Added: zeppelin/site/docs/0.9.0/setup/security/authentication_nginx.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.9.0/setup/security/authentication_nginx.html?rev=1884775&view=auto ============================================================================== --- zeppelin/site/docs/0.9.0/setup/security/authentication_nginx.html (added) +++ zeppelin/site/docs/0.9.0/setup/security/authentication_nginx.html Thu Dec 24 14:36:01 2020 @@ -0,0 +1,405 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.9.0 Documentation: HTTP Basic Auth using NGINX</title> + <meta name="description" content="There are multiple ways to enable authentication in Apache Zeppelin. This page describes HTTP basic auth using NGINX."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.9.0/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.9.0/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.9.0/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container navbar-container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/docs/0.9.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" + style="margin-top: -2px;" alt="I'm zeppelin"> + <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span> + <a class="navbar-brand-version" href="/docs/0.9.0" + style="font-size: 15px; color: white;"> 0.9.0 + </a> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span>Getting Started</span></li> + <li><a href="/docs/0.9.0/quickstart/install.html">Install</a></li> + <li><a href="/docs/0.9.0/quickstart/explore_ui.html">Explore UI</a></li> + <li><a href="/docs/0.9.0/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Run Mode</span></li> + <li><a href="/docs/0.9.0/quickstart/kubernetes.html">Kubernetes</a></li> + <li><a href="/docs/0.9.0/quickstart/docker.html">Docker</a></li> + <li><a href="/docs/0.9.0/quickstart/yarn.html">Yarn</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Dynamic Form</span></li> + <li><a href="/docs/0.9.0/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Display System</span></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#text">Text Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#html">HTML Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#table">Table Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#network">Network Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Interpreter</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/user_impersonation.html">User Impersonation</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/dependency_management.html">Dependency Management</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/installation.html">Installing Interpreters</a></li> + <!--<li><a href="/docs/0.9.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>--> + <li><a href="/docs/0.9.0/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Other Features</span></li> + <li><a href="/docs/0.9.0/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li> + <li><a href="/docs/0.9.0/usage/other_features/personalized_mode.html">Personalized Mode</a></li> + <li><a href="/docs/0.9.0/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li> + <li><a href="/docs/0.9.0/usage/other_features/notebook_actions.html">Notebook Actions</a></li> + <li><a href="/docs/0.9.0/usage/other_features/cron_scheduler.html">Cron Scheduler</a></li> + <li><a href="/docs/0.9.0/usage/other_features/zeppelin_context.html">Zeppelin Context</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>REST API</span></li> + <li><a href="/docs/0.9.0/usage/rest_api/interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook.html">Notebook API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/configuration.html">Configuration API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/credential.html">Credential API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/helium.html">Helium API</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Basics</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/setup/basics/hadoop_integration.html">Hadoop Integration</a></li> + <li><a href="/docs/0.9.0/setup/basics/multi_user_support.html">Multi-user Support</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Deployment</span></li> + <!--<li><a href="/docs/0.9.0/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>--> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li> + <li><a href="/docs/0.9.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li> + <li><a href="/docs/0.9.0/setup/deployment/cdh.html">Zeppelin on CDH</a></li> + <li><a href="/docs/0.9.0/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Security</span></li> + <li><a href="/docs/0.9.0/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li> + <li><a href="/docs/0.9.0/setup/security/shiro_authentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.9.0/setup/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/http_security_headers.html">HTTP Security Headers</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Notebook Storage</span></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-oss">OSS Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Operation</span></li> + <li><a href="/docs/0.9.0/setup/operation/configuration.html">Configuration</a></li> + <li><a href="/docs/0.9.0/setup/operation/proxy_setting.html">Proxy Setting</a></li> + <li><a href="/docs/0.9.0/setup/operation/upgrading.html">Upgrading</a></li> + <li><a href="/docs/0.9.0/setup/operation/trouble_shooting.html">Trouble Shooting</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Interpreters</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/spark.html">Spark</a></li> + <li><a href="/docs/0.9.0/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.9.0/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.9.0/interpreter/r.html">R</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.9.0/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.9.0/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.9.0/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.9.0/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.9.0/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.9.0/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.9.0/interpreter/groovy.html">Groovy</a></li> + <li><a