[ZEPPELIN-3741] Do not clear "Authorization" header if Z-server is running behind proxy#3155
Closed
prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
Closed
[ZEPPELIN-3741] Do not clear "Authorization" header if Z-server is running behind proxy#3155prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
prabhjyotsingh wants to merge 3 commits intoapache:masterfrom
Conversation
prabhjyotsingh
force-pushed
the
ZEPPELIN-3741
branch
2 times, most recently
from
5597440 to
792c518
Compare
Contributor
Author
|
@zjffdu @felixcheung @r-kamath can you help review this. I've tested this on latest versions of Chrome (Mac), Firefox (Mac), Edge (Windows 10). |
…ning behind proxy Change-Id: I6ff2e58026dd744821e9c5ccaf8fd0658cf610bd
prabhjyotsingh
force-pushed
the
ZEPPELIN-3741
branch
from
2a94774 to
832ef04
Compare
zjffdu
reviewed
Aug 21, 2018
| ZEPPELIN_SERVER_XFRAME_OPTIONS("zeppelin.server.xframe.options", "SAMEORIGIN"), | ||
| ZEPPELIN_SERVER_JETTY_NAME("zeppelin.server.jetty.name", null), | ||
| ZEPPELIN_SERVER_JETTY_REQUEST_HEADER_SIZE("zeppelin.server.jetty.request.header.size", 8192), | ||
| ZEPPELIN_SERVER_CLEAR_AUTHORIZATION_HEADER("zeppelin.server.clear.authorization.header", true), |
Contributor
There was a problem hiding this comment.
I think it is better to be named as zeppelin.server.authorization.header.clear
Change-Id: Ibf5694fc6700687e348b6d6fb68784da4eb3fc69
Change-Id: Ia5d234286f45369c05dbeb1384312189f934b5ea
Contributor
Author
|
Will merge this to master if no more discussion. |
felixcheung
approved these changes
Aug 22, 2018
prabhjyotsingh
added a commit
to prabhjyotsingh/zeppelin
that referenced
this pull request
Apr 29, 2019
…server is running behind proxy There can be a case where Zeppelin-Sever is running as Form-Based-Authentication, however, it can be running behind a proxy which may be requiring Authorization header. The idea of this PR is to not clear that header when it behind a proxy and control it with config. [Bug Fix] * [x] - Add documentaion * [ZEPPELIN-3741](https://issues.apache.org/jira/browse/ZEPPELIN-3741) * Configure Nginx to run with `auth_basic` option * Start Zeppelin server behind a proxy server like Nginx * Make sure that `shiro.ini` is configured to run with `/** = authc` * In `zeppelin-site.xml` configure `zeppelin.server.authorization.header.clear` as `false` Now on logout from Zeppelin-Server should not clear *Authorization* header of Nginx * Does the licenses files need update? N/A * Is there breaking changes for older versions? N/A * Does this needs documentation? Yes Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes apache#3155 from prabhjyotsingh/ZEPPELIN-3741 and squashes the following commits: d95fc32 [Prabhjyot Singh] add documentation 54daaca [Prabhjyot Singh] rename variable to "zeppelin.server.authorization.header.clear" 832ef04 [Prabhjyot Singh] ZEPPELIN-3741: Do not clear "Authorization" header if Z-server is running behind proxy Change-Id: I8c504e170b576570dbb888160946a2c477d7928e
prabhjyotsingh
added a commit
to prabhjyotsingh/zeppelin
that referenced
this pull request
Sep 5, 2019
…server is running behind proxy There can be a case where Zeppelin-Sever is running as Form-Based-Authentication, however, it can be running behind a proxy which may be requiring Authorization header. The idea of this PR is to not clear that header when it behind a proxy and control it with config. [Bug Fix] * [x] - Add documentaion * [ZEPPELIN-3741](https://issues.apache.org/jira/browse/ZEPPELIN-3741) * Configure Nginx to run with `auth_basic` option * Start Zeppelin server behind a proxy server like Nginx * Make sure that `shiro.ini` is configured to run with `/** = authc` * In `zeppelin-site.xml` configure `zeppelin.server.authorization.header.clear` as `false` Now on logout from Zeppelin-Server should not clear *Authorization* header of Nginx * Does the licenses files need update? N/A * Is there breaking changes for older versions? N/A * Does this needs documentation? Yes Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes apache#3155 from prabhjyotsingh/ZEPPELIN-3741 and squashes the following commits: d95fc32 [Prabhjyot Singh] add documentation 54daaca [Prabhjyot Singh] rename variable to "zeppelin.server.authorization.header.clear" 832ef04 [Prabhjyot Singh] ZEPPELIN-3741: Do not clear "Authorization" header if Z-server is running behind proxy Change-Id: I8c504e170b576570dbb888160946a2c477d7928e # Conflicts: # HDP-CHANGES.txt
prabhjyotsingh
added a commit
to prabhjyotsingh/zeppelin
that referenced
this pull request
Mar 2, 2022
…server is running behind proxy There can be a case where Zeppelin-Sever is running as Form-Based-Authentication, however, it can be running behind a proxy which may be requiring Authorization header. The idea of this PR is to not clear that header when it behind a proxy and control it with config. [Bug Fix] * [x] - Add documentaion * [ZEPPELIN-3741](https://issues.apache.org/jira/browse/ZEPPELIN-3741) * Configure Nginx to run with `auth_basic` option * Start Zeppelin server behind a proxy server like Nginx * Make sure that `shiro.ini` is configured to run with `/** = authc` * In `zeppelin-site.xml` configure `zeppelin.server.authorization.header.clear` as `false` Now on logout from Zeppelin-Server should not clear *Authorization* header of Nginx * Does the licenses files need update? N/A * Is there breaking changes for older versions? N/A * Does this needs documentation? Yes Author: Prabhjyot Singh <prabhjyotsingh@gmail.com> Closes apache#3155 from prabhjyotsingh/ZEPPELIN-3741 and squashes the following commits: d95fc32 [Prabhjyot Singh] add documentation 54daaca [Prabhjyot Singh] rename variable to "zeppelin.server.authorization.header.clear" 832ef04 [Prabhjyot Singh] ZEPPELIN-3741: Do not clear "Authorization" header if Z-server is running behind proxy Change-Id: I8c504e170b576570dbb888160946a2c477d7928e # Conflicts: # HDP-CHANGES.txt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this PR for?
There can be a case where Zeppelin-Sever is running as Form-Based-Authentication, however, it can be running behind a proxy which may be requiring Authorization header.
The idea of this PR is to not clear that header when it behind a proxy and control it with config.
What type of PR is it?
[Bug Fix]
Todos
What is the Jira issue?
How should this be tested?
auth_basicoptionshiro.iniis configured to run with/** = authczeppelin-site.xmlconfigurezeppelin.server.authorization.header.clearasfalseNow on logout from Zeppelin-Server should not clear Authorization header of Nginx
Questions: