[
https://issues.apache.org/jira/browse/AMBARI-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14181863#comment-14181863
]
Tom Beerbower commented on AMBARI-7938:
---------------------------------------
Add a new AmbariStreamProvider that the view code can get from the view
context. The user specifies the path. The provider fills in the server, port
and protocol. The port and protocol are pulled from the Ambari config so it
works if SSL is configured...
{code}
/**
* Read from the input stream specified by the given path on the Ambari
server.
*
* @param path the String to parse as the Ambari REST API
endpoint
* @param requestMethod the HTTP method (GET,POST,PUT,etc.).
* @param params the body of the request; may be null
* @param headers the headers of the request; may be null
* @param useAmbariSession indicates that the current Ambari session cookie
should be set for the request
*
* @return the input stream
*
* @throws java.io.IOException if an error occurred connecting to the server
*/
public InputStream readFrom(String path, String requestMethod, String params,
Map<String, String> headers, boolean
useAmbariSession)
throws IOException;
{code}
The code in the view should look something like this ...
{code}
AmbariStreamProvider provider = context.getAmbariStreamProvider();
InputStream stream = provider.readFrom("/api/v1/users", "GET", null, null,
true);
{code}
> Views: ability to use current ambari authorization + session
> ------------------------------------------------------------
>
> Key: AMBARI-7938
> URL: https://issues.apache.org/jira/browse/AMBARI-7938
> Project: Ambari
> Issue Type: Bug
> Reporter: Tom Beerbower
> Assignee: Tom Beerbower
> Fix For: 1.2.0
>
>
> When a user accesses ambari, they first "login" with a basic auth
> "Authorization" header. That results in a AMBARISESSIONID= that is
> authenticated. And subsequent calls from Ambari Web use that AMBARISESSIONID
> in a cookie to avoid having to re-auth (as long as the session doesn't
> timeout).
> If a view in ambari web is going to call-out to an ambari server (for
> example, if the view wants to use an ambari server API to update capacity
> scheduler configs via Ambari REST API), it would be useful for that view to
> re-use that auth info / session so the view connects to the ambari server as
> the "same" user.
> Provide a way to expose the "Authorization/session" cookie in viewcontext if
> they plan to have the view connect to an ambari server. Could this be an
> option on URLStreamProvider obtained from the viewcontext, to hide the
> details?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
