mirror of
https://github.com/apache/zeppelin
synced 2026-05-24 09:38:26 +00:00
Add simple check for ws before switching ws client to watcher, client should provide a header X-Watcher-Key with a valid key (generated at runtime), if key invalid client wont be accepted
This commit is contained in:
parent
e25ea1e5d4
commit
e2d3053a95
1 changed files with 7 additions and 0 deletions
|
|
@ -65,6 +65,7 @@ import org.apache.zeppelin.server.ZeppelinServer;
|
|||
import org.apache.zeppelin.ticket.TicketContainer;
|
||||
import org.apache.zeppelin.types.InterpreterSettingsList;
|
||||
import org.apache.zeppelin.user.AuthenticationInfo;
|
||||
import org.apache.zeppelin.util.WatcherSecurityKey;
|
||||
import org.apache.zeppelin.utils.InterpreterBindingUtils;
|
||||
import org.apache.zeppelin.utils.SecurityUtils;
|
||||
import org.eclipse.jetty.websocket.servlet.WebSocketServlet;
|
||||
|
|
@ -1795,6 +1796,12 @@ public class NotebookServer extends WebSocketServlet implements
|
|||
LOG.info("connection alrerady present in the watcher");
|
||||
return;
|
||||
}
|
||||
String watcherSecurityKey = conn.getRequest().getHeader(WatcherSecurityKey.HTTP_HEADER);
|
||||
if (StringUtils.isBlank(watcherSecurityKey) ||
|
||||
!watcherSecurityKey.equals(WatcherSecurityKey.getKey())) {
|
||||
LOG.error("Cannot switch this client to watcher, invalid security key");
|
||||
return;
|
||||
}
|
||||
watcherSockets.add(conn);
|
||||
|
||||
// remove this connection from regular zeppelin ws usage.
|
||||
|
|
|
|||
Loading…
Reference in a new issue