Zeppelin notebook authentication.
Security Setup
1. Secure the HTTP channel
To secure the HTTP channel, you have to change both anon and authc settings in conf/shiro.ini. In here, anon means "the access is anonymous" and authc means "formed auth security".
Deactivate the line "/** = anon" and activate the line "/** = authc" in conf/shiro.ini file.
vi /zeppelin-0.6.2-bin-all/conf/shiro.ini
2. Secure the Websocket channel
Set to property zeppelin.anonymous.allowed to false in conf/zeppelin-site.xml. If you don't have this file yet, just copy conf/zeppelin-site.xml.template to conf/zeppelin-site.xml.
vi /zeppelin-0.6.2-bin-all/conf/zeppelin.site.xml
3. Start Zeppelin
bin/zeppelin-daemon.sh start (or restart)
Then you can browse Zeppelin at http://localhost:8080.
4. Login
Finally, you can login using one of the below username/password combinations.
Zeppelin Notebook Authorization
Authorization Setting
You can set Zeppelin notebook permissions in each notebooks. Of course only notebook owners can change this configuration. Just click Lock icon and open the permission setting page in your notebook.
Fill out the each forms with comma seperated users and groups configured in conf/shiro.ini file. If the form is empty (*), it means that any users can perform that operation.
参考网址: