From 6c99111bdd39e1c76817c9f0fb3a37a9b17bd998 Mon Sep 17 00:00:00 2001
From: root <root@worker8.nflabs.com>
Date: Mon, 20 Jun 2016 15:21:45 +0900
Subject: [PATCH 1/5] add initSecurityManager method.

---
 .../java/org/apache/zeppelin/server/ZeppelinServer.java  | 2 ++
 .../java/org/apache/zeppelin/utils/SecurityUtils.java    | 9 +++++++++
 2 files changed, 11 insertions(+)

diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
index 7412611532b..a8ae82b63f7 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
@@ -32,6 +32,7 @@
 import org.apache.zeppelin.search.SearchService;
 import org.apache.zeppelin.socket.NotebookServer;
 import org.apache.zeppelin.user.Credentials;
+import org.apache.zeppelin.utils.SecurityUtils;
 import org.eclipse.jetty.http.HttpVersion;
 import org.eclipse.jetty.server.*;
 import org.eclipse.jetty.server.handler.ContextHandlerCollection;
@@ -238,6 +239,7 @@ private static void setupRestApiContextHandler(WebAppContext webapp,
     webapp.setInitParameter("shiroConfigLocations",
         new File(conf.getShiroPath()).toURI().toString());
 
+    SecurityUtils.initSecurityManager();
     webapp.addFilter(org.apache.shiro.web.servlet.ShiroFilter.class, "/api/*",
         EnumSet.allOf(DispatcherType.class));
 
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index 4de45731a76..b9cda7c4a9f 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -21,6 +21,9 @@
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.config.Ini;
+import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.zeppelin.conf.ZeppelinConfiguration;
 
 import java.net.InetAddress;
@@ -34,6 +37,12 @@
  */
 public class SecurityUtils {
 
+  public static void initSecurityManager() {
+    IniSecurityManagerFactory factory = new IniSecurityManagerFactory();
+    SecurityManager securityManager = factory.getInstance();
+    org.apache.shiro.SecurityUtils.setSecurityManager( securityManager );
+  }
+
   public static Boolean isValidOrigin(String sourceHost, ZeppelinConfiguration conf)
       throws UnknownHostException, URISyntaxException {
     if (sourceHost == null || sourceHost.isEmpty()) {

From 13a6139b1714a32718b5fa36cc3c6d8fad2ca435 Mon Sep 17 00:00:00 2001
From: astroshim <hsshim.nflabs.com>
Date: Mon, 20 Jun 2016 16:45:33 +0900
Subject: [PATCH 2/5] add shiro-config-core

---
 pom.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/pom.xml b/pom.xml
index 0d4abc5e63c..f52be482f3d 100755
--- a/pom.xml
+++ b/pom.xml
@@ -211,6 +211,10 @@
         <artifactId>shiro-web</artifactId>
         <version>1.2.3</version>
       </dependency>
+      <dependency>
+        <groupId>org.apache.shiro</groupId>
+        <artifactId>shiro-config-core</artifactId>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 

From 5a2b26829681f41ceae54ab7b4d90fea7df9e8ba Mon Sep 17 00:00:00 2001
From: astroshim <hsshim.nflabs.com>
Date: Mon, 20 Jun 2016 17:08:49 +0900
Subject: [PATCH 3/5] add shiro ini to SecurityManager.

---
 .../main/java/org/apache/zeppelin/server/ZeppelinServer.java  | 2 +-
 .../main/java/org/apache/zeppelin/utils/SecurityUtils.java    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
index a8ae82b63f7..0ff0dc6ac63 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
@@ -239,7 +239,7 @@ private static void setupRestApiContextHandler(WebAppContext webapp,
     webapp.setInitParameter("shiroConfigLocations",
         new File(conf.getShiroPath()).toURI().toString());
 
-    SecurityUtils.initSecurityManager();
+    SecurityUtils.initSecurityManager(conf.getShiroPath());
     webapp.addFilter(org.apache.shiro.web.servlet.ShiroFilter.class, "/api/*",
         EnumSet.allOf(DispatcherType.class));
 
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index b9cda7c4a9f..01977437055 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -37,8 +37,8 @@
  */
 public class SecurityUtils {
 
-  public static void initSecurityManager() {
-    IniSecurityManagerFactory factory = new IniSecurityManagerFactory();
+  public static void initSecurityManager(String shiroPath) {
+    IniSecurityManagerFactory factory = new IniSecurityManagerFactory("file:" + shiroPath);
     SecurityManager securityManager = factory.getInstance();
     org.apache.shiro.SecurityUtils.setSecurityManager( securityManager );
   }

From 8eeb1bf030d5c1804d687b94ebb216345253eaea Mon Sep 17 00:00:00 2001
From: astroshim <hsshim.nflabs.com>
Date: Mon, 20 Jun 2016 17:32:42 +0900
Subject: [PATCH 4/5] update version of shiro config module.

---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index f52be482f3d..805d258a350 100755
--- a/pom.xml
+++ b/pom.xml
@@ -214,6 +214,7 @@
       <dependency>
         <groupId>org.apache.shiro</groupId>
         <artifactId>shiro-config-core</artifactId>
+        <version>1.2.3</version>
       </dependency>
     </dependencies>
   </dependencyManagement>

From eb801037ab8a39616c3b6c67389ab1acf8f1ba5b Mon Sep 17 00:00:00 2001
From: astroshim <hsshim.nflabs.com>
Date: Tue, 21 Jun 2016 08:43:44 +0900
Subject: [PATCH 5/5] remove importing Ini and spaces

---
 .../src/main/java/org/apache/zeppelin/utils/SecurityUtils.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index 01977437055..f9e5929a882 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -22,7 +22,6 @@
 import org.apache.shiro.util.ThreadContext;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.apache.shiro.mgt.SecurityManager;
-import org.apache.shiro.config.Ini;
 import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.zeppelin.conf.ZeppelinConfiguration;
 
@@ -40,7 +39,7 @@ public class SecurityUtils {
   public static void initSecurityManager(String shiroPath) {
     IniSecurityManagerFactory factory = new IniSecurityManagerFactory("file:" + shiroPath);
     SecurityManager securityManager = factory.getInstance();
-    org.apache.shiro.SecurityUtils.setSecurityManager( securityManager );
+    org.apache.shiro.SecurityUtils.setSecurityManager(securityManager);
   }
 
   public static Boolean isValidOrigin(String sourceHost, ZeppelinConfiguration conf)