You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Yusaku Sako (JIRA)" <ji...@apache.org> on 2014/11/24 21:59:12 UTC
[jira] [Commented] (AMBARI-8426) Provide access to session from
resource handler
[ https://issues.apache.org/jira/browse/AMBARI-8426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14223502#comment-14223502 ]
Yusaku Sako commented on AMBARI-8426:
-------------------------------------
Sounds like a very useful feature.
The session encryption key itself is created upon HTTP session creation and stored in the session scope, in-memory on Ambari Server, correct?
> Provide access to session from resource handler
> -----------------------------------------------
>
> Key: AMBARI-8426
> URL: https://issues.apache.org/jira/browse/AMBARI-8426
> Project: Ambari
> Issue Type: New Feature
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Labels: encryption, kerberos, security, session
> Fix For: 2.0.0
>
>
> There should be a way to get access to the web server's session data from a (REST API) resource handler.
> This will allow a resource handler to access information such as a session encryption key that may be used to encrypt data during that session. An example of this would be when performing Kerberos-related activities, the following flow can occur:
> # Session encryption key is created
> # User uploads KDC administrator credentials
> # administrator credential are encrypted using the session encryption key and persisted - maybe on disk, maybe in the Ambari database
> # For every Kerberos administration action that needs to occur during that session, the administrative credentials may be loaded into memory, decrypted, used, and removed from memory
> # When the session terminates, the encryption key is lost and the persisted administrator credentials become lost
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)