Apache Zeppelin Component Guide
Also available as:

shiro.ini Example

The following example shows a minimum set of shiro.ini settings for authentication and access control, for a Zeppelin deployment that uses Active Directory.

Prerequisite: corresponding account information is configured in Active Directory (at adhost.field.hortonworks.com, in this example) and on Zeppelin nodes.

# AD authentication settings
activeDirectoryRealm = org.apache.zeppelin.realm.ActiveDirectoryGroupRealm 
activeDirectoryRealm.url = ldap://adhost.org.hortonworks.com:389 
activeDirectoryRealm.searchBase = DC=org,DC=hortonworks,DC=com 

# general settings
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager 
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager 
securityManager.cacheManager = $cacheManager 
securityManager.sessionManager = $sessionManager 
securityManager.sessionManager.globalSessionTimeout = 86400000
shiro.loginUrl = /api/login

admin = *

# authentication method and access control filters
/api/version = anon
/api/interpreter/** = authc, roles[admin]
/api/configurations/** = authc, roles[admin]
/api/credential/** = authc, roles[admin]
#/** = anon
/** = authc