href="/docs/0.9.0/interpreter/hazelcastjet.html">Hazelcast Jet</a></li> + <li><a href="/docs/0.9.0/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.9.0/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.9.0/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.9.0/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.9.0/interpreter/java.html">Java</a></li> + <li><a href="/docs/0.9.0/interpreter/jupyter.html">Jupyter</a></li> + <li><a href="/docs/0.9.0/interpreter/kotlin.html">Kotlin</a></li> + <li><a href="/docs/0.9.0/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.9.0/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.9.0/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.9.0/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.9.0/interpreter/mongodb.html">MongoDB</a></li> + <li><a href="/docs/0.9.0/interpreter/neo4j.html">Neo4j</a></li> + <li><a href="/docs/0.9.0/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.9.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.9.0/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.9.0/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.9.0/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.9.0/interpreter/sparql.html">Sparql</a></li> + <li><a href="/docs/0.9.0/interpreter/submarine.html">Submarine</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span>Extending Zeppelin</span></li> + <li><a href="/docs/0.9.0/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Helium (Experimental)</span></li> + <li><a href="/docs/0.9.0/development/helium/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_application.html">Writing Helium Application</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_spell.html">Writing Helium Spell</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_basic.html">Writing Helium Visualization: Basics</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Contributing to Zeppelin</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>External Resources</span></li> + <li><a target="_blank" href="https://zeppelin.apache.org/community.html";>Mailing List</a></li> + <li><a target="_blank" href="https://cwiki.apache.org/confluence/display/ZEPPELIN/Zeppelin+Home";>Apache Zeppelin Wiki</a></li> + <li><a target="_blank" href="http://stackoverflow.com/questions/tagged/apache-zeppelin";>Stackoverflow Questions about Zeppelin</a></li> + </ul> + </li> + <li> + <a href="/docs/0.9.0/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit HTTP Basic Auth using NGINX"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Authentication for NGINX</h1> + +<div id="toc"></div> + +<p><a href="./shiro_authentication.html">Build in authentication mechanism</a> is recommended way for authentication. In case of you want authenticate using NGINX and <a href="https://en.wikipedia.org/wiki/Basic_access_authentication";>HTTP basic auth</a>, please read this document.</p> + +<h2>HTTP Basic Authentication using NGINX</h2> + +<blockquote> +<p><strong>Quote from Wikipedia:</strong> NGINX is a web server. It can act as a reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer and an HTTP cache.</p> +</blockquote> + +<p>So you can use NGINX server as proxy server to serve HTTP Basic Authentication as a separate process along with Zeppelin server. +Here are instructions how to accomplish the setup NGINX as a front-end authentication server and connect Zeppelin at behind.</p> + +<p>This instruction based on Ubuntu 14.04 LTS but may work with other OS with few configuration changes.</p> + +<ol> +<li><p>Install NGINX server on your server instance</p> + +<p>You can install NGINX server with same box where zeppelin installed or separate box where it is dedicated to serve as proxy server.</p> +<div class="highlight"><pre><code class="bash language-bash" data-lang="bash"><span class="nv">$ </span>apt-get install nginx +</code></pre></div> +<blockquote> +<p><strong>NOTE :</strong> On pre 1.3.13 version of NGINX, Proxy for Websocket may not fully works. Please use latest version of NGINX. See: <a href="https://www.nginx.com/blog/websocket-nginx/";>NGINX documentation</a>.</p> +</blockquote></li> +<li><p>Setup init script in NGINX</p> + +<p>In most cases, NGINX configuration located under <code>/etc/nginx/sites-available</code>. Create your own configuration or add your existing configuration at <code>/etc/nginx/sites-available</code>.</p> +<div class="highlight"><pre><code class="bash language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /etc/nginx/sites-available +<span class="nv">$ </span>touch my-zeppelin-auth-setting +</code></pre></div> +<p>Now add this script into <code>my-zeppelin-auth-setting</code> file. You can comment out <code>optional</code> lines If you want serve Zeppelin under regular HTTP 80 Port.</p> +<div class="highlight"><pre><code class="text language-text" data-lang="text">upstream zeppelin { + server [YOUR-ZEPPELIN-SERVER-IP]:[YOUR-ZEPPELIN-SERVER-PORT]; # For security, It is highly recommended to make this address/port as non-public accessible +} + +# Zeppelin Website +server { + listen [YOUR-ZEPPELIN-WEB-SERVER-PORT]; + listen 443 ssl; # optional, to serve HTTPS connection + server_name [YOUR-ZEPPELIN-SERVER-HOST]; # for example: zeppelin.mycompany.com + + ssl_certificate [PATH-TO-YOUR-CERT-FILE]; # optional, to serve HTTPS connection + ssl_certificate_key [PATH-TO-YOUR-CERT-KEY-FILE]; # optional, to serve HTTPS connection + + if ($ssl_protocol = "") { + rewrite ^ https://$host$request_uri? permanent; # optional, to force use of HTTPS + } + + location / { # For regular websever support + proxy_pass http://zeppelin; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_redirect off; + auth_basic "Restricted"; + auth_basic_user_file /etc/nginx/.htpasswd; + } + + location /ws { # For websocket support + proxy_pass http://zeppelin/ws; + proxy_http_version 1.1; + proxy_set_header Upgrade websocket; + proxy_set_header Connection upgrade; + proxy_read_timeout 86400; + } +} +</code></pre></div> +<p>Then make a symbolic link to this file from <code>/etc/nginx/sites-enabled/</code> to enable configuration above when NGINX reloads.