Add simple check for ws before switching ws client to watcher, client should provide a header X-Watcher-Key with a valid key (generated at runtime), if key invalid client wont be accepted

This commit is contained in:
Anthony Corbacho 2016-11-03 16:41:13 +09:00
parent e25ea1e5d4
commit e2d3053a95

View file

@ -65,6 +65,7 @@ import org.apache.zeppelin.server.ZeppelinServer;
import org.apache.zeppelin.ticket.TicketContainer;
import org.apache.zeppelin.types.InterpreterSettingsList;
import org.apache.zeppelin.user.AuthenticationInfo;
import org.apache.zeppelin.util.WatcherSecurityKey;
import org.apache.zeppelin.utils.InterpreterBindingUtils;
import org.apache.zeppelin.utils.SecurityUtils;
import org.eclipse.jetty.websocket.servlet.WebSocketServlet;
@ -1795,6 +1796,12 @@ public class NotebookServer extends WebSocketServlet implements
LOG.info("connection alrerady present in the watcher");
return;
}
String watcherSecurityKey = conn.getRequest().getHeader(WatcherSecurityKey.HTTP_HEADER);
if (StringUtils.isBlank(watcherSecurityKey) ||
!watcherSecurityKey.equals(WatcherSecurityKey.getKey())) {
LOG.error("Cannot switch this client to watcher, invalid security key");
return;
}
watcherSockets.add(conn);
// remove this connection from regular zeppelin ws usage.