[aerogear-dev] AeroGear security updates
Bruno Oliveira
bruno at abstractj.org
Wed Nov 7 11:12:33 EST 2012
Morning slackers,
Just to give a heads up to you about AeroGear Security about some changes:
- AeroGear security was splited in two projects: aerogear-security (https://github.com/aerogear/aerogear-security) and aerogear-security-picketbox (https://github.com/aerogear/aerogear-security-picketbox)
- The HTTP status responses we're improved to support RESTful endpoints and AG controller
- A bunch of code refactoring
- The documentation was updated
- The aerogear-controller-demo was updated (https://github.com/aerogear/aerogear-controller-demo)
- OTP authentication as integrated tested and few bugs were reported to the PicketBox team. For now we're not ready to go on it.
- Our API was upgraded to the latest timed release on PicketBox/PicketLink (https://docs.jboss.org/author/display/SECURITY/Timed+Release+2012-Nov-06)
What's missing?
- Release it as snapshot on nexus, currently under maintenance.
- Include the Javadocs
- Code improvements
- Catch up with PicketBox team and figure out why OTP is not being validated
- Improve token validation on ServletFilter (for now is just disgusting)
- Integrated HTTP status responses with AG controller (for now AG security just throws a security exception and returns HTTP status code to RESTful endpoints)
Bugs? Please @jira https://issues.jboss.org/browse/AEROGEAR
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
More information about the aerogear-dev
mailing list