Support Questions

@Colin Cunningham

You can follow below steps:

Go to shiro.ini file and edit following section:

1) Under [users] section, you can put username and password you want to use for login :

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1
maria_dev = maria_dev

2) Under [Url] section make below change:

[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
#/** = anon
/** = authc

3) Restart the service.

@Iraheja or @rguruvannagari . Thanks for both your answers. Any pointers how to switch users in Zeppelin? I'm stuck on anonymous still after restarting zeppelin w/ the above changes to my shiro.ini config file. I don't see a way in the zeppelin UI to switch users. I can update the 'credential' but I don't really know what that is for. I am clearly a zeppelin newbie. -Colin

[root@sandbox conf]# more shiro.ini

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
#admin = password1
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2


# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername = CN=Administrator,CN=Users,DC=HW,DC=EXAMPLE,DC=COM
#activeDirectoryRealm.systemPassword = Password1!
#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/zeppelin.jceks
#activeDirectoryRealm.searchBase = CN=Users,DC=HW,DC=TEST,DC=COM
#activeDirectoryRealm.url = ldap://ad-nano.test.example.com:389
#activeDirectoryRealm.groupRolesMap = ""
#activeDirectoryRealm.authorizationCachingEnabled = true


#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = uid={0},cn=users,cn=accounts,dc=example,dc=com
#ldapRealm.contextFactory.url = ldap://ldaphost:389
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
#sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
#securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login


[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
/** = anon
#/** = authc

@rguruvannagari. I don't know if it was the trick but I set the property zeppelin.anonymous.allowed to false in conf/zeppelin-site.xml and then restarted zeppelin. i also noticed that my shiro.ini changes were reversed or reset to the original. confused but now i was prompted for login. I used maria_dev and it worked. i will carry on w/ the tutorial.

Its a two step process involving changes in 4 lines which i have marked below. Access shiro.ini from Ambari using admin user id only . Please note accessing it any other way will not be useful as it will not preserve the change and will keep getting overwritten every time the zapplin service is restarted.

So access shiro.ini in the following path : Ambari, Zeppelin > Configs > Advanced zeppelin-env > shiro_ini_content and make the following changes :

A.

1. # List of users with their password allowed to access Zeppelin.
2. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
3. maria_dev =<password>, admin #### <------Add this line #this is the first change#
4. #admin = password1, admin

B.

Near the end of the file there you should file the following lines :

1. # anon means the access is anonymous.
2. # authcBasic means Basic Auth Security
3. # To enfore security, comment the line below and uncomment the next one
4. #/api/version = anon <------comment this line #this is the second change#
5. #/** = anon <------comment this line #this is the third change#
6. /** = authc <------uncomment this line #this is the fourthchange#