Author: scottbw
Date: Thu May 26 14:45:10 2011
New Revision: 1127945
URL: http://svn.apache.org/viewvc?rev=1127945&view=rev
Log:
Added admin APIs
Modified:
incubator/wookie/site/trunk/content/wookie/docs/api.mdtext
Modified: incubator/wookie/site/trunk/content/wookie/docs/api.mdtext
URL:
http://svn.apache.org/viewvc/incubator/wookie/site/trunk/content/wookie/docs/api.mdtext?rev=1127945&r1=1127944&r2=1127945&view=diff
==============================================================================
--- incubator/wookie/site/trunk/content/wookie/docs/api.mdtext (original)
+++ incubator/wookie/site/trunk/content/wookie/docs/api.mdtext Thu May 26
14:45:10 2011
@@ -103,6 +103,10 @@ be addressed to /widgets/7. The "identif
<td > GET {wookie}/widgets/{id} {?locale=<em>language_tag</em>}</td>
<td > Returns an XML representation of the widget with the specified
<em>id</em>. Note that in the current release this is the actual database key;
future releases should implement this using the widget URI as the <em>id</em>.
If a locale is specified, the returned information is localized, for example
widget titles, descriptions, license information will be in the specified
language where available.</td>
</tr>
+<tr>
+<TD> POST {wookie}/widgets {file} </TD>
+<TD> Posts a widget file to the server; this is identical in behaviour to
dropping a ".wgt" file into the Wookie deploy folder. This method
requires authentication using a widgetadmin role, e.g. using HTTP Basic
authentication</TD>
+</tr>
</tbody></table>
@@ -209,3 +213,89 @@ A property consists of a <em>propertynam
<td >Deletes a property. This method returns a 404 status code if there is no
matching property. </td>
</tr>
</tbody></table>
+
+#Administration Functions
+
+The following sections describe the API invoked by admin clients for managing
the Wookie server, e.g. for managing whitelist entries or widget access
policies.
+
+##Authentication
+By default the Admin REST API is secured using the Admin security restrictions
defined in web.xml. This means that typically the client needs to have
authenticated with the server using the admin user credentials.
+
+##Response formats
+Clients may request a response in either XML or JSON by setting the
appropriate request content type. (If it is not possible to specify a content
type in the request, clients may use the optional "format" parameter to specify
a content type override.)
+
+##Whitelist
+
+This API is used to manage whitelist entries, which determine global access
rules for the Wookie server-side proxy.
+
+<TABLE border="1"><TBODY>
+<TR>
+<TH>Request</TH>
+<TH>Description</TH>
+</TR>
+<TR>
+
+<TD> GET {wookie}/whitelist</TD>
+
+<TD> Returns all whitelist entries, consisting of an identifier and a URL.
This method requires authentication using a widgetadmin role, e.g. using HTTP
Basic authentication</TD>
+</TR>
+<TR>
+
+<TD> POST {wookie}/whitelist/ {param:url} </TD>
+
+<TD> Creates a new whitelist entry with the URL provided using the
<EM>url</EM> parameter. This method requires authentication using a widgetadmin
role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+<TR>
+
+<TD> DELETE {wookie}/whitelist/{id} </TD>
+
+<TD> Deletes the whitelist entry specified by <EM>id</EM>. This method
requires authentication using a widgetadmin role, e.g. using HTTP Basic
authentication.</TD>
+</TR>
+</TBODY></TABLE>
+
+
+
+
+##Widget Access Request Policies (WARP)
+
+This API is used to manage per-Widget access request policies in accordance
with the [W3C Widgets Access Request Policy][1] specification.
+
+<TABLE border="1"><TBODY>
+<TR>
+<TH>Request</TH>
+<TH>Description</TH>
+</TR>
+<TR>
+
+<TD> GET {wookie}/warp {param: widgetId} </TD>
+
+<TD> Returns all access policies, or only the access policies that apply to
the widget identified by the <EM>widgetId</EM> parameter. This method requires
authentication using a widgetadmin role, e.g. using HTTP Basic
authentication</TD>
+</TR>
+<TR>
+
+<TD> GET {wookie}/warp/{id} </TD>
+
+<TD> Returns the access policy specified by <EM>id</EM>. This method requires
authentication using a widgetadmin role, e.g. using HTTP Basic
authentication</TD>
+</TR>
+<TR>
+
+<TD> POST {wookie}/warp/ {param:widgetId, origin, subdomains} </TD>
+
+<TD> Creates a new policy with the details provided. This method requires
authentication using a widgetadmin role, e.g. using HTTP Basic
authentication.</TD>
+</TR>
+<TR>
+
+<TD> PUT {wookie}/warp/{id} {param: granted} </TD>
+
+<TD> Updates the policy specified by <EM>id</EM> with the status of
<EM>granted</EM> if the <EM>granted</EM> parameter is set to "true",
otherwise sets the status of the policy to <EM>not granted</EM>. This method
requires authentication using a widgetadmin role, e.g. using HTTP Basic
authentication.</TD>
+</TR>
+<TR>
+
+<TD> DELETE {wookie}/warp/{id} </TD>
+
+<TD> Deletes the policy specified by <EM>id</EM>. This method requires
authentication using a widgetadmin role, e.g. using HTTP Basic
authentication.</TD>
+</TR>
+</TBODY></TABLE>
+
+
+ [1]: http://www.w3.org/TR/widgets-access/
\ No newline at end of file
