shiro.ini optional input

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

shiro.ini optional input

cronoik

Hello everyone,

we have a multiuser environment with isolated instantiated interpreters and we don't want to allow our users to restart the interpreter globally for everyone. Therefore we defined in our shiro.ini:

/api/interpreter/** = authc,roles[sudo]

to only allow users who are part of the sudo group to access the interpreter site.

This causes an issue as users who aren't a part of the sudo group can't restart their interpreters from the interpreter binding menu within a notebok anymore. According to the documentation [1] both actions have the same url, but the button from the interpreter binding menu sends the optional json input. Is there a way to block the interpreter menu but to allow the interpreter restart from the interpreter binding menu?

Currently we use the following additional line as a workaround but it is still possible to send POST request directly to restart all interpreters:

/api/interpreter/setting/restart/** = authc 

[1] https://zeppelin.apache.org/docs/0.8.0/usage/rest_api/interpreter.html#restart-an-interpreter

-- 
Best regards
cronoik