directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From plusplusjia...@apache.org
Subject [1/3] directory-kerby git commit: DIRKRB-696 Add REST API and client for remote initialization.
Date Tue, 13 Feb 2018 02:05:43 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/trunk 26748ae43 -> f81bbf549


DIRKRB-696 Add REST API and client for remote initialization.


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/ad48f758
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/ad48f758
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/ad48f758

Branch: refs/heads/trunk
Commit: ad48f758f6a9be8d869624dbefa9347b8b97b643
Parents: 973f7ad
Author: plusplusjiajia <jiajia.li@intel.com>
Authored: Tue Feb 13 10:00:36 2018 +0800
Committer: plusplusjiajia <jiajia.li@intel.com>
Committed: Tue Feb 13 10:00:36 2018 +0800

----------------------------------------------------------------------
 .../apache/kerby/has/client/HasInitClient.java  | 123 +++++++++++++++
 .../org/apache/kerby/has/server/HasServer.java  |  17 +++
 .../apache/kerby/has/server/web/WebServer.java  |  13 ++
 .../kerby/has/server/web/rest/AsRequestApi.java | 151 +++++++++++++++++++
 .../kerby/has/server/web/rest/HadminApi.java    |   2 +-
 .../kerby/has/server/web/rest/HasApi.java       | 151 -------------------
 .../kerby/has/server/web/rest/InitApi.java      |  96 ++++++++++++
 .../kerby/has/server/web/rest/KadminApi.java    |   1 +
 8 files changed, 402 insertions(+), 152 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
----------------------------------------------------------------------
diff --git a/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
new file mode 100644
index 0000000..5d28867
--- /dev/null
+++ b/has-project/has-client/src/main/java/org/apache/kerby/has/client/HasInitClient.java
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.client;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.kerby.has.common.HasConfig;
+import org.codehaus.jettison.json.JSONException;
+import org.codehaus.jettison.json.JSONObject;
+import org.glassfish.jersey.SslConfigurator;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.ws.rs.core.MultivaluedMap;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+/**
+ * HAS client API for applications to interact with HAS server
+ */
+public class HasInitClient {
+
+    public static final Logger LOG = LoggerFactory.getLogger(HasInitClient.class);
+
+    private HasConfig hasConfig;
+    private File confDir;
+
+    public HasInitClient(HasConfig hasConfig, File confDir) {
+        this.hasConfig = hasConfig;
+        this.confDir = confDir;
+    }
+
+    public File getConfDir() {
+        return confDir;
+    }
+
+    private WebResource getWebResource(String restName) {
+        Client client;
+        String server = null;
+        if (hasConfig.getHttpsPort() != null && hasConfig.getHttpsHost() != null)
{
+            server = "https://" + hasConfig.getHttpsHost() + ":" + hasConfig.getHttpsPort()
+                    + "/has/v1/" + restName;
+            LOG.info("Admin request url: " + server);
+            HasConfig conf = new HasConfig();
+            try {
+                conf.addIniConfig(new File(hasConfig.getSslClientConf()));
+            } catch (IOException e) {
+                throw new RuntimeException("Errors occurred when adding ssl conf. "
+                    + e.getMessage());
+            }
+            SslConfigurator sslConfigurator = SslConfigurator.newInstance()
+                    .trustStoreFile(conf.getString("ssl.client.truststore.location"))
+                    .trustStorePassword(conf.getString("ssl.client.truststore.password"));
+            sslConfigurator.securityProtocol("SSL");
+            SSLContext sslContext = sslConfigurator.createSSLContext();
+            ClientConfig clientConfig = new DefaultClientConfig();
+            clientConfig.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
+                    new HTTPSProperties(new HostnameVerifier() {
+                        @Override
+                        public boolean verify(String s, SSLSession sslSession) {
+                            return false;
+                        }
+                    }, sslContext));
+            client = Client.create(clientConfig);
+        } else {
+            client = Client.create();
+        }
+        if (server == null) {
+            throw new RuntimeException("Please set the https address and port.");
+        }
+        return client.resource(server);
+    }
+
+    public void startKdc() {
+        WebResource webResource = getWebResource("init/kdcstart");
+        ClientResponse response = webResource.get(ClientResponse.class);
+        try {
+            JSONObject result = new JSONObject(response.getEntity(String.class));
+            if (result.getString("result").equals("success")) {
+                System.out.println(result.getString("msg"));
+            } else {
+                System.err.println(result.getString("msg"));
+            }
+        } catch (JSONException e) {
+            System.err.println(e.getMessage());
+        }
+    }
+
+    public InputStream initKdc() {
+        WebResource webResource = getWebResource("init/kdcinit");
+        ClientResponse response = webResource.get(ClientResponse.class);
+        if (response.getStatus() == 200) {
+            return response.getEntityInputStream();
+        }
+        return null;
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
index e14e619..8608bf0 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/HasServer.java
@@ -141,6 +141,23 @@ public class HasServer {
         setHttpFilter();
     }
 
