[aerogear-dev] Security / HTTP Basic: server interaction for Login/logout ?

Bruno Oliveira bruno at abstractj.org
Tue May 28 13:48:52 EDT 2013 

Do you think is a good idea to put it at AG-Sec-Auth?

Maybe specifying server and client bits?

Matthias Wessendorf wrote:
> TL;DR
>
> https://issues.jboss.org/browse/AGSEC-60
>
>
>
>
> On Fri, May 24, 2013 at 9:27 AM, Matthias Wessendorf <matzew at apache.org
> <mailto:matzew at apache.org>> wrote:
>
>     Hi,
>
>     we do have server side endpoints, for login/logout:
>
>     SPEC:
>     http://aerogear.org/docs/specs/aerogear-rest-api/
>
>     TODO demo:
>     https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162
>     (routes to
>     https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java)
>
>     One thing that I noticed, when talking w/ Christos about the HTTP
>     BASIC support, is that currently the modules "just" set the
>     credentials on "LOGIN",
>     and they perform a "clean-up", on the logout.
>
>     For both, login/logout, no request is send to the matching
>     "endpoints" on the server-side
>
>
>     Android (logout):
>     https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147
>
>     iOS (logout):
>     https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139
>
>     Not sure, but ususally, a logout against the server also performs
>     some sort of clean up. For instance in the TODO demo, it issues a
>     logout against the IDM:
>     https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113
>
>
>     Greetings,
>     Matthias
>
>
>
>     --
>     Matthias Wessendorf
>
>     blog: http://matthiaswessendorf.wordpress.com/
>     sessions: http://www.slideshare.net/mwessendorf
>     twitter: http://twitter.com/mwessendorf
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list