From f2c6111cb85a624830266981471c943253ccbcb6 Mon Sep 17 00:00:00 2001
From: AhyoungRyu <fbdkdud93@hanmail.net>
Date: Fri, 10 Jun 2016 12:41:15 -0700
Subject: [PATCH] Add interpreter, credential and configuration urls to
 shiro.ini

---
 conf/shiro.ini | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/conf/shiro.ini b/conf/shiro.ini
index ced9776f6e0..0584709b3bb 100644
--- a/conf/shiro.ini
+++ b/conf/shiro.ini
@@ -18,7 +18,7 @@
 [users]
 # List of users with their password allowed to access Zeppelin.
 # To use a different strategy (LDAP / Database / ...) check the shiro doc at http://shiro.apache.org/configuration.html#Configuration-INISections
-admin = password1
+admin = password1, admin
 user1 = password2, role1, role2
 user2 = password3, role3
 user3 = password4, role2
@@ -60,10 +60,14 @@ role2 = *
 role3 = *
 
 [urls]
+# This section is used for url-based security.
+# You can secure interpreter, configuration and credential information by urls. Comment or uncomment the below urls that you want to hide. 
 # anon means the access is anonymous.
-# authcBasic means Basic Auth Security
 # authc means Form based Auth Security
 # To enfore security, comment the line below and uncomment the next one
 /api/version = anon
+#/api/interpreter/** = authc, roles[admin]
+#/api/configurations/** = authc, roles[admin]
+#/api/credential/** = authc, roles[admin]
 /** = anon
 #/** = authc