+    public File initKdcServer() throws KrbException {
+        File adminKeytabFile = new File(workDir, "admin.keytab");
+        LocalKadmin kadmin = new LocalKadminImpl(kdcServer.getKdcSetting(),
+            kdcServer.getIdentityService());
+        if (adminKeytabFile.exists()) {
+            throw new KrbException("KDC Server is already inited.");
+        }
+        kadmin.createBuiltinPrincipals();
+        kadmin.exportKeytab(adminKeytabFile, kadmin.getKadminPrincipal());
+        System.out.println("The keytab for kadmin principal "
+            + " has been exported to the specified file "
+            + adminKeytabFile.getAbsolutePath() + ", please safely keep it, "
+            + "in order to use kadmin tool later");
+
+        return adminKeytabFile;
+    }
+
     private void setHttpFilter() throws HasException {
         File httpKeytabFile = new File(workDir, "http.keytab");
         LocalKadmin kadmin = new LocalKadminImpl(kdcServer.getKdcSetting(),

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
index 15e817c..abf3a9a 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/WebServer.java
@@ -28,6 +28,7 @@ import org.apache.hadoop.security.authentication.server.KerberosAuthenticationHa
 import org.apache.kerby.has.common.HasConfig;
 import org.apache.kerby.has.common.HasException;
 import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.web.rest.AsRequestApi;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -58,6 +59,16 @@ public class WebServer {
         return conf;
     }
 
+    private void init() {
+
+        final String pathSpec = "/has/v1/*";
+
+        // add has packages
+        httpServer.addJerseyResourcePackage(AsRequestApi.class
+                .getPackage().getName(),
+            pathSpec);
+    }
+
     public void defineFilter() {
         String authType = conf.getString(WebConfigKey.HAS_AUTHENTICATION_FILTER_AUTH_TYPE);
         if (authType.equals("kerberos")) {
@@ -170,6 +181,8 @@ public class WebServer {
             throw new HasException("Errors occurred when building http server. " + e.getMessage());
         }
 
+        init();
+
         try {
             httpServer.start();
         } catch (IOException e) {

