From d95bb41b66b243015576153257cd58fee20366ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Elek=2C=20M=C3=A1rton?= <elek@users.noreply.github.com>
Date: Fri, 28 Apr 2017 14:46:10 +0200
Subject: [PATCH] [ZEPPELIN-2468] Enable websocket without Origin if
 allowed.origins is *

Change-Id: Iaad10a69983036e84b766a22fbc32113b926b60d
---
 .../java/org/apache/zeppelin/utils/SecurityUtils.java  | 10 ++++++----
 .../apache/zeppelin/security/SecurityUtilsTest.java    |  6 ++++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
index 6385a630e0f..dcb5a1f339d 100644
--- a/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
+++ b/zeppelin-server/src/main/java/org/apache/zeppelin/utils/SecurityUtils.java
@@ -60,11 +60,13 @@ public static void initSecurityManager(String shiroPath) {
 
   public static Boolean isValidOrigin(String sourceHost, ZeppelinConfiguration conf)
       throws UnknownHostException, URISyntaxException {
-    if (sourceHost == null || sourceHost.isEmpty()) {
-      return false;
+
+    String sourceUriHost = "";
+
+    if (sourceHost != null && !sourceHost.isEmpty()) {
+      sourceUriHost = new URI(sourceHost).getHost();
+      sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase();
     }
-    String sourceUriHost = new URI(sourceHost).getHost();
-    sourceUriHost = (sourceUriHost == null) ? "" : sourceUriHost.toLowerCase();
 
     sourceUriHost = sourceUriHost.toLowerCase();
     String currentHost = InetAddress.getLocalHost().getHostName().toLowerCase();
diff --git a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
index 0100bb7b08e..9d902c8099a 100644
--- a/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
+++ b/zeppelin-server/src/test/java/org/apache/zeppelin/security/SecurityUtilsTest.java
@@ -70,6 +70,12 @@ public void nullOrigin() throws URISyntaxException, UnknownHostException, Config
           new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site.xml"))));
   }
 
+  @Test
+  public void nullOriginWithStar() throws URISyntaxException, UnknownHostException, ConfigurationException {
+    assertTrue(SecurityUtils.isValidOrigin(null,
+        new ZeppelinConfiguration(this.getClass().getResource("/zeppelin-site-star.xml"))));
+  }
+
   @Test
   public void emptyOrigin() throws URISyntaxException, UnknownHostException, ConfigurationException {
     assertFalse(SecurityUtils.isValidOrigin("",