I like the singleton approach but I dont agree with * by default as it makes Zeppelin vulnerable to the attacks. This is how I did it. I need to fix the merge.
#235

The reason support * and allowing * by default is, to keep the same behavior with the previous version.
We already seeing many people asking about connection problem in various environment.

Current origin autodetect routine

java.net.InetAddress.getLocalHost().getHostName().toLowerCase()

is not sufficient to cover many cases.

I think until Zeppelin gets better autodetect routine that covers most cases automatically, we need to support * and make it default. Otherwise people will keep asking and keep having trouble with configuring origin. Later when it covers most cases, we can deprecate * and then remove it finally.

Please consider this too.

I do don't get me wrong. But in this case it's equivalent of the door in a house. You want people to come in and out easily but you don't want all people to do it and hence the lock.
My prescription is to be safe by default then to not be and then have to tell everyone to change to a secure setting when an exploit happens which let me remind you this lets potentially some hacker to send code to run on your box as you from anywhere on the Internet. That is the danger of * vs an explicit list that you trust.

@djoelz I agree on improving security of Zeppelin.

However, many users uses Zeppelin behind the firewall. For them, forcing manual configuration of origin is just one more barrier to make Zeppelin up and running.

And until now, Zeppelin used to allow all by default. And people already build their infrastructure, deployment scripts with Zeppelin based on this behavior on docker, cloud services, etc. If default behavior is changing, all people need to change their stuff. that's what currently happening.

I can see your point that it's worth to bother people take care of security.

However, not making user experience trouble is also important. I'd like to see more smooth approach.
That's why i suggest "allow all by default" -> "improve autodetect" -> "deprecate wildcard" -> "remove allow all".

@Leemoonsoo Ok that seems like a good compromise. The only thing I would like to add is a link in the property summary that references the jira and mentions that if you use * you are vulnerable to it. Do you want me to merge your changes with mine? Who makes the fix?

@djoelz If you're okay, prefer to merge your patch. And that's good idea about mentioning risk of *.
Thanks for taking care of the security issues!

cool! I'm on it!

@Leemoonsoo Done! take a look at #235 and close this one if you sign off.