</p> +<div class="highlight"><pre><code class="bash language-bash" data-lang="bash"><span class="nv">$ </span>ln -s /etc/nginx/sites-enabled/my-zeppelin-auth-setting /etc/nginx/sites-available/my-zeppelin-auth-setting +</code></pre></div></li> +<li><p>Setup user credential into <code>.htpasswd</code> file and restart server</p> + +<p>Now you need to setup <code>.htpasswd</code> file to serve list of authenticated user credentials for NGINX server.</p> +<div class="highlight"><pre><code class="bash language-bash" data-lang="bash"><span class="nv">$ </span><span class="nb">cd</span> /etc/nginx +<span class="nv">$ </span>htpasswd -c htpasswd <span class="o">[</span>YOUR-ID<span class="o">]</span> +NEW passwd: <span class="o">[</span>YOUR-PASSWORD<span class="o">]</span> +RE-type new passwd: <span class="o">[</span>YOUR-PASSWORD-AGAIN<span class="o">]</span> +</code></pre></div> +<p>Or you can use your own apache <code>.htpasswd</code> files in other location for setting up property: <code>auth_basic_user_file</code></p> + +<p>Restart NGINX server.</p> +<div class="highlight"><pre><code class="bash language-bash" data-lang="bash"><span class="nv">$ </span>service nginx restart +</code></pre></div> +<p>Then check HTTP Basic Authentication works in browser. If you can see regular basic auth popup and then able to login with credential you entered into <code>.htpasswd</code> you are good to go.</p></li> +<li><p>More security consideration</p></li> +</ol> + +<ul> +<li>Using HTTPS connection with Basic Authentication is highly recommended since basic auth without encryption may expose your important credential information over the network.</li> +<li>Using <a href="./shiro_authentication.html">Shiro Security feature built-into Zeppelin</a> is recommended if you prefer all-in-one solution for authentication but NGINX may provides ad-hoc solution for re-use authentication served by your system's NGINX server or in case of you need to separate authentication from zeppelin server.</li> +<li>It is recommended to isolate direct connection to Zeppelin server from public internet or external services to secure your zeppelin instance from unexpected attack or problems caused by public zone.</li> +</ul> + +<h2>Another option</h2> + +<p>Another option is to have an authentication server that can verify user credentials in an LDAP server. +If an incoming request to the Zeppelin server does not have a cookie with user information encrypted with the authentication server public key, the user +is redirected to the authentication server. Once the user is verified, the authentication server redirects the browser to a specific URL in the Zeppelin server which sets the authentication cookie in the browser. +The end result is that all requests to the Zeppelin web server have the authentication cookie which contains user and groups information.</p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2020 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> +
Added: zeppelin/site/docs/0.9.0/setup/security/datasource_authorization.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.9.0/setup/security/datasource_authorization.html?rev=1884775&view=auto ============================================================================== --- zeppelin/site/docs/0.9.0/setup/security/datasource_authorization.html (added) +++ zeppelin/site/docs/0.9.0/setup/security/datasource_authorization.html Thu Dec 24 14:36:01 2020 @@ -0,0 +1,351 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.9.0 Documentation: Data Source Authorization in Apache Zeppelin</title> + <meta name="description" content="Apache Zeppelin supports protected data sources. In case of a MySql database, every users can set up their own credentials to access it."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.9.0/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.9.0/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.9.0/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container navbar-container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/docs/0.9.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" + style="margin-top: -2px;" alt="I'm zeppelin"> + <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span> + <a class="navbar-brand-version" href="/docs/0.9.0" + style="font-size: 15px; color: white;"> 0.9.0 + </a> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span>Getting Started</span></li> + <li><a href="/docs/0.9.0/quickstart/install.html">Install</a></li> + <li><a href="/docs/0.9.0/quickstart/explore_ui.html">Explore UI</a></li> + <li><a href="/docs/0.9.0/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Run Mode</span></li> + <li><a href="/docs/0.9.0/quickstart/kubernetes.html">Kubernetes</a></li> + <li><a href="/docs/0.9.0/quickstart/docker.html">Docker</a></li> + <li><a href="/docs/0.9.0/quickstart/yarn.html">Yarn</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Dynamic Form</span></li> + <li><a href="/docs/0.9.0/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Display System</span></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#text">Text Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#html">HTML Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#table">Table Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#network">Network Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Interpreter</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/user_impersonation.html">User Impersonation</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/dependency_management.html">Dependency Management</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/installation.html">Installing Interpreters</a></li> + <!--<li><a href="/docs/0.9.