[AMBARI-8426] Provide access to session from resource handler/provider - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.0.0
Component/s: ambari-server
Labels:
- encryption
- kerberos
- security
- session

Epic Link:
Ambari Automated Kerberization

Description

There should be a way to get access to the web server's session data from a (REST API) resource handler.

This will allow a resource handler to access information such as a session encryption key that may be used to encrypt data during that session. An example of this would be when performing Kerberos-related activities, the following flow can occur:

Session encryption key is created
User uploads KDC administrator credentials
administrator credential are encrypted using the session encryption key and persisted - maybe on disk, maybe in the Ambari database
For every Kerberos administration action that needs to occur during that session, the administrative credentials may be loaded into memory, decrypted, used, and removed from memory
When the session terminates, the encryption key is lost and the persisted administrator credentials become lost

Attachments

Issue Links

is required by

AMBARI-8447 Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as a special case

Resolved

links to

Code review and patch.

Activity

People

Assignee:: Tom Beerbower

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 24/Nov/14 14:18

Updated:: 09/Dec/14 01:00

Resolved:: 09/Dec/14 01:00