You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by sc...@apache.org on 2011/05/26 16:45:10 UTC
svn commit: r1127945 -
/incubator/wookie/site/trunk/content/wookie/docs/api.mdtext
Author: scottbw
Date: Thu May 26 14:45:10 2011
New Revision: 1127945
URL: http://svn.apache.org/viewvc?rev=1127945&view=rev
Log:
Added admin APIs
Modified:
incubator/wookie/site/trunk/content/wookie/docs/api.mdtext
Modified: incubator/wookie/site/trunk/content/wookie/docs/api.mdtext
URL: http://svn.apache.org/viewvc/incubator/wookie/site/trunk/content/wookie/docs/api.mdtext?rev=1127945&r1=1127944&r2=1127945&view=diff
==============================================================================
--- incubator/wookie/site/trunk/content/wookie/docs/api.mdtext (original)
+++ incubator/wookie/site/trunk/content/wookie/docs/api.mdtext Thu May 26 14:45:10 2011
@@ -103,6 +103,10 @@ be addressed to /widgets/7. The "identif
<td > GET {wookie}/widgets/{id} {?locale=<em>language_tag</em>}</td>
<td > Returns an XML representation of the widget with the specified <em>id</em>. Note that in the current release this is the actual database key; future releases should implement this using the widget URI as the <em>id</em>. If a locale is specified, the returned information is localized, for example widget titles, descriptions, license information will be in the specified language where available.</td>
</tr>
+<tr>
+<TD> POST {wookie}/widgets {file} </TD>
+<TD> Posts a widget file to the server; this is identical in behaviour to dropping a ".wgt" file into the Wookie deploy folder. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication</TD>
+</tr>
</tbody></table>
@@ -209,3 +213,89 @@ A property consists of a <em>propertynam
<td >Deletes a property. This method returns a 404 status code if there is no matching property. </td>
</tr>
</tbody></table>
+
+#Administration Functions
+
+The following sections describe the API invoked by admin clients for managing the Wookie server, e.g. for managing whitelist entries or widget access policies.
+
+##Authentication
+By default the Admin REST API is secured using the Admin security restrictions defined in web.xml. This means that typically the client needs to have authenticated with the server using the admin user credentials.
+
+##Response formats
+Clients may request a response in either XML or JSON by setting the appropriate request content type. (If it is not possible to specify a content type in the request, clients may use the optional "format" parameter to specify a content type override.)
+
+##Whitelist
+
+This API is used to manage whitelist entries, which determine global access rules for the Wookie server-side proxy.
+
+<TABLE border="1"><TBODY>
+<TR>
+<TH>Request</TH>
+<TH>Description</TH>
+</TR>
+<TR>
+
+<TD> GET {wookie}/whitelist</TD>
+
+<TD> Returns all whitelist entries, consisting of an identifier and a URL. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication</TD>
+</TR>
+<TR>
+
+<TD> POST {wookie}/whitelist/ {param:url} </TD>
+
+<TD> Creates a new whitelist entry with the URL provided using the <EM>url</EM> parameter. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+<TR>
+
+<TD> DELETE {wookie}/whitelist/{id} </TD>
+
+<TD> Deletes the whitelist entry specified by <EM>id</EM>. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+</TBODY></TABLE>
+
+
+
+
+##Widget Access Request Policies (WARP)
+
+This API is used to manage per-Widget access request policies in accordance with the [W3C Widgets Access Request Policy][1] specification.
+
+<TABLE border="1"><TBODY>
+<TR>
+<TH>Request</TH>
+<TH>Description</TH>
+</TR>
+<TR>
+
+<TD> GET {wookie}/warp {param: widgetId} </TD>
+
+<TD> Returns all access policies, or only the access policies that apply to the widget identified by the <EM>widgetId</EM> parameter. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication</TD>
+</TR>
+<TR>
+
+<TD> GET {wookie}/warp/{id} </TD>
+
+<TD> Returns the access policy specified by <EM>id</EM>. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication</TD>
+</TR>
+<TR>
+
+<TD> POST {wookie}/warp/ {param:widgetId, origin, subdomains} </TD>
+
+<TD> Creates a new policy with the details provided. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+<TR>
+
+<TD> PUT {wookie}/warp/{id} {param: granted} </TD>
+
+<TD> Updates the policy specified by <EM>id</EM> with the status of <EM>granted</EM> if the <EM>granted</EM> parameter is set to "true", otherwise sets the status of the policy to <EM>not granted</EM>. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+<TR>
+
+<TD> DELETE {wookie}/warp/{id} </TD>
+
+<TD> Deletes the policy specified by <EM>id</EM>. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication.</TD>
+</TR>
+</TBODY></TABLE>
+
+
+ [1]: http://www.w3.org/TR/widgets-access/
\ No newline at end of file