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>--> + <li><a href="/docs/0.9.0/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Other Features</span></li> + <li><a href="/docs/0.9.0/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li> + <li><a href="/docs/0.9.0/usage/other_features/personalized_mode.html">Personalized Mode</a></li> + <li><a href="/docs/0.9.0/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li> + <li><a href="/docs/0.9.0/usage/other_features/notebook_actions.html">Notebook Actions</a></li> + <li><a href="/docs/0.9.0/usage/other_features/cron_scheduler.html">Cron Scheduler</a></li> + <li><a href="/docs/0.9.0/usage/other_features/zeppelin_context.html">Zeppelin Context</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>REST API</span></li> + <li><a href="/docs/0.9.0/usage/rest_api/interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook.html">Notebook API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/configuration.html">Configuration API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/credential.html">Credential API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/helium.html">Helium API</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Basics</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/setup/basics/hadoop_integration.html">Hadoop Integration</a></li> + <li><a href="/docs/0.9.0/setup/basics/multi_user_support.html">Multi-user Support</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Deployment</span></li> + <!--<li><a href="/docs/0.9.0/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>--> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li> + <li><a href="/docs/0.9.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li> + <li><a href="/docs/0.9.0/setup/deployment/cdh.html">Zeppelin on CDH</a></li> + <li><a href="/docs/0.9.0/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Security</span></li> + <li><a href="/docs/0.9.0/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li> + <li><a href="/docs/0.9.0/setup/security/shiro_authentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.9.0/setup/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/http_security_headers.html">HTTP Security Headers</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Notebook Storage</span></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-oss">OSS Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Operation</span></li> + <li><a href="/docs/0.9.0/setup/operation/configuration.html">Configuration</a></li> + <li><a href="/docs/0.9.0/setup/operation/proxy_setting.html">Proxy Setting</a></li> + <li><a href="/docs/0.9.0/setup/operation/upgrading.html">Upgrading</a></li> + <li><a href="/docs/0.9.0/setup/operation/trouble_shooting.html">Trouble Shooting</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Interpreters</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/spark.html">Spark</a></li> + <li><a href="/docs/0.9.0/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.9.0/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.9.0/interpreter/r.html">R</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.9.0/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.9.0/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.9.0/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.9.0/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.9.0/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.9.0/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.9.0/interpreter/groovy.html">Groovy</a></li> + <li><a href="/docs/0.9.0/interpreter/hazelcastjet.html">Hazelcast Jet</a></li> + <li><a href="/docs/0.9.0/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.9.0/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.9.0/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.9.0/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.9.0/interpreter/java.html">Java</a></li> + <li><a href="/docs/0.9.0/interpreter/jupyter.html">Jupyter</a></li> + <li><a href="/docs/0.9.0/interpreter/kotlin.html">Kotlin</a></li> + <li><a href="/docs/0.9.0/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.9.0/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.9.0/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.9.0/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.9.0/interpreter/mongodb.html">MongoDB</a></li> + <li><a href="/docs/0.9.0/interpreter/neo4j.html">Neo4j</a></li> + <li><a href="/docs/0.9.0/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.9.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.9.0/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.9.0/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.9.0/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.9.0/interpreter/sparql.html">Sparql</a></li> + <li><a href="/docs/0.9.0/interpreter/submarine.html">Submarine</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span>Extending Zeppelin</span></li> + <li><a href="/docs/0.9.0/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Helium (Experimental)</span></li> + <li><a href="/docs/0.9.0/development/helium/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_application.html">Writing Helium Application</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_spell.html">Writing Helium Spell</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_basic.html">Writing Helium Visualization: Basics</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Contributing to Zeppelin</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>External Resources</span></li> + <li><a target="_blank" href="https://zeppelin.apache.org/community.html";>Mailing List</a></li> + <li><a target="_blank" href="https://cwiki.apache.org/confluence/display/ZEPPELIN/Zeppelin+Home";>Apache Zeppelin Wiki</a></li> + <li><a target="_blank" href="http://stackoverflow.com/questions/tagged/apache-zeppelin";>Stackoverflow Questions about Zeppelin</a></li> + </ul> + </li> + <li> + <a href="/docs/0.9.0/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Data Source Authorization in Apache Zeppelin"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Data Source Authorization in Apache Zeppelin</h1> + +<div id="toc"></div> + +<h2>Overview</h2> + +<p>Data source authorization involves authenticating to the data source like a Mysql database and letting it determine user permissions. +Apache Zeppelin allows users to use their own credentials to authenticate with <strong>Data Sources</strong>.</p> + +<p>For example, let's assume you have an account in the Vertica databases with credentials. +You might want to use this account to create a JDBC connection instead of a shared account with all users who are defined in <code>conf/shiro.ini</code>. +In this case, you can add your credential information to Apache Zeppelin and use them with below simple steps. </p> + +<h2>How to save the credential information?