[
https://issues.apache.org/jira/browse/AMBARI-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tom Beerbower updated AMBARI-7938:
----------------------------------
Attachment: AMBARI-7938.patch
> Views: ability to use current ambari authorization + session
> ------------------------------------------------------------
>
> Key: AMBARI-7938
> URL: https://issues.apache.org/jira/browse/AMBARI-7938
> Project: Ambari
> Issue Type: Bug
> Reporter: Tom Beerbower
> Assignee: Tom Beerbower
> Fix For: 1.2.0
>
> Attachments: AMBARI-7938.patch
>
>
> When a user accesses ambari, they first "login" with a basic auth
> "Authorization" header. That results in a AMBARISESSIONID= that is
> authenticated. And subsequent calls from Ambari Web use that AMBARISESSIONID
> in a cookie to avoid having to re-auth (as long as the session doesn't
> timeout).
> If a view in ambari web is going to call-out to an ambari server (for
> example, if the view wants to use an ambari server API to update capacity
> scheduler configs via Ambari REST API), it would be useful for that view to
> re-use that auth info / session so the view connects to the ambari server as
> the "same" user.
> Provide a way to expose the "Authorization/session" cookie in viewcontext if
> they plan to have the view connect to an ambari server. Could this be an
> option on URLStreamProvider obtained from the viewcontext, to hide the
> details?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
