Add more JDBC Driver docs & Maven repo urls for other examples #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
1 task
1ambda
pushed a commit
that referenced
this pull request
Nov 21, 2016
…Provides LdapRealm Functionality similar to Apache Knox
### What is this PR for?
ZEPPELIN-1472 - Create new LdapRealm based on Apache Knox LdapRealm: Provides LdapRealm Functionality similar to what Apache Knox provides. This is critical as in large enterprise environments Active Directory Global Catalogs are used for lookup with samAccountName and using a DN Template is not an option as their are multiple OUs. Also searching on "userPrincipalName" is risky in an AD environment since the explicit UPN vs Implicit UPN can be different this is definitely the case with environments using Office 365. And the LDAP userPrincipalName attribute is the explicit UPN which can be defined by the directory administrator to any value and it can be duplicated. SamAccountName is unique per domain and Microsoft states best practice is to not allow duplicate samAccountName's across the forest.
In addition to the above changes I have adjusted and moved the LdapGroupRealm and ActiveDirectoryGroupRealm into the org.apache.zeppelin.realm package structure to make all Realm's consistent.
The LdapRealm class also works with role to group mapping for usage within Zeppelin for notebook authorization.
I have adjusted SecurityUtils to use ClassName vs realmName in determining what to use as you may have companies that decide to use their own custom realmname in shiro.ini and may not realize you cannot so using className is much safer.
Example - SecurityUtils
String name = realm.getClass().getName();
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
allRoles = ((IniRealm) realm).getIni().get("roles");
break;
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
allRoles = ((LdapRealm) realm).getListRoles();
break;
}
Example - SecurityRestApi:
String name = realm.getClass().getName();
if (LOG.isDebugEnabled()) {
LOG.debug("RealmClass.getName: " + name);
}
if (name.equals("org.apache.shiro.realm.text.IniRealm")) {
usersList.addAll(getUserListObj.getUserList((IniRealm) realm));
rolesList.addAll(getUserListObj.getRolesList((IniRealm) realm));
} else if (name.equals("org.apache.zeppelin.realm.LdapGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((JndiLdapRealm) realm, searchText));
} else if (name.equals("org.apache.zeppelin.realm.LdapRealm")) {
usersList.addAll(getUserListObj.getUserList((LdapRealm) realm, searchText));
rolesList.addAll(getUserListObj.getRolesList((LdapRealm) realm));
} else if (name.equals("org.apache.zeppelin.realm.ActiveDirectoryGroupRealm")) {
usersList.addAll(getUserListObj.getUserList((ActiveDirectoryGroupRealm) realm,
searchText));
} else if (name.equals("org.apache.shiro.realm.jdbc.JdbcRealm")) {
usersList.addAll(getUserListObj.getUserList((JdbcRealm) realm));
}
Please see feedback from previous PRs related to this JIRA:
apache#1513
### What type of PR is it?
[Improvement]
### Todos
* [ ] - Task
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1472
### How should this be tested?
Update shiro.ini to use configuration similar to below:
# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
ldapADGCRealm = org.apache.zeppelin.realm.LdapRealm
ldapADGCRealm.contextFactory.systemUsername = CN=hdplookup,OU=hadoop,DC=hdpusr,DC=senia,DC=org
ldapADGCRealm.contextFactory.systemPassword = ldapBindPassword
ldapADGCRealm.searchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.userSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.groupSearchBase = dc=hdpusr,dc=senia,dc=org
ldapADGCRealm.authorizationEnabled = true
ldapADGCRealm.contextFactory.url = ldap://seniadc1.hdpusr.senia.org:3268
ldapADGCRealm.userSearchAttributeName = sAMAccountName
ldapADGCRealm.contextFactory.authenticationMechanism = simple
ldapADGCRealm.groupObjectClass = group
ldapADGCRealm.memberAttribute = member
ldapADGCRealm.rolesByGroup = hdpeng: admin, \
hadoopusers: user
securityManager.realms = $ldapADGCRealm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $cacheManager
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
# 'admin' role has all permissions, indicated by the wildcard '*'
admin = *
user = *
[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# authc means Form based Auth Security
# To enfore security, comment the line below and uncomment the next one
#/api/version = anon
#/** = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/api/login = authc
/api/login/logout = authc
/api/security/ticket = authc
/** = authc, roles[admin, user]
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? n
* Is there breaking changes for older versions? n
* Does this needs documentation? y
merge latest commits
Author: gss2002 <[email protected]>
Author: gss2002 <[email protected]>
Closes apache#1614 from gss2002/ZEPPELIN-1472 and squashes the following commits:
d6a7cea [gss2002] ZEPPELIN-1472 - LdapRealm Additions based on Knox LdapRealm and support of using roles with LdapRealms. Also adjusted to use className and not actual name of the realm in shiro.ini. As using realmName in code could cause problems for people who want to use alternate names. Also migrated the LdapGroupRealm and ActiveDirectoryRealm to org.apache.zeppelin.realm packages per a recommendation.
1702cc5 [gss2002] Merge pull request #1 from apache/master
1ambda
pushed a commit
that referenced
this pull request
Nov 28, 2016
### What is this PR for?
This Good Practice Guide promotes the usage of `ng-bind` instead of the classic `{{}}` syntax, to have a performance boost.
