You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by "Tom Beerbower (JIRA)" <ji...@apache.org> on 2014/10/23 22:02:34 UTC

[jira] [Created] (AMBARI-7938) Views: ability to use current ambari authorization + session

Tom Beerbower created AMBARI-7938:
-------------------------------------

             Summary: Views: ability to use current ambari authorization + session
                 Key: AMBARI-7938
                 URL: https://issues.apache.org/jira/browse/AMBARI-7938
             Project: Ambari
          Issue Type: Bug
            Reporter: Tom Beerbower
            Assignee: Tom Beerbower
             Fix For: 1.2.0


When a user accesses ambari, they first "login" with a basic auth "Authorization" header. That results in a AMBARISESSIONID= that is authenticated. And subsequent calls from Ambari Web use that AMBARISESSIONID in a cookie to avoid having to re-auth (as long as the session doesn't timeout).

If a view in ambari web is going to call-out to an ambari server (for example, if the view wants to use an ambari server API to update capacity scheduler configs via Ambari REST API), it would be useful for that view to re-use that auth info / session so the view connects to the ambari server as the "same" user.

Provide a way to expose the "Authorization/session" cookie in viewcontext if they plan to have the view connect to an ambari server. Could this be an option on URLStreamProvider obtained from the viewcontext, to hide the details?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)