[jira] Commented: (ZOOKEEPER-809) Improved REST Interface

Wed, 14 Jul 2010 09:03:17 -0700 

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-809?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12888404#action_12888404
 ] 

Patrick Hunt commented on ZOOKEEPER-809:
----------------------------------------

When I first created the REST interface I didn't have the notion of sessions, 
now that you do I think you would want to augment the notion of having a 
/znodes/... url with a url of /sessions/v1/<session TOKEN>/znodes/....

so create the session as you suggest, however that create operation returns a 
url representing the session, after which all of your operations use that as a 
"prefix" if you will. e.g.:

create a new session - POST /sessions/v1?op=create HTTP/1.1

returns /sessions/v1/ab483cd8283ef274

notice the session TOKEN is a randomly generated key - this allows for some 
"security through obscurity" as it's "hard to guess" and is some small measure 
of security. session keepalive and delete would operate on this url. GET on the 
url might return the original session id for example

create an ephemeral node - POST 
/sessions/v1/ab483cd8283ef274/znodes/v1/a/b?op=create&name=c&ephemeral=true 
HTTP/1.1

you might keep the /znodes feature as-is for those not wanting to use sessions 
(admin r/o console say, or cli tool), however you might want to make turning it 
off an option - allowing the operator to force users to use explicit sessions

notice how this also cleans up items 5/6 wrt the url used to access (same 
prefix in both cases)

when you add acl support you might add something like:

/sessions/v1/ab483cd8283ef274/auth/...

resource for managing them (add auth for example). I think you'd have to 
require SSL to make this secure..., and return some security token good for the 
session so that someone else can't impersonate you... etc...



> Improved REST Interface
> -----------------------
>
>                 Key: ZOOKEEPER-809
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-809
>             Project: Zookeeper
>          Issue Type: Improvement
>          Components: contrib
>            Reporter: Andrei Savu
>            Assignee: Andrei Savu
>         Attachments: SPEC.txt
>
>
> I would like to extend the existing REST Interface to also support:
> * configuration
> * ephemeral znodes
> * watches - PubSubHubbub 
> * ACLs 
> * basic authentication
> I want to do this because when building web applications that talks directly 
> to ZooKeeper a REST API it's a lot easier to use (there is no protocol 
> mismatch) than an API that uses persistent connections. I plan to use the 
> improved version to build a web-based administrative interface. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to