齐柏林飞艇0.8.0 ldap组和角色配置
我正在使用ldap组和角色配置尝试zeppelin 0.8.0。 我按照页面上的说明将齐柏林飞艇配置为与ldap集成齐柏林飞艇0.8.0 ldap组和角色配置,ldap,shiro,apache-zeppelin,Ldap,Shiro,Apache Zeppelin,我正在使用ldap组和角色配置尝试zeppelin 0.8.0。 我按照页面上的说明将齐柏林飞艇配置为与ldap集成 ldapRealm = org.apache.zeppelin.realm.LdapRealm ldapRealm.contextFactory.url = ldap://xxx.xxx.xxx:389 ldapRealm.contextFactory.authenticationMechanism = simple ldapRealm.contextFactory.system
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://xxx.xxx.xxx:389
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername = xxxxx
ldapRealm.contextFactory.systemPassword = xxxxx
ldapRealm.searchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchScope = subtree
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0}))
ldapRealm.groupSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute=member
ldapRealm.groupSearchScope = subtree
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = Global-VPN: user_role, SWC_SAS: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role,user_role
ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = *
org.apache.shiro.config.ConfigurationException: Map property value [user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = *] contained key-value pair token [user_role = *:ToDoItemsJdo:*:*] that does not properly split to a single key and pair. This must be the case for all map entries.
at org.apache.shiro.config.ReflectionBuilder.toMap(ReflectionBuilder.java:473)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:705)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:800)
at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:444)
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:791)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:163)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.apache.zeppelin.server.ZeppelinServer.main(ZeppelinServer.java:215)
在阅读了org.apache.shiro.config.ReflectionBuilder.toMap的源代码后,我发现它可以正常工作。配置项
ldapRealm.permissionsByRole=user\u role=*:ToDoItemsJdo:*,*:ToDoItem:*;管理员角色=*ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://xxxxxx:389
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername = xxxxxxx
ldapRealm.contextFactory.systemPassword = xxxxxx
ldapRealm.searchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchScope = subtree
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0}))
ldapRealm.authorizationEnabled = true
ldapRealm.groupSearchBase = OU=Group,OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute=member
ldapRealm.groupSearchScope = subtree
ldapRealm.groupSearchFilter = (&(objectclass=group)(member={0}))
ldapRealm.memberAttributeValueTemplate=CN={0},OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = Global-VPN: user_role, Zeppelin_Admin: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role,user_role
ldapRealm.permissionsByRole= user_role:"*:ToDoItemsJdo:*:*, *:ToDoItem:*:*", admin_role:"*"
在阅读了org.apache.shiro.config.ReflectionBuilder.toMap的源代码后,我发现它可以正常工作。配置项
ldapRealm.permissionsByRole=user\u role=*:ToDoItemsJdo:*,*:ToDoItem:*;管理员角色=*ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://xxxxxx:389
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername = xxxxxxx
ldapRealm.contextFactory.systemPassword = xxxxxx
ldapRealm.searchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchScope = subtree
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0}))
ldapRealm.authorizationEnabled = true
ldapRealm.groupSearchBase = OU=Group,OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute=member
ldapRealm.groupSearchScope = subtree
ldapRealm.groupSearchFilter = (&(objectclass=group)(member={0}))
ldapRealm.memberAttributeValueTemplate=CN={0},OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = Global-VPN: user_role, Zeppelin_Admin: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role,user_role
ldapRealm.permissionsByRole= user_role:"*:ToDoItemsJdo:*:*, *:ToDoItem:*:*", admin_role:"*"