There should be a way to get access to the web server's session data from a (REST API) resource handler.
This will allow a resource handler to access information such as a session encryption key that may be used to encrypt data during that session. An example of this would be when performing Kerberos-related activities, the following flow can occur:
- Session encryption key is created
- User uploads KDC administrator credentials
- administrator credential are encrypted using the session encryption key and persisted - maybe on disk, maybe in the Ambari database
- For every Kerberos administration action that needs to occur during that session, the administrative credentials may be loaded into memory, decrypted, used, and removed from memory
- When the session terminates, the encryption key is lost and the persisted administrator credentials become lost