zeppelin-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@apache.org
Subject zeppelin git commit: [ZEPPELIN-2468] Enable websocket without Origin if allowed.origins is *
Date Wed, 03 May 2017 14:58:22 GMT
Repository: zeppelin
Updated Branches:
  refs/heads/master 2a06292c1 -> 73ae291b0


[ZEPPELIN-2468] Enable websocket without Origin if allowed.origins is *

Change-Id: Iaad10a69983036e84b766a22fbc32113b926b60d

### What is this PR for?
With ZEPPELIN-2288 we restored the check of the Origin field for websocket requests.

Unfortunately the current implementation will deny the request if the Origin HTTP header is
empty, even if the zeppelin.server.allowed.origins is *

This patch enables websocket requests without Origin in the HTTP header if the zeppelin.server.allowed.origins=*.
This fixes the work behind a restrictive reverse proxy (or behind Apache Knox)

### What type of PR is it?
Bug Fix

### What is the Jira issue?
https://issues.apache.org/jira/browse/ZEPPELIN-2468

### How should this be tested?

It could be tested with curl as described in ZEPPELIN-2288, but I added additional unit test,
so the change has been covered on unit test level.

### Screenshots (if appropriate)
N/A

### Questions:
* Does the licenses files need update? NO
* Is there breaking changes for older versions? NO
* Does this needs documentation? NO

Author: Elek, Márton <elek@users.noreply.github.com>

Closes #2299 from elek/ZEPPELIN-2468 and squashes the following commits:

d95bb41 [Elek, Márton] [ZEPPELIN-2468] Enable websocket without Origin if allowed.origins
is *


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/73ae291b
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/73ae291b
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/73ae291b

Branch: refs/heads/master
Commit: 73ae291b0553789fbf00980aa8f283d8570e9e1b
Parents: 2a06292
Author: Elek, Márton <elek@users.noreply.github.com>
Authored: Fri Apr 28 14:46:10 2017 +0200
Committer: Lee moon soo <moon@apache.org>
Committed: Wed May 3 10:58:18 2017 -0400

----------------------------------------------------------------------
 .../java/org/apache/zeppelin/utils/SecurityUtils.java     | 10 ++++++----
 .../org/apache/zeppelin/security/SecurityUtilsTest.java   |  6 ++++++
 2 files changed, 12 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/73ae291b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index 6385a63..dcb5a1f 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -60,11 +60,13 @@ public class SecurityUtils {
 
   public static Boolean isValidOrigin(String sourceHost, ZeppelinConfiguration conf)
       throws UnknownHostException, URISyntaxException {
-    if (sourceHost == null || sourceHost.isEmpty()) {
-      return false;
+
+    String sourceUriHost = "";
+
+    if (sourceHost != null && !sourceHost.isEmpty()) {
+      sourceUriHost = new URI(sourceHost).getHost();
+      sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase();
     }
-    String sourceUriHost = new URI(sourceHost).getHost();
-    sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase();
 
     sourceUriHost = sourceUriHost.toLowerCase();
     String currentHost = InetAddress.getLocalHost().getHostName().toLowerCase();

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/73ae291b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
----------------------------------------------------------------------
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
index 0100bb7..9d902c8 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
@@ -71,6 +71,12 @@ public class SecurityUtilsTest {
   }
 
   @Test
+  public void nullOriginWithStar() throws URISyntaxException, UnknownHostException, ConfigurationException
{
+    assertTrue(SecurityUtils.isValidOrigin(null,
+        new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site-star.xml"))));
+  }
+
+  @Test
   public void emptyOrigin() throws URISyntaxException, UnknownHostException, ConfigurationException
{
     assertFalse(SecurityUtils.isValidOrigin("",
           new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site.xml"))));


Mime
View raw message