Repository: zeppelin Updated Branches: refs/heads/branch-0.7 7e73b0a68 -> 6955c8d8a
ZEPPELIN-2366 In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store. ### What is this PR for? In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store. ### What type of PR is it? Bug Fix ### Todos * [ ] - Task ### What is the Jira issue? [ZEPPELIN-2366](https://issues.apache.org/jira/browse/ZEPPELIN-2366) ### How should this be tested? Configure AD system user password using hadoop credential in shiro.ini. _(sample config in JIRA ticket)_ ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? n/a * Is there breaking changes for older versions? n/a * Does this needs documentation? n/a Author: Renjith Kamath <renjith.kam...@gmail.com> Closes #2230 from r-kamath/ZEPPELIN-2366 and squashes the following commits: 11a8ab43d [Renjith Kamath] ZEPPELIN-2366 In zeppelin SystemUser fails to authenticate with AD, using the password set in hadoop credential store. (cherry picked from commit 35fa9d287fd7535dc9fed9ca8cc84e7851b045b5) Signed-off-by: Prabhjyot Singh <prabhjyotsi...@gmail.com> Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/6955c8d8 Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/6955c8d8 Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/6955c8d8 Branch: refs/heads/branch-0.7 Commit: 6955c8d8aa54a87ac66855f27d39c6d039ede6b2 Parents: 7e73b0a Author: Renjith Kamath <renjith.kam...@gmail.com> Authored: Thu Apr 6 20:55:38 2017 +0530 Committer: Prabhjyot Singh <prabhjyotsi...@gmail.com> Committed: Wed Apr 12 14:59:36 2017 +0530 ---------------------------------------------------------------------- .../realm/ActiveDirectoryGroupRealm.java | 33 ++++++++++++++++++++ 1 file changed, 33 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/6955c8d8/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java index 7990d5f..8a9d66b 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/realm/ActiveDirectoryGroupRealm.java @@ -24,6 +24,8 @@ import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authc.UsernamePasswordToken; +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.Realm; @@ -91,6 +93,11 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { LdapContextFactory ldapContextFactory; + protected void onInit() { + super.onInit(); + this.getLdapContextFactory(); + } + public LdapContextFactory getLdapContextFactory() { if (this.ldapContextFactory == null) { if (log.isDebugEnabled()) { @@ -109,6 +116,32 @@ public class ActiveDirectoryGroupRealm extends AbstractLdapRealm { return this.ldapContextFactory; } + protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) + throws AuthenticationException { + try { + AuthenticationInfo info = this.queryForAuthenticationInfo(token, + this.getLdapContextFactory()); + return info; + } catch (javax.naming.AuthenticationException var5) { + throw new AuthenticationException("LDAP authentication failed.", var5); + } catch (NamingException var6) { + String msg = "LDAP naming error while attempting to authenticate user."; + throw new AuthenticationException(msg, var6); + } + } + + protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { + try { + AuthorizationInfo info = this.queryForAuthorizationInfo(principals, + this.getLdapContextFactory()); + return info; + } catch (NamingException var5) { + String msg = "LDAP naming error while attempting to " + + "retrieve authorization for user [" + principals + "]."; + throw new AuthorizationException(msg, var5); + } + } + private String getSystemPassword() { String password = ""; if (StringUtils.isEmpty(this.hadoopSecurityCredentialPath)) {