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
new file mode 100644
index 0000000..6415161
--- /dev/null
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/AsRequestApi.java
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.server.web.rest;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.hadoop.http.JettyUtils;
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.HasAuthenException;
+import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.HasServerPlugin;
+import org.apache.kerby.has.server.HasServerPluginRegistry;
+import org.apache.kerby.has.server.kdc.HasKdcHandler;
+import org.apache.kerby.has.server.web.WebServer;
+import org.apache.kerby.has.server.web.rest.param.AuthTokenParam;
+import org.apache.kerby.has.server.web.rest.param.TypeParam;
+import org.apache.kerby.kerberos.kerb.KrbRuntime;
+import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
+import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
+import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.io.IOException;
+import java.util.Map;
+import java.util.TreeMap;
+
+/**
+ * HAS web methods implementation.
+ */
+@Path("")
+public class AsRequestApi {
+
+    @Context
+    private ServletContext context;
+
+    @Context
+    private HttpServletRequest httpRequest;
+
+
+    /**
+     * Handle HTTP PUT request.
+     */
+    @PUT
+    @Produces({MediaType.APPLICATION_OCTET_STREAM + "; " + JettyUtils.UTF_8,
+        MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8})
+    public Response asRequest(
+        @QueryParam(TypeParam.NAME) @DefaultValue(TypeParam.DEFAULT)
+        final TypeParam type,
+        @QueryParam(AuthTokenParam.NAME) @DefaultValue(AuthTokenParam.DEFAULT)
+        final AuthTokenParam authToken
+    ) {
+        return asRequest(type.getValue(), authToken.getValue());
+    }
+
+    private Response asRequest(String type, String tokenStr) {
+        if (httpRequest.isSecure()) {
+            final HasServer hasServer = WebServer.getHasServerFromContext(context);
+            String errMessage = null;
+            String js = null;
+            ObjectMapper mapper = new ObjectMapper();
+            final Map<String, Object> m = new TreeMap<String, Object>();
+
+            if (hasServer.getKdcServer() == null) {
+                errMessage = "Please start the has KDC server.";
+            } else if (!tokenStr.isEmpty() && tokenStr != null) {
+                HasKdcHandler kdcHandler = new HasKdcHandler(hasServer);
+
+                TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider("JWT").createTokenDecoder();
+
+                AuthToken authToken = null;
+                try {
+                    authToken = tokenDecoder.decodeFromString(tokenStr);
+                } catch (IOException e) {
+                    errMessage = "Failed to decode the token string." + e.getMessage();
+                    WebServer.LOG.error(errMessage);
+                }
+                HasServerPlugin tokenPlugin = null;
+                try {
+                    tokenPlugin = HasServerPluginRegistry.createPlugin(type);
+                } catch (HasException e) {
+                    errMessage = "Fail to get the plugin: " + type + ". " + e.getMessage();
+                    WebServer.LOG.error(errMessage);
+                }
+                AuthToken verifiedAuthToken;
+                try {
+                    verifiedAuthToken = tokenPlugin.authenticate(authToken);
+                } catch (HasAuthenException e) {
+                    errMessage = "Failed to verify auth token: " + e.getMessage();
+                    WebServer.LOG.error(errMessage);
+                    verifiedAuthToken = null;
+                }
+
+                if (verifiedAuthToken != null) {
+                    KrbMessage asRep = kdcHandler.getResponse(verifiedAuthToken,
+                        (String) verifiedAuthToken.getAttributes().get("passPhrase"));
+
+                    Base64 base64 = new Base64(0);
+                    try {
+                        m.put("type", tokenPlugin.getLoginType());
+                        m.put("success", "true");
+                        m.put("krbMessage", base64.encodeToString(asRep.encode()));
+                    } catch (IOException e) {
+                        errMessage = "Failed to encode KrbMessage." + e.getMessage();
+                        WebServer.LOG.error(errMessage);
+                    }
+
+                }
+            } else {
+                errMessage = "The token string should not be empty.";
+                WebServer.LOG.error(errMessage);
+            }
+
+            if (errMessage != null) {
+                m.put("success", "false");
+                m.put("krbMessage", errMessage);
+            }
+            try {
+                js = mapper.writeValueAsString(m);
+            } catch (JsonProcessingException e) {
+                WebServer.LOG.error("Failed write values to string." + e.getMessage());
+            }
+            return Response.ok(js).type(MediaType.APPLICATION_JSON).build();
+        }
+        return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
index a7febc1..f81a266 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HadminApi.java
@@ -54,7 +54,7 @@ import java.util.zip.ZipOutputStream;
 /**
  * HAS Admin web methods implementation.
  */
-@Path("/admin")
+@Path("/hadmin")
 public class HadminApi {
 
