2. Then add the users inside the "[users]" section as following:
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html
admin = admin
3. Also edit the "[urls]" section and add "authBasic" as following to tell which all URL patterns needs to be protected:
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one /api/version = anon
#/** = anon
/** = authcBasic
4. Restart Zeppelin and then users can try accessing the Zeppelin Notebook UI and you will see that it presents a Basic Authentication window to enter username & password.