Apache Zeppelin 如何为每个用户保存解释器配置
Apache Zeppelin how to have interpreter configuration saved per user
我正在使用 zeppelin,我的主要探索重点是 JDBC 解释器。
我们想提供一个用于访问数据库的 Web 界面。
打算让每个用户登录到 Zeppelin,创建自己的凭据,这些凭据应该传递给 jdbc 解释器。
所以解释器应该是共享的,但数据库连接应该基于每个单独的凭据
这可能吗?考虑到我的用户身份验证是 jdbc-realm
引用文档:https://zeppelin.apache.org/docs/0.9.0/setup/security/datasource_authorization.html
我的shiro.ini:
[main]
dataSource = org.postgresql.ds.PGPoolingDataSource
dataSource.serverName = localhost
dataSource.databaseName = test
dataSource.user = user_a
dataSource.password = pass_a
ps = org.apache.shiro.authc.credential.DefaultPasswordService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealmCredentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.dataSource = $dataSource
jdbcRealm.authenticationQuery = select password from zeppelin.zeppelin_users where username = ?
jdbcRealm.userRolesQuery = select role_name from zeppelin.zeppelin_user_roles where username = ?
jdbcRealm.credentialsMatcher = $pm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $cacheManager
### Enables 'HttpOnly' flag in Zeppelin cookies
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true
### Uncomment the below line only when Zeppelin is running over HTTPS
#cookie.secure = true
sessionManager.sessionIdCookie = $cookie
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
/api/version = anon
/api/cluster/address = anon
# Allow all authenticated users to restart interpreters on a notebook page.
# Comment out the following line if you would like to authorize only admin users to restart interpreters.
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[admin]
/api/notebook-repositories/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/api/admin/** = authc, roles[admin]
#/** = anon
/** = authc
已创建凭据:
并且还从解释器配置中删除了默认用户名和密码
异常:org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
版本:0.9.0-preview2
更新:同样的事情在 0.8.2 中有效,所以 0.9.0 构建似乎有问题
根据 ZEPPELIN-5184 和 PR-4008,在 0.9.0 中,我们只需要在凭据中定义解释器名称。
查看 ZEPPELIN-5189 了解更多详情。
我正在使用 zeppelin,我的主要探索重点是 JDBC 解释器。
我们想提供一个用于访问数据库的 Web 界面。
打算让每个用户登录到 Zeppelin,创建自己的凭据,这些凭据应该传递给 jdbc 解释器。
所以解释器应该是共享的,但数据库连接应该基于每个单独的凭据
这可能吗?考虑到我的用户身份验证是 jdbc-realm
引用文档:https://zeppelin.apache.org/docs/0.9.0/setup/security/datasource_authorization.html
我的shiro.ini:
[main]
dataSource = org.postgresql.ds.PGPoolingDataSource
dataSource.serverName = localhost
dataSource.databaseName = test
dataSource.user = user_a
dataSource.password = pass_a
ps = org.apache.shiro.authc.credential.DefaultPasswordService
pm = org.apache.shiro.authc.credential.PasswordMatcher
pm.passwordService = $ps
jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
jdbcRealmCredentialsMatcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
jdbcRealm.dataSource = $dataSource
jdbcRealm.authenticationQuery = select password from zeppelin.zeppelin_users where username = ?
jdbcRealm.userRolesQuery = select role_name from zeppelin.zeppelin_user_roles where username = ?
jdbcRealm.credentialsMatcher = $pm
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
### If caching of user is required then uncomment below lines
#cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $cacheManager
### Enables 'HttpOnly' flag in Zeppelin cookies
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = JSESSIONID
cookie.httpOnly = true
### Uncomment the below line only when Zeppelin is running over HTTPS
#cookie.secure = true
sessionManager.sessionIdCookie = $cookie
securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login
[roles]
role1 = *
role2 = *
role3 = *
admin = *
[urls]
/api/version = anon
/api/cluster/address = anon
# Allow all authenticated users to restart interpreters on a notebook page.
# Comment out the following line if you would like to authorize only admin users to restart interpreters.
/api/interpreter/setting/restart/** = authc
/api/interpreter/** = authc, roles[admin]
/api/notebook-repositories/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
/api/admin/** = authc, roles[admin]
#/** = anon
/** = authc
已创建凭据:
并且还从解释器配置中删除了默认用户名和密码
异常:org.postgresql.util.PSQLException: The server requested password-based authentication, but no password was provided.
版本:0.9.0-preview2
更新:同样的事情在 0.8.2 中有效,所以 0.9.0 构建似乎有问题
根据 ZEPPELIN-5184 和 PR-4008,在 0.9.0 中,我们只需要在凭据中定义解释器名称。
查看 ZEPPELIN-5189 了解更多详情。