[aerogear-dev] Question on our AuthenticationModule

Matthias Wessendorf matzew at apache.org
Tue Jun 4 09:11:03 EDT 2013 

On Tue, Jun 4, 2013 at 3:05 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Morning, maybe I'm not understanding your question, but we already have
> this discussion and in the end the conclusion was about the lack of
> documentation on AGSEC (https://issues.jboss.org/browse/AGSEC-60)
>
> Am I wrong?
>

I don't think you are wrong there.


I guess this mail is related.


For iOS/Android, we are "trying" to implement the basic/digest support by
using the "AuthModule" interface. This interface provides:
* enroll
* login
* logout

Which, as stated in the referenced bug, does not make much sense.


Kris now shared, that on JS he went a different road, so that for
JS-Basic/JS-Digest  he does not need to worry about "enroll", "login" etc.

I think that should be done for iOS/Android as well






>
> No real login exists, because we are making use of servlet filters from
> PicketLink.
>
> Matthias Wessendorf wrote:
> > Hi,
> >
> > perhaps this is more "AeroGear-Security VS HTTP Basic/Digest", but first
> > some background informations:
> >
> > our different "AuthenticationModule" implementations, for Android, iOS
> > and JavaScript, were created for the AeroGear-Security REST-APIs, which
> > are described here:
> > http://aerogear.org/docs/specs/aerogear-rest-api/
> >
> > Here are the three different client platform implementations:
> >
> > * Android:
> >
> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74
> >
> > * iOS:
> >
> https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179
> >
> > * JavaScript:
> >
> https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436
> >
> > So, basically the interface(or the different implementations) covers the
> > following functionality, described in the above spec:
> > * enroll
> > * login
> > * logout
> >
> > So far so good.
> >
> >
> > However, looking at the recent work for BASIC/DIGEST (e.g.
> >
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html
> ),
> > I think it might be confusing that there is no real login call against
> > the server, like in the above codee, for AG-Security
> >
> > Instead, the "login", is _only_ applying the credentials to that
> > subsequent requests can read (a) protected URL(s). Similar to "logout":
> > Only a _reset_ of the credentials is happening. No server endpoint is
> > invoked.
> > See also
> http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html
> >
> >
> > Similar to the "enroll"; The iOS proposal throws an exception, similar
> > to the Android version:
> >
> >
> https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164
> >
> >
> https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95
> >
> > To me, looks like none of the methods of the "AuthenticationModule
> > interface" are properly used, or am I wrong?
> >
> >
> > I think my question is: Does it really make sense to kinda try to add
> > the BASIC/DIGEST support into the "AuthenticationModule interface"?? or,
> > could there be something else ?
> >
> > Not sure, I guess since I am not sure, I am asking here :)
> >
> > Any feedback is appreciated!
> >
> > Thanks!
> > Matthias
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130604/f1e744cd/attachment.html

More information about the aerogear-dev mailing list