Community Articles

Problem

I have my shiro configured as

[users] 
# List of users with their password allowed to access Zeppelin. 
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections 
#admin = password1 
admin = change 
#user1 = password2, role1, role2 
#user2 = password3, role3 
#user3 = password4, role2 

# Sample LDAP configuration, for user Authentication, currently tested for single Realm 
[main] 
ldapRealm = org.apache.zeppelin.server.LdapGroupRealm 
ldapRealm.contextFactory.environment[ldap.searchBase] = ou=my,ou=company,o=com 
ldapRealm.userDnTemplate = uid={0},ou=my,ou=company,o=com 
ldapRealm.contextFactory.url = ldap://<ldap_host>:389 
ldapRealm.contextFactory.authenticationMechanism = SIMPLE 

# doc horton 
ldapRealm.contextFactory.systemUsername = <system_username_bind>
ldapRealm.contextFactory.systemPassword = <system_username_password> 

#sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
#securityManager.sessionManager = $sessionManager 
# 86,400,000 milliseconds = 24 hour 
#securityManager.sessionManager.globalSessionTimeout = 86400000 
shiro.loginUrl = /api/login 

[urls] 
# anon means the access is anonymous. 
# authcBasic means Basic Auth Security 
# To enfore security, comment the line below and uncomment the next one 
/api/version = anon 
#/** = anon 
/** = authc

After logging into zeppelin UI and running scripts from Notebook I can see the following error in zeppelin log

WARN [2017-02-28 09:20:09,062] ({qtp1918627686-14} ServletHandler.java[doHandle]:620) - 
javax.servlet.ServletException: Filtered request failed.
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:384)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.apache.zeppelin.server.CorsFilter.doFilter(CorsFilter.java:72)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
	at org.eclipse.jetty.server.Server.handle(Server.java:499)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
	at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.NoSuchMethodError: javax.ws.rs.ClientErrorException.validate(Ljavax/ws/rs/core/Response;Ljavax/ws/rs/core/Response$Status$Family;)Ljavax/ws/rs/core/Response;
	at javax.ws.rs.ClientErrorException.<init>(ClientErrorException.java:88)
	at org.apache.cxf.jaxrs.utils.JAXRSUtils.findTargetMethod(JAXRSUtils.java:503)
	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:207)
	at org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:103)
	at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
	at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
	at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
	at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
	at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
	at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)
	at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)
	at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	... 22 more

Solution

To solve the problem enable sessionManager, cacheManager and securityManager attributes in shiro config so it looks like

[users] 
# List of users with their password allowed to access Zeppelin. 
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections 
#admin = password1 
admin = change 
#user1 = password2, role1, role2 
#user2 = password3, role3 
#user3 = password4, role2 

# Sample LDAP configuration, for user Authentication, currently tested for single Realm 
[main] 
ldapRealm = org.apache.zeppelin.server.LdapGroupRealm 
ldapRealm.contextFactory.environment[ldap.searchBase] = ou=my,ou=company,o=com 
ldapRealm.userDnTemplate = uid={0},ou=my,ou=company,o=com 
ldapRealm.contextFactory.url = ldap://<ldap_host>:389 
ldapRealm.contextFactory.authenticationMechanism = SIMPLE 

# doc horton 
ldapRealm.contextFactory.systemUsername = <system_username_bind>
ldapRealm.contextFactory.systemPassword = <system_username_password> 

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.realm = $ldapRealm 
securityManager.cacheManager = $cacheManager 
securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000 
shiro.loginUrl = /api/login 

[urls] 
# anon means the access is anonymous. 
# authcBasic means Basic Auth Security 
# To enfore security, comment the line below and uncomment the next one 
/api/version = anon 
#/** = anon 
/** = authc