我正在尝试使用ldap组和角色配置的齐柏林飞艇0.8.0。 我按照页面https://zeppelin.apache.org/docs/0.8.0/setup/security/shiro_authentication.html#ldap上的说明进行配置,以将Zeppelin配置为与ldap集成。
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://xxx.xxx.xxx:389
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername = xxxxx
ldapRealm.contextFactory.systemPassword = xxxxx
ldapRealm.searchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchScope = subtree
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0}))
ldapRealm.groupSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute=member
ldapRealm.groupSearchScope = subtree
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = Global-VPN: user_role, SWC_SAS: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role,user_role
ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = *
启动Zeppelin服务器时,日志中出现以下错误。知道我哪里出问题了吗?
org.apache.shiro.config.ConfigurationException: Map property value [user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = *] contained key-value pair token [user_role = *:ToDoItemsJdo:*:*] that does not properly split to a single key and pair. This must be the case for all map entries.
at org.apache.shiro.config.ReflectionBuilder.toMap(ReflectionBuilder.java:473)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:705)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.shiro.web.env.IniWebEnvironment.createWebSecurityManager(IniWebEnvironment.java:203)
at org.apache.shiro.web.env.IniWebEnvironment.configure(IniWebEnvironment.java:99)
at org.apache.shiro.web.env.IniWebEnvironment.init(IniWebEnvironment.java:92)
at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:45)
at org.apache.shiro.util.LifecycleUtils.init(LifecycleUtils.java:40)
at org.apache.shiro.web.env.EnvironmentLoader.createEnvironment(EnvironmentLoader.java:221)
at org.apache.shiro.web.env.EnvironmentLoader.initEnvironment(EnvironmentLoader.java:133)
at org.apache.shiro.web.env.EnvironmentLoaderListener.contextInitialized(EnvironmentLoaderListener.java:58)
at org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:800)
at org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:444)
at org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:791)
at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349)
at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342)
at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:163)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at org.apache.zeppelin.server.ZeppelinServer.main(ZeppelinServer.java:215)
答案 0 :(得分:2)
阅读org.apache.shiro.config.ReflectionBuilder.toMap的源代码后,我可以使用它。配置项ldapRealm.permissionsByRole= user_role = *:ToDoItemsJdo:*:*, *:ToDoItem:*:*; admin_role = *
文档提供的错误。
我只是发布我的工作配置以供参考。
ldapRealm = org.apache.zeppelin.realm.LdapRealm
ldapRealm.contextFactory.url = ldap://xxxxxx:389
ldapRealm.contextFactory.authenticationMechanism = simple
ldapRealm.contextFactory.systemUsername = xxxxxxx
ldapRealm.contextFactory.systemPassword = xxxxxx
ldapRealm.searchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchBase = DC=fareast,DC=nevint,DC=com
ldapRealm.userSearchScope = subtree
ldapRealm.userSearchAttributeName = sAMAccountName
ldapRealm.userSearchFilter = (&(objectclass=person)(sAMAccountName={0}))
ldapRealm.authorizationEnabled = true
ldapRealm.groupSearchBase = OU=Group,OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupObjectClass = group
ldapRealm.memberAttribute=member
ldapRealm.groupSearchScope = subtree
ldapRealm.groupSearchFilter = (&(objectclass=group)(member={0}))
ldapRealm.memberAttributeValueTemplate=CN={0},OU=China,DC=fareast,DC=nevint,DC=com
ldapRealm.groupSearchEnableMatchingRuleInChain = true
ldapRealm.rolesByGroup = Global-VPN: user_role, Zeppelin_Admin: admin_role
ldapRealm.allowedRolesForAuthentication = admin_role,user_role
ldapRealm.permissionsByRole= user_role:"*:ToDoItemsJdo:*:*, *:ToDoItem:*:*", admin_role:"*"