     @Context

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
deleted file mode 100644
index eaa3587..0000000
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/HasApi.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * <p>
- * http://www.apache.org/licenses/LICENSE-2.0
- * <p>
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.kerby.has.server.web.rest;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.hadoop.http.JettyUtils;
-import org.apache.kerby.has.common.HasException;
-import org.apache.kerby.has.server.HasAuthenException;
-import org.apache.kerby.has.server.HasServer;
-import org.apache.kerby.has.server.HasServerPlugin;
-import org.apache.kerby.has.server.HasServerPluginRegistry;
-import org.apache.kerby.has.server.kdc.HasKdcHandler;
-import org.apache.kerby.has.server.web.WebServer;
-import org.apache.kerby.has.server.web.rest.param.AuthTokenParam;
-import org.apache.kerby.has.server.web.rest.param.TypeParam;
-import org.apache.kerby.kerberos.kerb.KrbRuntime;
-import org.apache.kerby.kerberos.kerb.provider.TokenDecoder;
-import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
-import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.util.Map;
-import java.util.TreeMap;
-
-/**
- * HAS web methods implementation.
- */
-@Path("")
-public class HasApi {
-
-    @Context
-    private ServletContext context;
-
-    @Context
-    private HttpServletRequest httpRequest;
-
-
-    /**
-     * Handle HTTP PUT request.
-     */
-    @PUT
-    @Produces({MediaType.APPLICATION_OCTET_STREAM + "; " + JettyUtils.UTF_8,
-        MediaType.APPLICATION_JSON + "; " + JettyUtils.UTF_8})
-    public Response asRequest(
-        @QueryParam(TypeParam.NAME) @DefaultValue(TypeParam.DEFAULT)
-        final TypeParam type,
-        @QueryParam(AuthTokenParam.NAME) @DefaultValue(AuthTokenParam.DEFAULT)
-        final AuthTokenParam authToken
-    ) {
-        return asRequest(type.getValue(), authToken.getValue());
-    }
-
-    private Response asRequest(String type, String tokenStr) {
-        if (httpRequest.isSecure()) {
-            final HasServer hasServer = WebServer.getHasServerFromContext(context);
-            String errMessage = null;
-            String js = null;
-            ObjectMapper mapper = new ObjectMapper();
-            final Map<String, Object> m = new TreeMap<String, Object>();
-
-            if (hasServer.getKdcServer() == null) {
-                errMessage = "Please start the has KDC server.";
-            } else if (!tokenStr.isEmpty() && tokenStr != null) {
-                HasKdcHandler kdcHandler = new HasKdcHandler(hasServer);
-
-                TokenDecoder tokenDecoder = KrbRuntime.getTokenProvider("JWT").createTokenDecoder();
-
-                AuthToken authToken = null;
-                try {
-                    authToken = tokenDecoder.decodeFromString(tokenStr);
-                } catch (IOException e) {
-                    errMessage = "Failed to decode the token string." + e.getMessage();
-                    WebServer.LOG.error(errMessage);
-                }
-                HasServerPlugin tokenPlugin = null;
-                try {
-                    tokenPlugin = HasServerPluginRegistry.createPlugin(type);
-                } catch (HasException e) {
-                    errMessage = "Fail to get the plugin: " + type + ". " + e.getMessage();
-                    WebServer.LOG.error(errMessage);
-                }
-                AuthToken verifiedAuthToken;
-                try {
-                    verifiedAuthToken = tokenPlugin.authenticate(authToken);
-                } catch (HasAuthenException e) {
-                    errMessage = "Failed to verify auth token: " + e.getMessage();
-                    WebServer.LOG.error(errMessage);
-                    verifiedAuthToken = null;
-                }
-
-                if (verifiedAuthToken != null) {
-                    KrbMessage asRep = kdcHandler.getResponse(verifiedAuthToken,
-                        (String) verifiedAuthToken.getAttributes().get("passPhrase"));
-
-                    Base64 base64 = new Base64(0);
-                    try {
-                        m.put("type", tokenPlugin.getLoginType());
-                        m.put("success", "true");
-                        m.put("krbMessage", base64.encodeToString(asRep.encode()));
-                    } catch (IOException e) {
