[aerogear-dev] Initial Security for AeroGear UnifiedPush
Matthias Wessendorf
matzew at apache.org
Wed Jun 19 12:18:46 EDT 2013
On Wed, Jun 19, 2013 at 6:15 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> I do it, if we're not using the interceptor we're just hiding a issue
> and duplicating code.
>
I agree on that :)
>
> - Issue: The endpoint should return 401 instead of bad request on requests.
>
correct.
So, how about:
I give it another try tomorrow and will report back ?
-Matthias
>
> Matthias Wessendorf wrote:
> > I think I didn't use it, because it throws an RT exception (no problem
> > with that), which I could catch on the RestEasy layer.
> > Instead of (for unauthorized invokes) returning 401 (to cURL, for
> > instance), it was just "bad request".
> >
> > So, I went for the "check by code" solution first. Not saying that I am
> > AGAINST the interceptor.
> >
> > I think on the long run that would be better and cleaner.
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/0b948c68/attachment.html
More information about the aerogear-dev
mailing list