Add interpreter, credential and configuration urls to shiro.ini

apache · Jul 8, 2016 · f2c6111 · f2c6111
1 parent 79dfd4c
commit f2c6111
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/conf/shiro.ini b/conf/shiro.ini
@@ -18,7 +18,7 @@
 [users]
 # List of users with their password allowed to access Zeppelin.
 # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
-admin = password1
+admin = password1, admin
 user1 = password2, role1, role2
 user2 = password3, role3
 user3 = password4, role2
@@ -60,10 +60,14 @@ role2 = *
 role3 = *
 
 [urls]
+# This section is used for url-based security.
+# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. 
 # anon means the access is anonymous.
-# authcBasic means Basic Auth Security
 # authc means Form based Auth Security
 # To enfore security, comment the line below and uncomment the next one
 /api/version = anon
+#/api/interpreter/** = authc, roles[admin]
+#/api/configurations/** = authc, roles[admin]
+#/api/credential/** = authc, roles[admin]
 /** = anon
 #/** = authc