shiro.ini 3.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
  1. #
  2. # Licensed to the Apache Software Foundation (ASF) under one or more
  3. # contributor license agreements. See the NOTICE file distributed with
  4. # this work for additional information regarding copyright ownership.
  5. # The ASF licenses this file to You under the Apache License, Version 2.0
  6. # (the "License"); you may not use this file except in compliance with
  7. # the License. You may obtain a copy of the License at
  8. #
  9. # http://www.apache.org/licenses/LICENSE-2.0
  10. #
  11. # Unless required by applicable law or agreed to in writing, software
  12. # distributed under the License is distributed on an "AS IS" BASIS,
  13. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14. # See the License for the specific language governing permissions and
  15. # limitations under the License.
  16. #
  17. [users]
  18. # List of users with their password allowed to access Zeppelin.
  19. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
  20. rabin = ilyxdd168, admin
  21. # Sample LDAP configuration, for user Authentication, currently tested for single Realm
  22. [main]
  23. ### A sample for configuring Active Directory Realm
  24. #activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm
  25. #activeDirectoryRealm.systemUsername = userNameA
  26. #use either systemPassword or hadoopSecurityCredentialPath, more details in http://zeppelin.apache.org/docs/latest/security/shiroauthentication.html
  27. #activeDirectoryRealm.systemPassword = passwordA
  28. #activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://file/user/zeppelin/zeppelin.jceks
  29. #activeDirectoryRealm.searchBase = CN=Users,DC=SOME_GROUP,DC=COMPANY,DC=COM
  30. #activeDirectoryRealm.url = ldap://ldap.test.com:389
  31. #activeDirectoryRealm.groupRolesMap = "CN=admin,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"admin","CN=finance,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"finance","CN=hr,OU=groups,DC=SOME_GROUP,DC=COMPANY,DC=COM":"hr"
  32. #activeDirectoryRealm.authorizationCachingEnabled = false
  33. ### A sample for configuring LDAP Directory Realm
  34. #ldapRealm = org.apache.zeppelin.realm.LdapGroupRealm
  35. ## search base for ldap groups (only relevant for LdapGroupRealm):
  36. #ldapRealm.contextFactory.environment[ldap.searchBase] = dc=COMPANY,dc=COM
  37. #ldapRealm.contextFactory.url = ldap://ldap.test.com:389
  38. #ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM
  39. #ldapRealm.contextFactory.authenticationMechanism = simple
  40. ### A sample PAM configuration
  41. #pamRealm=org.apache.zeppelin.realm.PamRealm
  42. #pamRealm.service=sshd
  43. ### A sample for configuring ZeppelinHub Realm
  44. #zeppelinHubRealm = org.apache.zeppelin.realm.ZeppelinHubRealm
  45. ## Url of ZeppelinHub
  46. #zeppelinHubRealm.zeppelinhubUrl = https://www.zeppelinhub.com
  47. #securityManager.realms = $zeppelinHubRealm
  48. sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
  49. ### If caching of user is required then uncomment below lines
  50. #cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
  51. #securityManager.cacheManager = $cacheManager
  52. securityManager.sessionManager = $sessionManager
  53. # 86,400,000 milliseconds = 24 hour
  54. securityManager.sessionManager.globalSessionTimeout = 86400000
  55. shiro.loginUrl = /api/login
  56. [roles]
  57. admin = *
  58. [urls]
  59. # This section is used for url-based security.
  60. # You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide.
  61. # anon means the access is anonymous.
  62. # authc means Form based Auth Security
  63. # To enfore security, comment the line below and uncomment the next one
  64. /api/version = anon
  65. #/api/interpreter/** = authc, roles[admin]
  66. #/api/configurations/** = authc, roles[admin]
  67. #/api/credential/** = authc, roles[admin]
  68. #/** = anon
  69. /** = authc