[aerogear-dev] Few suggestions about push quickstarts
Bruno Oliveira
bruno at abstractj.org
Thu Jun 27 12:17:07 EDT 2013
Good morning, today I was looking at the quickstart demo for push and
would like to make some considerations and see what do you guys think.
In this way we can file jiras to move forward.
- The quickstart make use of AeroGear Controller. IMO we should move to
Resteasy
- Code formatting, do we have a template for it? I don't want to mess up
with the project.
- Something that brought to my attention, after discuss with Passos some
issues on Android is when you send: curl -v -b cookies.txt -c
cookies.txt -H "Accept: application/json" -H "Content-type:
application/json" -X POST -d '{"loginName": "john", "password":"123"}'
http://localhost:8080/prodoctor/login
The HTTP response is:
{"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New
York"}
Attributes like expirationDate, partition and mailing password should
never be sent back. For more details please take a look at how aerogear
controller demo handle it
https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/Login.java#L48.
Behind the scenes PicketLink already encrypts the passwords on AGSec,
but I can't do so much if they're sent back through the network. Thoughts?
--
abstractj
More information about the aerogear-dev
mailing list