zeppelin-shiro.ini

1. [main]
2. ldapRealm=org.apache.zeppelin.realm.LdapRealm
3. ldapRealm.contextFactory.authenticationMechanism=simple
4. ldapRealm.contextFactory.url=ldap://10.252.143.193:389
5. ldapRealm.userDnTemplate=uid={0},ou=people,dc=gwmedc,dc=com
6. ldapRealm.pagingSize = 200
7. ldapRealm.authorizationEnabled=true
8. ldapRealm.searchBase=dc=gwmedc,dc=com
9. ldapRealm.userSearchBase = ou=people,dc=gwmedc,dc=com
10. ldapRealm.groupSearchBase = ou=group,dc=gwmedc,dc=com
11. ldapRealm.groupObjectClass=posixGroup
12. ldapRealm.userLowerCase = true
13. ldapRealm.memberAttribute = memberuid
14. ldapRealm.groupSearchFilter=(&(objectClass=posixGroup)(memberuid={0}))
15. ldapRealm.userSearchScope = subtree
16. ldapRealm.groupSearchScope = subtree
17. ldapRealm.contextFactory.systemUsername= cn=admin,dc=gwmedc,dc=com
18. ### 我的cn=admin,dc=domain,dc=com密码设置的是admin，这里需要替换成用户自己设置的密码
19. ldapRealm.contextFactory.systemPassword = admin
20. ldapRealm.groupSearchEnableMatchingRuleInChain = false
21. ### 将Ldap上的admin group映射成zeppelin的admin角色, user group映射成zeppelin的user_role角色
22. ldapRealm.rolesByGroup = admin:admin,user:user_role
23. securityManager.realms = $ldapRealm
24.  
25. sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
26. cookie = org.apache.shiro.web.servlet.SimpleCookie
27. cookie.name = JSESSIONID
28. cookie.httpOnly = true
29. sessionManager.sessionIdCookie = $cookie
30. securityManager.sessionManager = $sessionManager
31. securityManager.sessionManager.globalSessionTimeout = 86400000
32. shiro.loginUrl = /api/login
33. securityManager.sessionManager = $sessionManager
34. securityManager.realms = $ldapRealm
35.  
36. sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
37. ### Enables 'HttpOnly' flag in Zeppelin cookies
38. cookie = org.apache.shiro.web.servlet.SimpleCookie
39. cookie.name = JSESSIONID
40. cookie.httpOnly = true
41. ### Uncomment the below line only when Zeppelin is running over HTTPS
42. #cookie.secure = true
43. sessionManager.sessionIdCookie = $cookie
44. securityManager.sessionManager = $sessionManager
45. # 86,400,000 milliseconds = 24 hour
46. securityManager.sessionManager.globalSessionTimeout = 86400000
47. shiro.loginUrl = /api/login
48.  
49. [roles]
50. #devops = *
51. #admin = *
52.  
53. [urls]
54. /api/version = anon
55. /api/interpreter/setting/restart/** = authc
56. /api/interpreter/** = authc, roles[admin]
57. /api/configurations/** = authc, roles[admin]
58. /api/credential/** = authc, roles[admin]
59. #/** = anon
60. /** = authc