</h2> + +<p>You can add new credentials in the dropdown menu for your data source which can be passed to interpreters. </p> + +<p><img class="img-responsive" src="/docs/0.9.0/assets/themes/zeppelin/img/docs-img/credential_tab.png" width="180px"/></p> + +<p><strong>Entity</strong> can be the key that distinguishes each credential sets.(We suggest that the convention of the <strong>Entity</strong> is <code>[Interpreter Group].[Interpreter Name]</code>.) +Please see <a href="../../usage/interpreter/overview.html#what-is-interpreter-group">what is interpreter group</a> for the detailed information.</p> + +<p>Type <strong>Username & Password</strong> for your own credentials. ex) Mysql user & password of the JDBC Interpreter.</p> + +<p><img class="img-responsive" src="/docs/0.9.0/assets/themes/zeppelin/img/docs-img/add_credential.png" /></p> + +<p>The credentials saved as per users defined in <code>conf/shiro.ini</code>. +If you didn't activate <a href="./shiro_authentication.html">shiro authentication in Apache Zeppelin</a>, your credential information will be saved as <code>anonymous</code>. +All credential information also can be found in <code>conf/credentials.json</code>. </p> + +<h4>JDBC interpreter</h4> + +<p>You need to maintain per-user connection pools. +The interpret method takes the user string as a parameter and executes the jdbc call using a connection in the user's connection pool.</p> + +<h4>Presto</h4> + +<p>You don't need a password if the Presto DB server runs backend code using HDFS authorization for the user.</p> + +<h4>Vertica and Mysql</h4> + +<p>You have to store the password information for users.</p> + +<h2>Please note</h2> + +<p>As a first step of data source authentication feature, <a href="https://issues.apache.org/jira/browse/ZEPPELIN-828";>ZEPPELIN-828</a> was proposed and implemented in Pull Request <a href="https://github.com/apache/zeppelin/pull/860";>#860</a>. +Currently, only customized 3rd party interpreters can use this feature. We are planning to apply this mechanism to <a href="../../usage/interpreter/installation.html#available-community-managed-interpreters">the community managed interpreters</a> in the near future. +Please keep track <a href="https://issues.apache.org/jira/browse/ZEPPELIN-1070";>ZEPPELIN-1070</a>. </p> + + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2020 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> + Added: zeppelin/site/docs/0.9.0/setup/security/http_security_headers.html URL: http://svn.apache.org/viewvc/zeppelin/site/docs/0.9.0/setup/security/http_security_headers.html?rev=1884775&view=auto ============================================================================== --- zeppelin/site/docs/0.9.0/setup/security/http_security_headers.html (added) +++ zeppelin/site/docs/0.9.0/setup/security/http_security_headers.html Thu Dec 24 14:36:01 2020 @@ -0,0 +1,401 @@ + +<!DOCTYPE html> +<html lang="en"> + <head> + <meta charset="utf-8"> + <title>Apache Zeppelin 0.9.0 Documentation: Setting up HTTP Response Headers</title> + <meta name="description" content="There are multiple HTTP Security Headers which can be configured in Apache Zeppelin. This page describes how to enable them by providing appropriate value in Zeppelin configuration file."> + <meta name="author" content="The Apache Software Foundation"> + + <!-- Enable responsive viewport --> + <meta name="viewport" content="width=device-width, initial-scale=1.0"> + + <!-- Le HTML5 shim, for IE6-8 support of HTML elements --> + <!--[if lt IE 9]> + <script src="http://html5shim.googlecode.com/svn/trunk/html5.js";></script> + <![endif]--> + + <link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet"> + + <!-- Le styles --> + <link href="/docs/0.9.0/assets/themes/zeppelin/bootstrap/css/bootstrap.css" rel="stylesheet"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/style.css?body=1" rel="stylesheet" type="text/css"> + <link href="/docs/0.9.0/assets/themes/zeppelin/css/syntax.css" rel="stylesheet" type="text/css" media="screen" /> + <!-- Le fav and touch icons --> + <!-- Update these with your own images + <link rel="shortcut icon" href="images/favicon.ico"> + <link rel="apple-touch-icon" href="images/apple-touch-icon.png"> + <link rel="apple-touch-icon" sizes="72x72" href="images/apple-touch-icon-72x72.png"> + <link rel="apple-touch-icon" sizes="114x114" href="images/apple-touch-icon-114x114.png"> + --> + + <!-- Js --> + <script src="https://code.jquery.com/jquery-1.10.2.min.js";></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/bootstrap/js/bootstrap.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/docs.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/anchor.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/toc.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/lunr.min.js"></script> + <script src="/docs/0.9.0/assets/themes/zeppelin/js/search.js"></script> + + <!-- atom & rss feed --> + <link href="/docs/0.9.0/atom.xml" type="application/atom+xml" rel="alternate" title="Sitewide ATOM Feed"> + <link href="/docs/0.9.0/rss.xml" type="application/rss+xml" rel="alternate" title="Sitewide RSS Feed"> + </head> + + <body> + + <div id="menu" class="navbar navbar-inverse navbar-fixed-top" role="navigation"> + <div class="container navbar-container"> + <div class="navbar-header"> + <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> + <span class="sr-only">Toggle navigation</span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + <span class="icon-bar"></span> + </button> + <div class="navbar-brand"> + <a class="navbar-brand-main" href="http://zeppelin.apache.org";> + <img src="/docs/0.9.0/assets/themes/zeppelin/img/zeppelin_logo.png" width="50" + style="margin-top: -2px;" alt="I'm zeppelin"> + <span style="margin-left: 5px; font-size: 27px;">Zeppelin</span> + <a class="navbar-brand-version" href="/docs/0.9.0" + style="font-size: 15px; color: white;"> 0.9.0 + </a> + </a> + </div> + </div> + <nav class="navbar-collapse collapse" role="navigation"> + <ul class="nav navbar-nav"> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Quick Start <b