-                        errMessage = "Failed to encode KrbMessage." + e.getMessage();
-                        WebServer.LOG.error(errMessage);
-                    }
-
-                }
-            } else {
-                errMessage = "The token string should not be empty.";
-                WebServer.LOG.error(errMessage);
-            }
-
-            if (errMessage != null) {
-                m.put("success", "false");
-                m.put("krbMessage", errMessage);
-            }
-            try {
-                js = mapper.writeValueAsString(m);
-            } catch (JsonProcessingException e) {
-                WebServer.LOG.error("Failed write values to string." + e.getMessage());
-            }
-            return Response.ok(js).type(MediaType.APPLICATION_JSON).build();
-        }
-        return Response.status(403).entity("HTTPS required.\n").build();
-    }
-}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
new file mode 100644
index 0000000..6e1cc6e
--- /dev/null
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/InitApi.java
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.kerby.has.server.web.rest;
+
+import org.apache.kerby.has.common.HasException;
+import org.apache.kerby.has.server.HasServer;
+import org.apache.kerby.has.server.web.WebServer;
+import org.apache.kerby.kerberos.kerb.KrbException;
+import org.codehaus.jettison.json.JSONObject;
+
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.io.File;
+
+/**
+ * HAS initialize methods implementation.
+ */
+@Path("/init")
+public class InitApi {
+
+    @Context
+    private ServletContext context;
+
+    @Context
+    private HttpServletRequest httpRequest;
+
+    @GET
+    @Path("/kdcinit")
+    @Produces(MediaType.TEXT_PLAIN)
+    public Response kdcInit() {
+        if (httpRequest.isSecure()) {
+            final HasServer hasServer = WebServer.getHasServerFromContext(context);
+            String msg;
+            try {
+                File adminKeytab = hasServer.initKdcServer();
+                return Response.ok(adminKeytab).header("Content-Disposition",
+                    "attachment; filename=" + adminKeytab.getName()).build();
+            } catch (KrbException e) {
+                msg = "Failed to initialize KDC, because: " + e.getMessage();
+                WebServer.LOG.error(msg);
+                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+            }
+        }
+        return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+    }
+
+    @GET
+    @Path("/kdcstart")
+    @Produces(MediaType.TEXT_PLAIN)
+    public Response kdcStart() {
+        if (httpRequest.isSecure()) {
+            final HasServer hasServer = WebServer.getHasServerFromContext(context);
+            JSONObject result = new JSONObject();
+            String msg;
+            try {
+                hasServer.startKdcServer();
+            } catch (HasException e) {
+                msg = "Failed to start kdc server, because: " + e.getMessage();
+                WebServer.LOG.error(msg);
+                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+            }
+            try {
+                msg = "Succeed in starting KDC server.";
+                result.put("result", "success");
+                result.put("msg", msg);
+                return Response.ok(result.toString()).build();
+            } catch (Exception e) {
+                msg = "Failed to start kdc server, because: " + e.getMessage();
+                WebServer.LOG.error(msg);
+                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(msg).build();
+            }
+        }
+        return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
+    }
+}

http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/ad48f758/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
----------------------------------------------------------------------
diff --git a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
index 1e8e82c..6445156 100644
--- a/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
+++ b/has-project/has-server/src/main/java/org/apache/kerby/has/server/web/rest/KadminApi.java
@@ -45,6 +45,7 @@ import java.util.List;
 /**
  * Kadmin web methods implementation.
  */
+@Path("/kadmin")
 public class KadminApi {
     @Context
     private ServletContext context;


Mime
View raw message