[aerogear-dev] Few suggestions about push quickstarts
Kris Borchers
kris at redhat.com
Thu Jun 27 12:26:27 EDT 2013
On Jun 27, 2013, at 11:17 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Good morning, today I was looking at the quickstart demo for push and
> would like to make some considerations and see what do you guys think.
> In this way we can file jiras to move forward.
>
> - The quickstart make use of AeroGear Controller. IMO we should move to
> Resteasy
+1
> - Code formatting, do we have a template for it? I don't want to mess up
> with the project.
As I said in an earlier e-mail on another thread, code formatting is on of my pet peeves so I am +9001 on keeping code clean and readable
> - Something that brought to my attention, after discuss with Passos some
> issues on Android is when you send: curl -v -b cookies.txt -c
> cookies.txt -H "Accept: application/json" -H "Content-type:
> application/json" -X POST -d '{"loginName": "john", "password":"123"}'
> http://localhost:8080/prodoctor/login
>
> The HTTP response is:
>
> {"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New
> York"}
This is bad!
>
> Attributes like expirationDate, partition and mailing password should
> never be sent back. For more details please take a look at how aerogear
> controller demo handle it
> https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/Login.java#L48.
>
> Behind the scenes PicketLink already encrypts the passwords on AGSec,
> but I can't do so much if they're sent back through the network. Thoughts?
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list