class="caret"></b></a> + <ul class="dropdown-menu"> + <li class="title"><span>Getting Started</span></li> + <li><a href="/docs/0.9.0/quickstart/install.html">Install</a></li> + <li><a href="/docs/0.9.0/quickstart/explore_ui.html">Explore UI</a></li> + <li><a href="/docs/0.9.0/quickstart/tutorial.html">Tutorial</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Run Mode</span></li> + <li><a href="/docs/0.9.0/quickstart/kubernetes.html">Kubernetes</a></li> + <li><a href="/docs/0.9.0/quickstart/docker.html">Docker</a></li> + <li><a href="/docs/0.9.0/quickstart/yarn.html">Yarn</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/quickstart/spark_with_zeppelin.html">Spark with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/sql_with_zeppelin.html">SQL with Zeppelin</a></li> + <li><a href="/docs/0.9.0/quickstart/python_with_zeppelin.html">Python with Zeppelin</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Usage<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Dynamic Form</span></li> + <li><a href="/docs/0.9.0/usage/dynamic_form/intro.html">What is Dynamic Form?</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Display System</span></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#text">Text Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#html">HTML Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#table">Table Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/basic.html#network">Network Display</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_backend.html">Angular Display using Backend API</a></li> + <li><a href="/docs/0.9.0/usage/display_system/angular_frontend.html">Angular Display using Frontend API</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Interpreter</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/interpreter_binding_mode.html">Interpreter Binding Mode</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/user_impersonation.html">User Impersonation</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/dependency_management.html">Dependency Management</a></li> + <li><a href="/docs/0.9.0/usage/interpreter/installation.html">Installing Interpreters</a></li> + <!--<li><a href="/docs/0.9.0/usage/interpreter/dynamic_loading.html">Dynamic Interpreter Loading (Experimental)</a></li>--> + <li><a href="/docs/0.9.0/usage/interpreter/execution_hooks.html">Execution Hooks (Experimental)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Other Features</span></li> + <li><a href="/docs/0.9.0/usage/other_features/publishing_paragraphs.html">Publishing Paragraphs</a></li> + <li><a href="/docs/0.9.0/usage/other_features/personalized_mode.html">Personalized Mode</a></li> + <li><a href="/docs/0.9.0/usage/other_features/customizing_homepage.html">Customizing Zeppelin Homepage</a></li> + <li><a href="/docs/0.9.0/usage/other_features/notebook_actions.html">Notebook Actions</a></li> + <li><a href="/docs/0.9.0/usage/other_features/cron_scheduler.html">Cron Scheduler</a></li> + <li><a href="/docs/0.9.0/usage/other_features/zeppelin_context.html">Zeppelin Context</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>REST API</span></li> + <li><a href="/docs/0.9.0/usage/rest_api/interpreter.html">Interpreter API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/zeppelin_server.html">Zeppelin Server API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook.html">Notebook API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/notebook_repository.html">Notebook Repository API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/configuration.html">Configuration API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/credential.html">Credential API</a></li> + <li><a href="/docs/0.9.0/usage/rest_api/helium.html">Helium API</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Setup<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Basics</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/setup/basics/hadoop_integration.html">Hadoop Integration</a></li> + <li><a href="/docs/0.9.0/setup/basics/multi_user_support.html">Multi-user Support</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Deployment</span></li> + <!--<li><a href="/docs/0.9.0/setup/deployment/docker.html">Docker Image for Zeppelin</a></li>--> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-standalone-mode">Spark Cluster Mode: Standalone</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-yarn-mode">Spark Cluster Mode: YARN</a></li> + <li><a href="/docs/0.9.0/setup/deployment/spark_cluster_mode.html#spark-on-mesos-mode">Spark Cluster Mode: Mesos</a></li> + <li><a href="/docs/0.9.0/setup/deployment/flink_and_spark_cluster.html">Zeppelin with Flink, Spark Cluster</a></li> + <li><a href="/docs/0.9.0/setup/deployment/cdh.html">Zeppelin on CDH</a></li> + <li><a href="/docs/0.9.0/setup/deployment/virtual_machine.html">Zeppelin on VM: Vagrant</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Security</span></li> + <li><a href="/docs/0.9.0/setup/security/authentication_nginx.html">HTTP Basic Auth using NGINX</a></li> + <li><a href="/docs/0.9.0/setup/security/shiro_authentication.html">Shiro Authentication</a></li> + <li><a href="/docs/0.9.0/setup/security/notebook_authorization.html">Notebook Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/datasource_authorization.html">Data Source Authorization</a></li> + <li><a href="/docs/0.9.0/setup/security/http_security_headers.html">HTTP Security Headers</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Notebook Storage</span></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-local-git-repository">Git Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-s3">S3 Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-azure">Azure Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-oss">OSS Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-zeppelinhub">ZeppelinHub Storage</a></li> + <li><a href="/docs/0.9.0/setup/storage/storage.html#notebook-storage-in-mongodb">MongoDB Storage</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Operation</span></li> + <li><a href="/docs/0.9.0/setup/operation/configuration.html">Configuration</a></li> + <li><a href="/docs/0.9.0/setup/operation/proxy_setting.html">Proxy Setting</a></li> + <li><a