ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-7938) Views: ability to use current ambari authorization + session
Date Thu, 23 Oct 2014 20:07:33 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14181863#comment-14181863
] 

Tom Beerbower commented on AMBARI-7938:
---------------------------------------

Add a new AmbariStreamProvider that the view code can get from the view context.  The user
specifies the path.  The provider fills in the server, port and protocol.  The port and protocol
are pulled from the Ambari config so it works if SSL is configured...

{code}
  /**
   * Read from the input stream specified by the given path on the Ambari server.
   *
   * @param path              the String to parse as the Ambari REST API endpoint
   * @param requestMethod     the HTTP method (GET,POST,PUT,etc.).
   * @param params            the body of the request; may be null
   * @param headers           the headers of the request; may be null
   * @param useAmbariSession  indicates that the current Ambari session cookie should be set
for the request
   *
   * @return the input stream
   *
   * @throws java.io.IOException if an error occurred connecting to the server
   */
  public InputStream readFrom(String path, String requestMethod, String params,
                              Map<String, String> headers, boolean useAmbariSession)
      throws IOException;
{code}

The code in the view should look something like this ...

{code}
    AmbariStreamProvider provider = context.getAmbariStreamProvider();

    InputStream stream = provider.readFrom("/api/v1/users", "GET", null, null, true);
{code}

> Views: ability to use current ambari authorization + session
> ------------------------------------------------------------
>
>                 Key: AMBARI-7938
>                 URL: https://issues.apache.org/jira/browse/AMBARI-7938
>             Project: Ambari
>          Issue Type: Bug
>            Reporter: Tom Beerbower
>            Assignee: Tom Beerbower
>             Fix For: 1.2.0
>
>
> When a user accesses ambari, they first "login" with a basic auth "Authorization" header.
That results in a AMBARISESSIONID= that is authenticated. And subsequent calls from Ambari
Web use that AMBARISESSIONID in a cookie to avoid having to re-auth (as long as the session
doesn't timeout).
> If a view in ambari web is going to call-out to an ambari server (for example, if the
view wants to use an ambari server API to update capacity scheduler configs via Ambari REST
API), it would be useful for that view to re-use that auth info / session so the view connects
to the ambari server as the "same" user.
> Provide a way to expose the "Authorization/session" cookie in viewcontext if they plan
to have the view connect to an ambari server. Could this be an option on URLStreamProvider
obtained from the viewcontext, to hide the details?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message