### What type of PR is it?
Documentation
### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-1495
### How should this be tested?
Outline the steps to test the PR here.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
Author: Damien CORNEAU <[email protected]>
Closes apache#1463 from corneadoug/ZEPPELIN-1495 and squashes the following commits:
102b62b [Damien CORNEAU] Add small update to Guide #1
23e64dc [Damien CORNEAU] Fix escaping of angular {{}}
c420d8a [Damien CORNEAU] Add Good Practice #4
1ambda
pushed a commit
that referenced
this pull request
Dec 14, 2016
### What is this PR for? This PR is for making docker images for zeppelin releases. It contains a script for building image for each release. Another script is used for publishing images to zeppelin Dockerhub account. This repo, https://github.com/mfelgamal/zeppelin-dockers, is a demonstration of this PR. It contains zeppelin-base image and an image for each zeppelin release. ### What type of PR is it? [Feature] ### Todos - Review Comments - Documentation ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-1386 ### How should this be tested? - run create_release script or publish_release script. ### Screenshots (if appropriate) ### Questions: - Does the licenses files need update? no - Is there breaking changes for older versions? no - Does this needs documentation? yes Author: mahmoudelgamal <[email protected]> Author: mfelgamal <[email protected]> Author: Mahmoud Elgamal <[email protected]> Author: 1ambda <[email protected]> Closes apache#1538 from mfelgamal/zeppelin-dockers and squashes the following commits: cc8493f [Mahmoud Elgamal] Merge pull request #3 from 1ambda/fix/remove-startzeppelinsh d48ecef [1ambda] fix: Remove start-zeppelin.sh b64c680 [mahmoudelgamal] Remove gcc and g++ for decreasing the size 1f093d4 [mahmoudelgamal] Add script start-zeppelin to zeppelin-base d2c744e [mahmoudelgamal] add scala to zeppelin-base fd23970 [mahmoudelgamal] remove bash erorr message. e1d4b77 [mahmoudelgamal] add R and python to zeppelin-base e731cb4 [mahmoudelgamal] Add java-cacerts to zeppelin-base e642309 [mahmoudelgamal] Add documentation and some modifications 231a414 [mahmoudelgamal] Add zeppelin-base image ac06f3a [mahmoudelgamal] Make docker image for zeppelin release 48d0a01 [mfelgamal] Merge pull request #1 from apache/master
1ambda
pushed a commit
that referenced
this pull request
Jan 8, 2017
### What is this PR for? remove org.apache.spark.sql.hive.HiveSharedState class check because it has been removed since spark 2.1.x ### What type of PR is it? [Bug Fix ] ### What is the Jira issue? [ZEPPELIN-1909](https://issues.apache.org/jira/browse/ZEPPELIN-1909) Author: lichenglin <[email protected]> Closes apache#1856 from lichenglin/master and squashes the following commits: 60c3c04 [lichenglin] Merge pull request #1 from lichenglin/lichenglin-patch-1 3f90485 [lichenglin] make hive enable under spark 2.1.0
1ambda
pushed a commit
that referenced
this pull request
Aug 14, 2017
…y '.' can not be found in docker environment ### What is this PR for? shell interpreter complained that working directory '.' can not be found in docker environment. I add a line of code to set current working directory to USER`s home, and it works. ### What type of PR is it? Bug Fix ### Todos * tests ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-2841 ### How should this be tested? run shell interpreter`s test units ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? No * Does this needs documentation? No Author: Shu Jiaming <[email protected]> Author: 束佳明 <[email protected]> Closes apache#2521 from vistep/master and squashes the following commits: 34a0049 [Shu Jiaming] ZEPPELIN-2841 fix a bug where shell interpreter complained that working directory '.' can not be found while zeppelin was running in docker enviroment. d02104a [束佳明] Merge pull request #1 from apache/master
1ambda
pushed a commit
that referenced
this pull request
Aug 31, 2017
###What is this PR for? in save-as.service.js, if we use URI Data scheme, we could only contain 2MB data in chrome. using the createObjectURL and File API's blob feature, i managed to upgrade the capacity to about 900MB. plus this update is better in debugging too. if we exceed the 2MB limit in URI data scheme, the download just failed with no accurate console log originally, so it was kinda hard to know why this happens. But using this technique, if it exceeds the 900MB limit, the console log points directly about what the problem is. like this : Uncaught RangeError: Failed to construct 'Blob': Array length exceeds supported limit. https://github.com/apache/zeppelin/blob/master/zeppelin-web/src/app/notebook/save-as/save-as.service.js ###What type of PR is it? Improvement ###Todos nothing more i guess ###What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-2850 ###How should this be tested? open zeppelin using chrome. make a table by select, then download it by csv or tsv. the table should be BIG, like really big, (but not that big for companies, which is my case) to test. in the original version if the whole data exceeds 2MB, you could see that the download fails. but using my script, it doesn't fail until it reaches about 900MB~1GB, which is a tremendous improvement. ###Screenshots (if appropriate) i'll post it later if you really need it. but i'm pretty sure you guys know what i'm talking about :) ###Questions: Does the licenses files need update? no (i guess) Is there breaking changes for older versions? no Does this needs documentation? maybe? Author: imnotkind <[email protected]> Closes apache#2532 from imnotkind/master and squashes the following commits: 075c4ec [imnotkind] Update save-as.service.js db778b1 [imnotkind] Merge pull request #1 from imnotkind/imnotkind-patch-1 e9ad52e [imnotkind] Update save-as.service.js
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.