Repository: ambari Updated Branches: refs/heads/trunk 85362043f -> 11336361f
http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-views/examples/pom.xml b/ambari-views/examples/pom.xml index 0951f19..4e93c35 100644 --- a/ambari-views/examples/pom.xml +++ b/ambari-views/examples/pom.xml @@ -29,6 +29,7 @@ <module>phone-list-view</module> <module>calculator-view</module> <module>weather-view</module> + <module>restricted-view</module> </modules> <build> <pluginManagement> http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/restricted-view/docs/index.md ---------------------------------------------------------------------- diff --git a/ambari-views/examples/restricted-view/docs/index.md b/ambari-views/examples/restricted-view/docs/index.md new file mode 100644 index 0000000..78aced4 --- /dev/null +++ b/ambari-views/examples/restricted-view/docs/index.md @@ -0,0 +1,261 @@ +<!--- +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at [http://www.apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0) + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> + +Restricted View Example +======== +Description +----- +The Restricted view is another simple view example. Like the HelloWorld view example, it demonstrates the basics of how to write and deploy a view in Ambari but also includes a couple of simple resources and a custom view permission. The Restricted resources use JAX-RS annotations to define the actions that can be performed on the resources. + +Package +----- + +All views are packaged as a view archive. The view archive contains the configuration file and various optional components of the view. + +#####view.xml + +The view.xml file is the only required file for a view archive. The view.xml is the configuration that describes the view and view instances for Ambari. + + <view> + <name>RESTRICTED</name> + <label>The Restricted View</label> + <version>1.0.0</version> + <resource> + <name>restricted</name> + <service-class>org.apache.ambari.view.restricted.RestrictedResource</service-class> + </resource> + <resource> + <name>unrestricted</name> + <service-class>org.apache.ambari.view.restricted.UnrestrictedResource</service-class> + </resource> + <permission> + <name>RESTRICTED</name> + <description> + Access permission for a restricted view resource. + </description> + </permission> + <instance> + <name>INSTANCE_1</name> + </instance> + </view> + +The configuration in this case defines a view named RESTRICTED that has a single instance. The view also defines a resource named 'unrestricted' and a resource name 'restricted'. + + + +#####UnrestrictedResource.java + +The UnrestrictedResource class defines a simple resource for the view. It uses JAX-RS annotations to define the actions that can be performed on the resource. + + @GET + @Produces({"text/html"}) + public Response getUnrestricted() throws IOException{ + return Response.ok("<b>You have accessed an unrestricted resource.</b>").type("text/html").build(); + } + +The getUnrestricted method will service requests to **'INSTANCE_1/resources/unrestricted'** for INSTANCE_1 of the RESTRICTED view. + +For example ... + + http://<server>:8080/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/unrestricted + +#####RestrictedResource.java + +The RestrictedResource class defines a simple resource for the view. It uses JAX-RS annotations to define the actions that can be performed on the resource. + + @GET + @Produces({"text/html"}) + public Response getRestricted() throws IOException{ + + String userName = context.getUsername(); + + try { + context.hasPermission(userName, "RESTRICTED"); + } catch (org.apache.ambari.view.SecurityException e) { + return Response.status(401).build(); + } + + return Response.ok("<b>You have accessed a restricted resource.</b>").type("text/html").build(); + } + +The getRestricted method will service requests to **'INSTANCE_1/resources/restricted'** for INSTANCE_1 of the RESTRICTED view. + +For example ... + + http://<server>:8080/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/restricted + +Build +----- + +The view can be built as a maven project. + + cd ambari-views/examples/restricted-view + mvn clean package + +The build will produce the view archive. + + ambari-views/examples/restricted-view/target/restricted-view-1.0.0.jar + + +Deploy +----- +To deploy a view we simply place the view archive in the views folder of the ambari-server machine. By default the views folder is located at ... + + /var/lib/ambari-server/resources/views + +To deploy the Restricted view simply copy the restricted-view jar to the ambari-server views folder and restart the ambari server. + +Use +----- + +After deploying a view you should see it as a view resource in the Ambari REST API. If we request all views, we should see the RESTRICTED view. + + { + "href" : "http://<server>:8080/api/v1/views", + "items" : [ + { + "href" : "http://<server>:8080/api/v1/views/RESTRICTED", + "ViewInfo" : { + "view_name" : "RESTRICTED" + } + }, + { + "href" : "http://<server>:8080/api/v1/views/HELLO_SERVLET", + "ViewInfo" : { + "view_name" : "HELLO_SERVLET" + } + }, + { + "href" : "http://<server>:8080/api/v1/views/HELLO_WORLD", + "ViewInfo" : { + "view_name" : "HELLO_WORLD" + } + } + ] + } + + +If we want to see the details about a specific view, we can ask for it by name. This shows us that