[aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

Matthias Wessendorf matzew at apache.org
Wed Sep 26 09:02:59 EDT 2012


Cool, thank you!

-M

On Wed, Sep 26, 2012 at 3:00 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> I'll try to reproduce that error today guys to see what happens between the
> TODO app and curl.
>
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Wednesday, September 26, 2012 at 9:42 AM, Kris Borchers wrote:
>
> I see the same thing via curl but it works in browser. My guess would be it
> has something to do with everything being session based and the session
> isn't properly maintained with curl. That's mostly just a guess though.
>
> On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <matzew at apache.org> wrote:
>
> Hi Bruno,
>
> playing with the 'picketbox' branch of the TODO app. I have one
> question about the security API ...
>
> I am able to do a successful login with 'curl' ==> curl -v -H
> "Accept: application/json" -H "Content-type: application/json" -X POST
> -d '{"username":"john","password":"123"}'
> http://localhost:8080/todo-server/auth/login
>
> Great, my RESPONSE looks like:
> {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
>
>
> Now when I want to fetch the projects (from their endpoint), by using
> the token (as header) (again with) curl:
>
> curl -v -H "Accept: application/json" --header "token:
> 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
> http://localhost:8080/todo-server/projects
>
> As a response I am getting 401 (Unauthorized)
>
> ==>
>
>
> * About to connect() to localhost port 8080 (#0)
> * Trying 127.0.0.1...
> * connected
> * Connected to localhost (127.0.0.1) port 8080 (#0)
>
> GET /todo-server/projects HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0
> OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: application/json
> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>
> < HTTP/1.1 401 Unauthorized
> < Server: Apache-Coyote/1.1
> < Content-Type: application/json
> < Content-Length: 39
> < Date: Wed, 26 Sep 2012 11:29:56 GMT
> <
> * Connection #0 to host localhost left intact
>
>
> Am I missing something here ?
>
>
> Greetings,
> Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf


More information about the aerogear-dev mailing list