From d908da95a63b7bcf4ff7861afc883552649df7e2 Mon Sep 17 00:00:00 2001 From: AhyoungRyu Date: Sun, 1 Jan 2017 16:50:58 +0900 Subject: [PATCH] Remove outdated 'Security Setup' section in SECURITY-README --- SECURITY-README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/SECURITY-README.md b/SECURITY-README.md index 4a6ca9493fe..9ca18f05e80 100644 --- a/SECURITY-README.md +++ b/SECURITY-README.md @@ -16,12 +16,7 @@ limitations under the License. To connect to Zeppelin, users will be asked to enter their credentials. Once logged, a user has access to all notes including other users notes. This a a first step toward full security as implemented by this pull request (https://github.com/apache/zeppelin/pull/53). -# Security setup -1. Secure the HTTP channel: Comment the line "/** = anon" and uncomment the line "/** = authc" in the file conf/shiro.ini. Read more about he shiro.ini file format at the following URL http://shiro.apache.org/configuration.html#Configuration-INISections. -2. Secure the Websocket channel : Set to property "zeppelin.anonymous.allowed" to "false" in the file conf/zeppelin-site.xml. You can start by renaming conf/zeppelin-site.xml.template to conf/zeppelin-site.xml -3. Start Zeppelin : bin/zeppelin.sh -4. point your browser to http://localhost:8080 -5. Login using one of the user/password combinations defined in the conf/shiro.ini file. +Please check [Shiro authentication in Apache Zeppelin](https://zeppelin.apache.org/docs/snapshot/security/shiroauthentication.html) in our official website for more detailed information(e.g. [How to setup](https://zeppelin.apache.org/docs/0.7.0-SNAPSHOT/security/shiroauthentication.html#security-setup), [How to configure user groups and permissions](https://zeppelin.apache.org/docs/snapshot/security/shiroauthentication.html#groups-and-permissions-optional), etc) # Implementation notes ## Vocabulary