Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Solved Go to solution
Highlighted

Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Hi. I have started a HDP Sandbox 2.5.0 in Azure. I see that current sandbox has issue in that Zeppelin is not accessible from Abari Views. I can get to Zeppelin via port 9995 in browser but it has me as anonymous. How can I switch to being user maria_dev and interact w/ my sandbox.hortonworks.com build in Zeppelin?

Thanks. - Colin

p.s. I was unsuccessfully trying to move my way thru the tutorial here, https://github.com/hortonworks/tutorials/blob/hdp-2.5/tutorials/hortonworks/getting-started-with-apa....

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Super Collaborator
@Colin Cunningham

By default zeppelin is configured with anonymous authentcation. You must set [url] section in shiro_ini of zeppelin service as below. And without AD/LDAP authencation you can set the usernames in [users]. After this changes restart zeppelin services. Now with /api/anon commented you must login with user name set in [users]

[users] 
# List of users with their password allowed to access Zeppelin. 
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections 
maria_dev = <password> , admin  #### Add this line 
#admin = password1, admin 
#user1 = password2, role1, role2 
#user2 = password3, role3 

[urls] 

# This section is used for url-based security. 
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. 
# anon means the access is anonymous. 
# authc means Form based Auth Security 
# To enfore security, comment the line below and uncomment the next one 
/api/version = anon 
#/** = anon ###Comment anon
/** = authc    ####Add this line

View solution in original post

10 REPLIES 10
Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Super Collaborator
@Colin Cunningham

By default zeppelin is configured with anonymous authentcation. You must set [url] section in shiro_ini of zeppelin service as below. And without AD/LDAP authencation you can set the usernames in [users]. After this changes restart zeppelin services. Now with /api/anon commented you must login with user name set in [users]

[users] 
# List of users with their password allowed to access Zeppelin. 
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections 
maria_dev = <password> , admin  #### Add this line 
#admin = password1, admin 
#user1 = password2, role1, role2 
#user2 = password3, role3 

[urls] 

# This section is used for url-based security. 
# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. 
# anon means the access is anonymous. 
# authc means Form based Auth Security 
# To enfore security, comment the line below and uncomment the next one 
/api/version = anon 
#/** = anon ###Comment anon
/** = authc    ####Add this line

View solution in original post

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Thank you.

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Contributor

@Colin Cunningham

You can follow below steps:

Go to shiro.ini file and edit following section:

1) Under [users] section, you can put username and password you want to use for login :

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
admin = password1
maria_dev = maria_dev

2) Under [Url] section make below change:

[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
#/** = anon
/** = authc

3) Restart the service.

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Thank you. I restarted service but going to browser on :9995, I guess I still don't know how to switch from the user anonymous. below is how the tail of my shiro.ini [urls] section now reads in case you see any issue here.

-Colin

/api/version = anon

/** = anon

#/** = authc

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

@Iraheja or @rguruvannagari . Thanks for both your answers. Any pointers how to switch users in Zeppelin? I'm stuck on anonymous still after restarting zeppelin w/ the above changes to my shiro.ini config file. I don't see a way in the zeppelin UI to switch users. I can update the 'credential' but I don't really know what that is for. I am clearly a zeppelin newbie. -Colin

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

Super Collaborator

Can you please provide shiro ini content ?

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

[root@sandbox conf]# more shiro.ini

[users]
# List of users with their password allowed to access Zeppelin.
# To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
#admin = password1
#user1 = password2, role1, role2
#user2 = password3, role3
#user3 = password4, role2


# Sample LDAP configuration, for user Authentication, currently tested for single Realm
[main]
#activeDirectoryRealm = org.apache.zeppelin.server.ActiveDirectoryGroupRealm
#activeDirectoryRealm.systemUsername = CN=Administrator,CN=Users,DC=HW,DC=EXAMPLE,DC=COM
#activeDirectoryRealm.systemPassword = Password1!
#activeDirectoryRealm.hadoopSecurityCredentialPath = jceks://user/zeppelin/zeppelin.jceks
#activeDirectoryRealm.searchBase = CN=Users,DC=HW,DC=TEST,DC=COM
#activeDirectoryRealm.url = ldap://ad-nano.test.example.com:389
#activeDirectoryRealm.groupRolesMap = ""
#activeDirectoryRealm.authorizationCachingEnabled = true


#ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm
#ldapRealm.userDnTemplate = uid={0},cn=users,cn=accounts,dc=example,dc=com
#ldapRealm.contextFactory.url = ldap://ldaphost:389
#ldapRealm.contextFactory.authenticationMechanism = SIMPLE
#sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager = $sessionManager
# 86,400,000 milliseconds = 24 hour
#securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login


[urls]
# anon means the access is anonymous.
# authcBasic means Basic Auth Security
# To enfore security, comment the line below and uncomment the next one
/api/version = anon
/** = anon
#/** = authc
Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

@rguruvannagari. I don't know if it was the trick but I set the property zeppelin.anonymous.allowed to false in conf/zeppelin-site.xml and then restarted zeppelin. i also noticed that my shiro.ini changes were reversed or reset to the original. confused but now i was prompted for login. I used maria_dev and it worked. i will carry on w/ the tutorial.

Highlighted

Re: Sanbox Zeppelin: How to login as maria_dev (not anonymous)

New Contributor

Its a two step process involving changes in 4 lines which i have marked below. Access shiro.ini from Ambari using admin user id only . Please note accessing it any other way will not be useful as it will not preserve the change and will keep getting overwritten every time the zapplin service is restarted.

So access shiro.ini in the following path : Ambari, Zeppelin > Configs > Advanced zeppelin-env > shiro_ini_content and make the following changes :

A.

  1. # List of users with their password allowed to access Zeppelin.
  2. # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
  3. maria_dev =<password>, admin #### <------Add this line #this is the first change#
  4. #admin = password1, admin

B.

Near the end of the file there you should file the following lines :

  1. # anon means the access is anonymous.
  2. # authcBasic means Basic Auth Security
  3. # To enfore security, comment the line below and uncomment the next one
  4. #/api/version = anon <------comment this line #this is the second change#
  5. #/** = anon <------comment this line #this is the third change#
  6. /** = authc <------uncomment this line #this is the fourthchange#
Don't have an account?
Coming from Hortonworks? Activate your account here