Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-3405

Zeppelin fails to display the User home page if user belongs to roles with space in its name.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.7.3
    • 0.8.0
    • zeppelin-server
    • None

    Description

      If user belongs to a role which has a space in its name, zeppelin will not display the User home page correctly and doesnt allow to create any new notebooks. This issue can be recreated in Lab with HDP2.6.3.

      Zeppelin log has below error where user logs in to zeppelin UI.

      DEBUG [2018-04-09 16:58:19,550] ({qtp1585635178-22} NotebookServer.java[onMessage]:167) - RECEIVE << PING
      DEBUG [2018-04-09 16:58:19,550] ({qtp1585635178-22} NotebookServer.java[onMessage]:168) - RECEIVE PRINCIPAL << rantest
      DEBUG [2018-04-09 16:58:19,550] ({qtp1585635178-22} NotebookServer.java[onMessage]:169) - RECEIVE TICKET << 94fece79-edc6-4aff-8e83-dc97b80c323c
      DEBUG [2018-04-09 16:58:19,550] ({qtp1585635178-22} NotebookServer.java[onMessage]:170) - RECEIVE ROLES << [admin, nestgroup, Remote hadoop users]
      ERROR [2018-04-09 16:58:19,552] ({qtp1585635178-22} NotebookServer.java[onMessage]:358) - Can't handle message
      com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Unterminated array at line 1 column 25
      at com.google.gson.Gson.fromJson(Gson.java:805)
      at com.google.gson.Gson.fromJson(Gson.java:757)
      

      From HDP2.6.3, it looks that all the AD groups user belongs to are mapped as role to user with same name.

      In this case user belongs to a group "Remote hadoop users" which has space and now mapping user to the role with same name results in "com.google.gson.stream.MalformedJsonException".

      This can also be recreated if role name with space is defined in shiro.ini.

      *Workaround *
      Currently workaround is to disallow zeppelin to map the user to AD groups with same role names by defining it in shiro.ini as below.

      ldapRealm.rolesByGroup = "hadoop_admin":admin,"Remote hadoop users":remote_hadoop_users 
      

      Or change the AD group names to have no spaces or any special characters.

      This workaround might not be feasible in many customer environment, If there are multiple groups that are required to be defined in shiro.ini.

      This issue can happen even with any group names with any special characters besides space.

       

      This issue occurs only if "org.apache.zeppelin.realm.LdapRealm" is used for ldap authentication, realm "org.apache.zeppelin.realm.ActiveDirectoryGroupRealm"  doesnt have this issue. 

      Attachments

        1. UserHome page doesnt show any existing notebooks.png
          106 kB
          Raghavender Rao Guruvannagari
        2. DebugLog with RoleName map.png
          150 kB
          Raghavender Rao Guruvannagari
        3. Create Notebook shows no interpreter in drop down.png
          87 kB
          Raghavender Rao Guruvannagari

        Activity

          People

            rkamath Renjith Kamath
            rguruvannagari Raghavender Rao Guruvannagari
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: