Repository: zeppelin Updated Branches: refs/heads/branch-0.7 4803f8ffb -> a6e33e136
[ZEPPELIN-2468] Enable websocket without Origin if allowed.origins is * Change-Id: Iaad10a69983036e84b766a22fbc32113b926b60d ### What is this PR for? With ZEPPELIN-2288 we restored the check of the Origin field for websocket requests. Unfortunately the current implementation will deny the request if the Origin HTTP header is empty, even if the zeppelin.server.allowed.origins is * This patch enables websocket requests without Origin in the HTTP header if the zeppelin.server.allowed.origins=*. This fixes the work behind a restrictive reverse proxy (or behind Apache Knox) ### What type of PR is it? Bug Fix ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-2468 ### How should this be tested? It could be tested with curl as described in ZEPPELIN-2288, but I added additional unit test, so the change has been covered on unit test level. ### Screenshots (if appropriate) N/A ### Questions: * Does the licenses files need update? NO * Is there breaking changes for older versions? NO * Does this needs documentation? NO Author: Elek, Márton <[email protected]> Closes #2299 from elek/ZEPPELIN-2468 and squashes the following commits: d95bb41 [Elek, Márton] [ZEPPELIN-2468] Enable websocket without Origin if allowed.origins is * (cherry picked from commit 73ae291b0553789fbf00980aa8f283d8570e9e1b) Signed-off-by: Lee moon soo <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/a6e33e13 Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/a6e33e13 Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/a6e33e13 Branch: refs/heads/branch-0.7 Commit: a6e33e1362217b0936aa0d3f1906bad7b99de886 Parents: 4803f8f Author: Elek, Márton <[email protected]> Authored: Fri Apr 28 14:46:10 2017 +0200 Committer: Lee moon soo <[email protected]> Committed: Wed May 3 10:58:28 2017 -0400 ---------------------------------------------------------------------- .../java/org/apache/zeppelin/utils/SecurityUtils.java | 10 ++++++---- .../org/apache/zeppelin/security/SecurityUtilsTest.java | 6 ++++++ 2 files changed, 12 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/zeppelin/blob/a6e33e13/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java index 6385a63..dcb5a1f 100644 --- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java +++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java @@ -60,11 +60,13 @@ public class SecurityUtils { public static Boolean isValidOrigin(String sourceHost, ZeppelinConfiguration conf) throws UnknownHostException, URISyntaxException { - if (sourceHost == null || sourceHost.isEmpty()) { - return false; + + String sourceUriHost = ""; + + if (sourceHost != null && !sourceHost.isEmpty()) { + sourceUriHost = new URI(sourceHost).getHost(); + sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase(); } - String sourceUriHost = new URI(sourceHost).getHost(); - sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase(); sourceUriHost = sourceUriHost.toLowerCase(); String currentHost = InetAddress.getLocalHost().getHostName().toLowerCase(); http://git-wip-us.apache.org/repos/asf/zeppelin/blob/a6e33e13/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java ---------------------------------------------------------------------- diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java index 0100bb7..9d902c8 100644 --- a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java +++ b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java @@ -71,6 +71,12 @@ public class SecurityUtilsTest { } @Test + public void nullOriginWithStar() throws URISyntaxException, UnknownHostException, ConfigurationException { + assertTrue(SecurityUtils.isValidOrigin(null, + new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site-star.xml")))); + } + + @Test public void emptyOrigin() throws URISyntaxException, UnknownHostException, ConfigurationException { assertFalse(SecurityUtils.isValidOrigin("", new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site.xml"))));