href="/docs/0.9.0/setup/operation/upgrading.html">Upgrading</a></li> + <li><a href="/docs/0.9.0/setup/operation/trouble_shooting.html">Trouble Shooting</a></li> + </ul> + </li> + + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">Interpreter <b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu"> + <li class="title"><span>Interpreters</span></li> + <li><a href="/docs/0.9.0/usage/interpreter/overview.html">Overview</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/spark.html">Spark</a></li> + <li><a href="/docs/0.9.0/interpreter/jdbc.html">JDBC</a></li> + <li><a href="/docs/0.9.0/interpreter/python.html">Python</a></li> + <li><a href="/docs/0.9.0/interpreter/r.html">R</a></li> + <li role="separator" class="divider"></li> + <li><a href="/docs/0.9.0/interpreter/alluxio.html">Alluxio</a></li> + <li><a href="/docs/0.9.0/interpreter/beam.html">Beam</a></li> + <li><a href="/docs/0.9.0/interpreter/bigquery.html">BigQuery</a></li> + <li><a href="/docs/0.9.0/interpreter/cassandra.html">Cassandra</a></li> + <li><a href="/docs/0.9.0/interpreter/elasticsearch.html">Elasticsearch</a></li> + <li><a href="/docs/0.9.0/interpreter/flink.html">Flink</a></li> + <li><a href="/docs/0.9.0/interpreter/geode.html">Geode</a></li> + <li><a href="/docs/0.9.0/interpreter/groovy.html">Groovy</a></li> + <li><a href="/docs/0.9.0/interpreter/hazelcastjet.html">Hazelcast Jet</a></li> + <li><a href="/docs/0.9.0/interpreter/hbase.html">HBase</a></li> + <li><a href="/docs/0.9.0/interpreter/hdfs.html">HDFS</a></li> + <li><a href="/docs/0.9.0/interpreter/hive.html">Hive</a></li> + <li><a href="/docs/0.9.0/interpreter/ignite.html">Ignite</a></li> + <li><a href="/docs/0.9.0/interpreter/java.html">Java</a></li> + <li><a href="/docs/0.9.0/interpreter/jupyter.html">Jupyter</a></li> + <li><a href="/docs/0.9.0/interpreter/kotlin.html">Kotlin</a></li> + <li><a href="/docs/0.9.0/interpreter/kylin.html">Kylin</a></li> + <li><a href="/docs/0.9.0/interpreter/lens.html">Lens</a></li> + <li><a href="/docs/0.9.0/interpreter/livy.html">Livy</a></li> + <li><a href="/docs/0.9.0/interpreter/markdown.html">Markdown</a></li> + <li><a href="/docs/0.9.0/interpreter/mongodb.html">MongoDB</a></li> + <li><a href="/docs/0.9.0/interpreter/neo4j.html">Neo4j</a></li> + <li><a href="/docs/0.9.0/interpreter/pig.html">Pig</a></li> + <li><a href="/docs/0.9.0/interpreter/postgresql.html">Postgresql, HAWQ</a></li> + <li><a href="/docs/0.9.0/interpreter/scalding.html">Scalding</a></li> + <li><a href="/docs/0.9.0/interpreter/scio.html">Scio</a></li> + <li><a href="/docs/0.9.0/interpreter/shell.html">Shell</a></li> + <li><a href="/docs/0.9.0/interpreter/sparql.html">Sparql</a></li> + <li><a href="/docs/0.9.0/interpreter/submarine.html">Submarine</a></li> + </ul> + </li> + <li> + <a href="#" data-toggle="dropdown" class="dropdown-toggle">More<b class="caret"></b></a> + <ul class="dropdown-menu scrollable-menu" style="right: 0; left: auto;"> + <li class="title"><span>Extending Zeppelin</span></li> + <li><a href="/docs/0.9.0/development/writing_zeppelin_interpreter.html">Writing Zeppelin Interpreter</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Helium (Experimental)</span></li> + <li><a href="/docs/0.9.0/development/helium/overview.html">Overview</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_application.html">Writing Helium Application</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_spell.html">Writing Helium Spell</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_basic.html">Writing Helium Visualization: Basics</a></li> + <li><a href="/docs/0.9.0/development/helium/writing_visualization_transformation.html">Writing Helium Visualization: Transformation</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>Contributing to Zeppelin</span></li> + <li><a href="/docs/0.9.0/setup/basics/how_to_build.html">How to Build Zeppelin</a></li> + <li><a href="/docs/0.9.0/development/contribution/useful_developer_tools.html">Useful Developer Tools</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_code.html">How to Contribute (code)</a></li> + <li><a href="/docs/0.9.0/development/contribution/how_to_contribute_website.html">How to Contribute (website)</a></li> + <li role="separator" class="divider"></li> + <li class="title"><span>External Resources</span></li> + <li><a target="_blank" href="https://zeppelin.apache.org/community.html";>Mailing List</a></li> + <li><a target="_blank" href="https://cwiki.apache.org/confluence/display/ZEPPELIN/Zeppelin+Home";>Apache Zeppelin Wiki</a></li> + <li><a target="_blank" href="http://stackoverflow.com/questions/tagged/apache-zeppelin";>Stackoverflow Questions about Zeppelin</a></li> + </ul> + </li> + <li> + <a href="/docs/0.9.0/search.html" class="nav-search-link"> + <span class="fa fa-search nav-search-icon"></span> + </a> + </li> + </ul> + </nav><!--/.navbar-collapse --> + </div> + </div> + + + + <div class="content"> + +<!--<div class="hero-unit Setting up HTTP Response Headers"> + <h1></h1> +</div> +--> + +<div class="row"> + <div class="col-md-12"> + <!-- +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +<h1>Setting up HTTP Response Headers for Zeppelin</h1> + +<div id="toc"></div> + +<p>Apache Zeppelin can be configured to include HTTP Headers which aids in preventing Cross Site Scripting (XSS), Cross-Frame Scripting (XFS) and also enforces HTTP Strict Transport Security. Apache Zeppelin also has configuration available to set the Application Server Version to desired value.</p> + +<h2>Setting up HTTP Strict Transport Security (HSTS) Response Header</h2> + +<p>Enabling HSTS Response Header prevents Man-in-the-middle attacks by automatically redirecting HTTP requests to HTTPS when Zeppelin Server is running on SSL. Read on how to configure SSL for Zeppelin <a href="../operation/configuration.html">here</a>. Even if web page contains any resource which gets served over HTTP or any HTTP links, it will automatically be redirected to HTTPS for the target domain. +It also prevents MITM attack by not allowing User to override the invalid certificate message, when Attacker presents invalid SSL certificate to the User. </p> + +<p>The following property needs to be updated in the zeppelin-site.xml in order to enable HSTS. You can choose appropriate value for "max-age".