[ZEPPELIN-4586] Add option to avoid sending Jetty version on headers and on 300/400 pages

conf/zeppelin-site.xml.template

@@ -525,6 +525,14 @@
     <description>Hardcoding Application Server name to Prevent Fingerprinting</description>
 </property>
 
+<!--
+<property>
+    <name>zeppelin.server.send.jetty.name</name>
+    <value>false</value>
+    <description>If set to false, will not show the Jetty version to prevent Fingerprinting</description>
+</property>
+-->
+
 <!--
 <property>
     <name>zeppelin.server.jetty.request.header.size</name>

docs/setup/security/http_security_headers.md

@@ -121,4 +121,14 @@ The below property to mask Jetty server version is enabled by default and config
 </property>
 ```
 
-The value can be any "String". Removing this property from configuration will cause Zeppelin to send correct Jetty server version.
+The value can be any "String". Removing this property from configuration will cause Zeppelin to send correct Jetty server version.
+
+Also, it can be removed the from response headers and from 300/400/500 HTTP response pages.
+
+```xml
+<property>
+    <name>zeppelin.server.send.jetty.name</name>
+    <value>false</value>
+    <description>If set to false, will not show the Jetty version to prevent Fingerprinting</description>
+</property>
+```

zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java

@@ -668,6 +668,10 @@ public String getJettyName() {
     return getString(ConfVars.ZEPPELIN_SERVER_JETTY_NAME);
   }
 
+  public boolean sendJettyName() {
+    return getBoolean(ConfVars.ZEPPELIN_SERVER_SEND_JETTY_NAME);
+  }
+
   public Integer getJettyRequestHeaderSize() {
     return getInt(ConfVars.ZEPPELIN_SERVER_JETTY_REQUEST_HEADER_SIZE);
   }
@@ -955,6 +959,7 @@ public enum ConfVars {
     ZEPPELIN_SERVER_DEFAULT_DIR_ALLOWED("zeppelin.server.default.dir.allowed", false),
     ZEPPELIN_SERVER_XFRAME_OPTIONS("zeppelin.server.xframe.options", "SAMEORIGIN"),
     ZEPPELIN_SERVER_JETTY_NAME("zeppelin.server.jetty.name", " "),
+    ZEPPELIN_SERVER_SEND_JETTY_NAME("zeppelin.server.send.jetty.name", true),
     ZEPPELIN_SERVER_JETTY_THREAD_POOL_MAX("zeppelin.server.jetty.thread.pool.max", 400),
     ZEPPELIN_SERVER_JETTY_THREAD_POOL_MIN("zeppelin.server.jetty.thread.pool.min", 8),
     ZEPPELIN_SERVER_JETTY_THREAD_POOL_TIMEOUT("zeppelin.server.jetty.thread.pool.timeout", 30),

zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java

@@ -316,13 +316,13 @@ private static void initServerConnector(Server server, int port, int sslPort) {
     ServerConnector connector;
     HttpConfiguration httpConfig = new HttpConfiguration();
     httpConfig.addCustomizer(new ForwardedRequestCustomizer());
+    httpConfig.setSendServerVersion(conf.sendJettyName());
     if (conf.useSsl()) {
       LOG.debug("Enabling SSL for Zeppelin Server on port " + sslPort);
       httpConfig.setSecureScheme("https");
       httpConfig.setSecurePort(sslPort);
       httpConfig.setOutputBufferSize(32768);
       httpConfig.setResponseHeaderSize(8192);
-      httpConfig.setSendServerVersion(true);
 
       HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
       SecureRequestCustomizer src = new SecureRequestCustomizer();