the RESTRICTED view has a single instance named INSTANCE_1. Note the RESTRICTED permission sub-resource. + + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/", + "ViewVersionInfo" : { + "archive" : "/var/lib/ambari-server/resources/views/work/RESTRICTED{1.0.0}", + "label" : "The Restricted View", + "masker_class" : null, + "parameters" : [ ], + "version" : "1.0.0", + "view_name" : "RESTRICTED" + }, + "permissions" : [ + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/permissions/7", + "PermissionInfo" : { + "permission_id" : 7, + "version" : "1.0.0", + "view_name" : "RESTRICTED" + } + } + ], + "instances" : [ + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1", + "ViewInstanceInfo" : { + "instance_name" : "INSTANCE_1", + "version" : "1.0.0", + "view_name" : "RESTRICTED" + } + } + ] + } + +To see a specific instance of a view, we can ask for it by name. Here we can see the attributes of the view instance. We can also see that this view has two resources named 'restricted' and 'unrestricted'. Note that there are no privileges granted on the view instance. + + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/", + "ViewInstanceInfo" : { + "context_path" : "/views/RESTRICTED/1.0.0/INSTANCE_1", + "description" : null, + "icon64_path" : null, + "icon_path" : null, + "instance_name" : "INSTANCE_1", + "label" : "The Restricted View", + "version" : "1.0.0", + "view_name" : "RESTRICTED", + "visible" : true, + "instance_data" : { }, + "properties" : { } + }, + "resources" : [ + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/restricted", + "instance_name" : "INSTANCE_1", + "name" : "restricted", + "version" : "1.0.0", + "view_name" : "RESTRICTED" + }, + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/unrestricted", + "instance_name" : "INSTANCE_1", + "name" : "unrestricted", + "version" : "1.0.0", + "view_name" : "RESTRICTED" + } + ], + "privileges" : [ + ] + } + +We can access the view's unrestricted resource through the resource's href. + + http://<server>:8080/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/unrestricted/ + + You have accessed an unrestricted resource. + + +If we try to access the view's restricted resource through the resource's href it should return a 401 Unauthorized response. + + http://<server>:8080/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/resources/unrestricted/ + + 401 Unauthorized + +To grant privileges to access the restricted resource we can create a privilege sub-resource for the view instance. The following API will grant RESTICTED permission to the user 'bob' for the view instance 'INSTANCE_1' of the 'RESTRICTED' view. + + POST http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1 + + [ + { + "PrivilegeInfo" : { + "permission_name" : "RESTRICTED", + "principal_name" : "bob", + "principal_type" : "USER" + } + } + ] + +We should now see a privilege sub resource for the view instance and the user 'bob' should be able to access the restricted resource. + + { + "href" : "http://<server>/api/v1/views/RESTRICTED/versions/1.0.0/instances/INSTANCE_1/privileges/5", + "PrivilegeInfo" : { + "instance_name" : "INSTANCE_1", + "permission_name" : "RESTRICTED", + "principal_name" : "bob", + "principal_type" : "USER", + "privilege_id" : 5, + "version" : "1.0.0", + "view_name" : "RESTRICTED" + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/restricted-view/pom.xml ---------------------------------------------------------------------- diff --git a/ambari-views/examples/restricted-view/pom.xml b/ambari-views/examples/restricted-view/pom.xml new file mode 100644 index 0000000..3574f73 --- /dev/null +++ b/ambari-views/examples/restricted-view/pom.xml @@ -0,0 +1,89 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <parent> + <groupId>org.apache.ambari</groupId> + <artifactId>ambari-view-examples</artifactId> + <version>1.0.0</version> + </parent> + <modelVersion>4.0.0</modelVersion> + <artifactId>restricted-view</artifactId> + <packaging>jar</packaging> + <name>Ambari Restricted View</name> + <url>http://maven.apache.org</url> + <properties> + <ambari.version>1.3.0-SNAPSHOT</ambari.version> + </properties> + <dependencies> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.8.1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.easymock</groupId> + <artifactId>easymock</artifactId> + <version>3.1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.ambari</groupId> + <artifactId>ambari-views</artifactId> + <version>${ambari.version}</version> + </dependency> + <dependency> + <groupId>com.sun.jersey</groupId> + <artifactId>jersey-server</artifactId> + <version>1.8</version> + </dependency> + <dependency> + <groupId>javax.inject</groupId> + <artifactId>javax.inject</artifactId> + <version>1</version> + </dependency> + </dependencies> + + <build> + <pluginManagement> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.12</version> + </plugin> + </plugins> + </pluginManagement> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>rpm-maven-plugin</artifactId> + <version>2.0.1</version> + <executions> + <execution> + <phase>none</phase> + <goals> + <goal>rpm</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + +</project> http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/RestrictedResource.java ---------------------------------------------------------------------- diff --git a/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/RestrictedResource.java b/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/RestrictedResource.java new file mode 100644 index 0000000..88d22ee --- /dev/null +++ b/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/RestrictedResource.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.view.restricted; + +import org.apache.ambari.view.ViewContext; + +import javax.inject.Inject; +import javax.ws.rs.GET; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; +import java.io.IOException; + +/** + * The restricted resource. + */ +public class RestrictedResource { + /** + * The view context. + */ + @Inject + ViewContext context; + + /** + * Handles: GET /restricted. + * + * @return the response + */ + @GET + @Produces({"text/html"}) + public Response getRestricted() throws IOException{ + + String userName = context.getUsername(); + + try { + context.hasPermission(userName, "RESTRICTED"); + } catch (org.apache.ambari.view.SecurityException e) { + return Response.status(401).build(); + } + + return Response.ok("<b>You have accessed a restricted resource.</b>").type("text/html").build(); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/UnrestrictedResource.java ---------------------------------------------------------------------- diff --git a/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/UnrestrictedResource.java b/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/UnrestrictedResource.java new file mode 100644 index 0000000..f058b8c --- /dev/null +++ b/ambari-views/examples/restricted-view/src/main/java/org/apache/ambari/view/restricted/UnrestrictedResource.java @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.view.restricted; + + +import org.apache.ambari.view.ViewContext; + +import javax.inject.Inject; +import javax.ws.rs.GET; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Response; +import java.io.IOException; + +/** + * The unrestricted resource. + */ +public class UnrestrictedResource { + /** + * The view context. + */ + @Inject + ViewContext context; + + /** + * Handles: GET /unrestricted. + * + * @return the response + */ + @GET + @Produces({"text/html"}) + public Response getUnrestricted() throws IOException{ + return Response.ok("<b>You have accessed an unrestricted resource.</b>").type("text/html").build(); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/examples/restricted-view/src/main/resources/view.xml ---------------------------------------------------------------------- diff --git a/ambari-views/examples/restricted-view/src/main/resources/view.xml b/ambari-views/examples/restricted-view/src/main/resources/view.xml new file mode 100644 index 0000000..8719987 --- /dev/null +++ b/ambari-views/examples/restricted-view/src/main/resources/view.xml @@ -0,0 +1,38 @@ +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<view> + <name>RESTRICTED</name> + <label>The Restricted View</label> + <version>1.0.0</version> + <resource> + <name>restricted</name> + <service-class>org.apache.ambari.view.restricted.RestrictedResource</service-class> + </resource> + <resource> + <name>unrestricted</name> + <service-class>org.apache.ambari.view.restricted.UnrestrictedResource</service-class> + </resource> + <permission> + <name>RESTRICTED</name> + <description> + Access permission for a restricted view resource. + </description> + </permission> + <instance> + <name>INSTANCE_1</name> + </instance> +</view> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/src/main/java/org/apache/ambari/view/SecurityException.java ---------------------------------------------------------------------- diff --git a/ambari-views/src/main/java/org/apache/ambari/view/SecurityException.java b/ambari-views/src/main/java/org/apache/ambari/view/SecurityException.java new file mode 100644 index 0000000..9b97ade --- /dev/null +++ b/ambari-views/src/main/java/org/apache/ambari/view/SecurityException.java @@ -0,0 +1,44 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.view; + +/** + * Indicates that a view security exception occurred. + */ +public class SecurityException extends Exception { + /** + * Constructor. + * + * @param msg message + */ + public SecurityException(String msg) { + super(msg); + } + + /** + * Constructor. + * + * @param msg message + * @param throwable root exception + */ + public SecurityException(String msg, Throwable throwable) { + super(msg, throwable); + } +} + + http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java ---------------------------------------------------------------------- diff --git a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java index c83e8eb..37e91a2 100644 --- a/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java +++ b/ambari-views/src/main/java/org/apache/ambari/view/ViewContext.java @@ -41,6 +41,18 @@ public interface ViewContext { public String getUsername(); /** + * Determine whether or not the access specified by the given permission name + * is permitted for the given user. + * + * @param userName the user name + * @param permissionName the permission name + * + * @throws SecurityException if the access specified by the given permission name + * is not permitted + */ + public void hasPermission(String userName, String permissionName) throws SecurityException; + + /** * Get the view name. * * @return the view name