</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.strict.transport<span class="nt"></name></span> + <span class="nt"><value></span>max-age=631138519<span class="nt"></value></span> + <span class="nt"><description></span>The HTTP Strict-Transport-Security response header is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. Enable this when Zeppelin is running on HTTPS. Value is in Seconds, the default value is equivalent to 20 years.<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>Possible values are:</p> + +<ul> +<li>max-age=<expire-time></li> +<li>max-age=<expire-time>; includeSubDomains</li> +<li>max-age=<expire-time>; preload</li> +</ul> + +<p>Read more about HSTS <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security";>here</a>.</p> + +<h2>Setting up X-XSS-PROTECTION Header</h2> + +<p>The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari Web browsers that initiates configured action when they detect reflected cross-site scripting (XSS) attacks.</p> + +<p>The below property to set X-XSS-Protection header is enabled with default value of "1; mode=block" in the zeppelin-site.xml</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.xxss.protection<span class="nt"></name></span> + <span class="nt"><value></span>1; mode=block<span class="nt"></value></span> + <span class="nt"><description></span>The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. When value is set to 1 and a cross-site scripting attack is detected, the browser will sanitize the page (remove the unsafe parts).<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>You can choose appropriate value from below to update the configuration if required.</p> + +<ul> +<li>0 (Disables XSS filtering)</li> +<li>1 (Enables XSS filtering. If a cross-site scripting attack is detected, the browser will sanitize the page.)</li> +<li>1; mode=block (Enables XSS filtering. The browser will prevent rendering of the page if an attack is detected.)</li> +</ul> + +<p>Read more about HTTP X-XSS-Protection response header <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection";>here</a>.</p> + +<h2>Setting up X-Frame-Options Header</h2> + +<p>The X-Frame-Options HTTP response header can indicate browser to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites in a <code><frame></code>,<code><iframe></code> or <code><object></code>.</p> + +<p>The below property to set X-Frame-Options header is enabled with default value of "SAMEORIGIN" in the zeppelin-site.xml</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.xframe.options<span class="nt"></name></span> + <span class="nt"><value></span>SAMEORIGIN<span class="nt"></value></span> + <span class="nt"><description></span>The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame/iframe/object.<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>You can choose appropriate value from below to update the configuration if required.</p> + +<ul> +<li><code>DENY</code></li> +<li><code>SAMEORIGIN</code></li> +<li><code>ALLOW-FROM uri</code></li> +</ul> + +<h2>Setting up X-Content-Type-Options Header</h2> + +<p>The HTTP X-Content-Type-Options response header helps to prevent MIME type sniffing attacks. It directs the browser to honor the type specified in the Content-Type header, rather than trying to determine the type from the content itself. The default value <code>nosniff</code> is really the only meaningful value. This header is supported on all browsers except Safari and Safari on iOS.</p> + +<p>The below property to set X-Content-Type-Options header is enabled with default value of "nosniff" in the zeppelin-site.xml</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.xcontent.type.options<span class="nt"></name></span> + <span class="nt"><value></span>nosniff<span class="nt"></value></span> + <span class="nt"><description></span>The HTTP X-Content-Type-Options response header helps to prevent MIME type sniffing attacks.<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<h2>Setting up Server Header</h2> + +<p>Security conscious organisations does not want to reveal the Application Server name and version to prevent finding this information easily by Attacker while fingerprinting the Application. The exact version number can tell an Attacker if the current Application Server is patched for or vulnerable to certain publicly known CVE associated to it.</p> + +<p>The below property to mask Jetty server version is enabled by default and configured with value of " " (one whitespace char) in the zeppelin-site.xml</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.jetty.name<span class="nt"></name></span> + <span class="nt"><value></span> <span class="nt"></value></span> + <span class="nt"><description></span>Hardcoding Application Server name to Prevent Fingerprinting<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> +<p>The value can be any "String". Removing this property from configuration will cause Zeppelin to send correct Jetty server version.</p> + +<p>Also, it can be removed the from response headers and from 300/400/500 HTTP response pages.</p> +<div class="highlight"><pre><code class="xml language-xml" data-lang="xml"><span class="nt"><property></span> + <span class="nt"><name></span>zeppelin.server.send.jetty.name<span class="nt"></name></span> + <span class="nt"><value></span>false<span class="nt"></value></span> + <span class="nt"><description></span>If set to false, will not show the Jetty version to prevent Fingerprinting<span class="nt"></description></span> +<span class="nt"></property></span> +</code></pre></div> + </div> +</div> + + + <hr> + <footer> + <!-- <p>© 2020 The Apache Software Foundation</p>--> + </footer> + </div> + + + + + <script type="text/javascript"> + (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ + (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), + m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) + })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); + + ga('create', 'UA-45176241-5', 'zeppelin.apache.org'); + ga('require', 'linkid', 'linkid.js'); + ga('send', 'pageview'); + +</script> + + + + </body> +</html> +
