[aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)
Matthias Wessendorf
matzew at apache.org
Wed Sep 26 08:35:29 EDT 2012
Hi Bruno,
playing with the 'picketbox' branch of the TODO app. I have one
question about the security API ...
I am able to do a successful login with 'curl' ==> curl -v -H
"Accept: application/json" -H "Content-type: application/json" -X POST
-d '{"username":"john","password":"123"}'
http://localhost:8080/todo-server/auth/login
Great, my RESPONSE looks like:
{"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
Now when I want to fetch the projects (from their endpoint), by using
the token (as header) (again with) curl:
curl -v -H "Accept: application/json" --header "token:
6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
http://localhost:8080/todo-server/projects
As a response I am getting 401 (Unauthorized)
==>
* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /todo-server/projects HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: application/json
> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 39
< Date: Wed, 26 Sep 2012 11:29:56 GMT
<
* Connection #0 to host localhost left intact
Am I missing something here ?
Greetings,
Matthias
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
More information about the aerogear-dev
mailing list