Robert Levas created AMBARI-8426:
------------------------------------
Summary: Provide access to session from resource handler
Key: AMBARI-8426
URL: https://issues.apache.org/jira/browse/AMBARI-8426
Project: Ambari
Issue Type: New Feature
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Fix For: 2.0.0
There should be a way to get access to the web server's session data from a
(REST API) resource handler.
This will allow a resource handler to access information such as a session
encryption key that may be used to encrypt data during that session. An
example of this would be when performing Kerberos-related activities, the
following flow can occur:
# Session encryption key is created
# User uploads KDC administrator credentials
# administrator credential are encrypted using the session encryption key and
persisted - maybe on disk, maybe in the Ambari database
# For every Kerberos administration action that needs to occur during that
session, the administrative credentials may be loaded into memory, decrypted,
used, and removed from memory
# When the session terminates, the encryption key is lost and the persisted
administrator credentials become lost
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
