Should we look at some well-established products that have a good set of such APIs for guidance? That will ensure that we atleast identify the most relevant APIs.
-----Original Message----- From: John Omernik [mailto:j...@omernik.com] Sent: Wednesday, July 12, 2017 6:12 AM To: user <user@drill.apache.org> Subject: Re: Rest API - Need to Improve My Java is sitting on my desk right now... on the plus side, when Java is on my desk, my Python is incredible... (Translation: Java scares me) :) On Tue, Jul 11, 2017 at 4:23 PM, Paul Rogers <prog...@mapr.com> wrote: > Hi John, > > All good points! > > How comfortable are you with Java? The current REST API evolved > organically based on the needs of the web UI. While we could wait for > a REST re-design, we could also move forward just adding the messages > you need — especially if you can contribute the code. > > The code is in org.apache.drill.exec.server.rest.LogInLogOutResources. > This is a mercifully short file. The login page message itself is one > line of actual code: > > @POST > @Path("/login") > @Produces(MediaType.TEXT_HTML) > public Viewable getLoginPageAfterValidationError() { > return ViewableWithPermissions.createLoginPage("Invalid > username/password credentials."); > } > > Seems simple enough to change above method to add the HTTP status to > the generated web page; the browser won’t care. > > The web framework Drill uses is quite rich (mucked about with it a > year ago, but have gotten rusty since.) There is an easy way to > indicate the HTTP status; I just can’t remember what it is… > > Anyone else remember how to set the return status in a Jetty response? > > Thanks, > > - Paul > > > > On Jul 7, 2017, at 5:48 AM, John Omernik <j...@omernik.com> wrote: > > > > Hello all, I recently setup some notebooks using the Rest API. > > > > I found that I was using Drill 1.8, and my code for determining > > authentication in Python, while hacky, worked... What I found is > > using python requests, when I posted to j_security check, the > > requests object almost always returned a HTTP 200. > > > > If it was a bad username/password, I parsed the page and looked for > > that text. In 1.8, if login was successful the string "Number of Drill > > Bits" > > appeared on in the response text. From the requests module > > perspective, both used HTTP 200 as a status code. However, on a > > successful login, > Drill > > actually sends a HTTP 303 that goes to / and apparently requests > > auto > grabs > > that request like nothing happened. Never telling me, the programmer > about > > the 303. > > > > However, in Drill 1.10, the UI for the / page improved, and likely, > > the string "Number of Drill Bits" was removed. This made it so I > > now had to reprogram my auth code to handle it better. > > > > So here I am, What IS the best way to determine programmatically in > > a way that will remain stable if login was successful. Obviously > > string parsing is prone to error and can be changed. I tried > > checking for the presence > of > > a JSESSIONID but that can show up either way. > > > > So what is the "right" way to indicate login is successful? Could we > > do something better with response codes? I know having the Form > > seems to > make > > sense, but could we just use basic authentication and set the header > > with the form? That way, we could issue single queries with basic > > auth and > get a > > Unauthorized if the authentication didn't work. I don't know if I > > have > an > > answer, but I do know that working with the Rest API isn't all that > > intuitive, it should be easier to tell if login was successful... I > > am interested in the thoughts of others here. > > > > John > > > > > > > > > > > > > > > > (Code) > > def authDrill(self): > > url = self.drill_base_url + "/j_security_check" > > login = {'j_username': self.drill_user, 'j_password': > > self.drill_pass} > > > > verify = "/etc/ssl/certs/ca-certificates.crt" > > > > if self.drill_pin_to_ip == True: > > verify = False > > > > requests.packages.urllib3.disable_warnings(InsecureRequestWarning) > > else: > > verify = "/etc/ssl/certs/ca-certificates.crt" > > > > r = self.session.post(url, data=login, > > headers=self.drill_headers, > > verify=verify) > > if r.status_code == 200: > > if r.text.find("Invalid username/password credentials") >= 0: > > raise Exception("Invalid username/password credentials") > > elif r.text.find("Number of Drill Bits") >= 0: > > pass > > else: > > raise Exception("Unknown HTTP 200 Code: %s" % r.text) > > else: > > raise Exception("Status Code: %s - Error" % r.status_code) > > return self.session > >