[aerogear-dev] Initial Security for AeroGear UnifiedPush
Bruno Oliveira
bruno at abstractj.org
Wed Jun 19 12:15:38 EDT 2013
I do it, if we're not using the interceptor we're just hiding a issue
and duplicating code.
- Issue: The endpoint should return 401 instead of bad request on requests.
Matthias Wessendorf wrote:
> I think I didn't use it, because it throws an RT exception (no problem
> with that), which I could catch on the RestEasy layer.
> Instead of (for unauthorized invokes) returning 401 (to cURL, for
> instance), it was just "bad request".
>
> So, I went for the "check by code" solution first. Not saying that I am
> AGAINST the interceptor.
>
> I think on the long run that would be better and cleaner.
--
abstractj
More information about the aerogear-dev
mailing list