[aerogear-dev] [UPS] Import/Export of installations

Stefan Miklosovic smikloso at redhat.com
Wed Nov 12 05:31:09 EST 2014 

Two more comments which come to my mind and are quite technical. 

1) When you export Variant into JSON and you want to import it again, you fail to do so at this moment because Variant is abstract class and JSON unmarshaller do not know to which class it should be cast. Because of that we have to change model of Variant to add this on it (1). Maybe there is another option how to do that (e.g. according to some field in Variant and write custom JSON unmarshaller). 

2) We have similar issue with VariantType, it fails to unmarshall at this moment without this modification (2) 

(1) https://github.com/smiklosovic/aerogear-unifiedpush-server/blob/f7fe2f5f58a8882aa5a3362d07a208c37b0d4403/model/api/src/main/java/org/jboss/aerogear/unifiedpush/api/Variant.java#L28 
(2) https://github.com/smiklosovic/aerogear-unifiedpush-server/blob/f7fe2f5f58a8882aa5a3362d07a208c37b0d4403/model/api/src/main/java/org/jboss/aerogear/unifiedpush/api/VariantType.java#L61-L69 

Stefan Miklosovic 
Red Hat Brno - JBoss Mobile Platform 

e-mail: smikloso at redhat.com 
irc: smikloso 

----- Original Message -----

> Hi,

> I would like to start a discussion around the import/export of installations
> in UPS. To track all the tasks, we have a ticket[1] also containing some
> sub-tasks. Scope

> For now we stick to installations, meanning we can import or export
> installations from a particular Variant. Import/Export for Variants will
> maybe come later but due to some security issues (mainly for iOS
> cert/passphrase) it's on hold. Import Service

> That's an easy one ;) since the service already exist [2]. It's a REST
> service and it uses the VariantId/Secret combination to authenticate.

> Data format looks like :
> [
> {
> "deviceToken" : "someTokenString",
> "deviceType" : "iPad",
> "operatingSystem" : "iOS",
> "osVersion" : "6.1.2",
> "alias" : "someUsername or email adress...",
> "categories" : ["football", "sport"]
> },
> {
> "deviceToken" : "someOtherTokenString",
> ...
> },
> ...
> ]
> Export Service

> Like import, it will use the variantId/secret combo to authenticate and
> retrieve the right variant to export the installations. The data structure
> format would of course looks like the one used for import. Output format

> How should provide the exported data ? I need your input here 1. Raw Json ?
> 2. Json file ? 3. Zip / tarball ? UI

> UI should be a nice to have

> I would suggest to add 2 items (import and export) in the contextual menu
> that you can see in this screenshot :

> For import, the user will have a file input and feedback on how many
> installations were imported. For export, the user just have to press an
> export button Migration issues

> So, that is a very important point that I would like to discuss. Even if we
> are able to import installations, the variantID_ and the __variantSecret
> will not match with those that are in the Clients.

> Imagine the following scenario : I export 15000 installations, my datacenter
> burns, I create a new UPS instance, with a new Push App and a new Variant
> (so new VariantID and VariantSecret), then I inport the installations. Well,
> my 15000 clients will point to the wrong variant. For sure, they can be
> updated but that might not always be an option.

> That is why I would like suggest the following change : Make VariantId and
> VariantSecret editable, so after someone has done an import he can change
> the values of the variants so it matches the clients.

> I know we had this discussion before, but in the future we might want to
> change the naming around VariantId and VariantSecret, to me it sounds more
> like variantAPIKey / variantAPISecret

> wdyt ? Security

> As said before, import/export uses variantId/variantSecret to authenticate.
> So if someone has access to these keys he could make a malicious import of
> 500k installations. What should we do for that ? We could give this access
> only to authenticated "console" users but then it would be hard to expose
> import/export as rest service (because of KC implication)

> Please comment, ask questions , be crazy ...

> Sebi

> [1] https://issues.jboss.org/browse/AGPUSH-978

> [2]
> http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html

> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141112/65dac621/attachment.html

More information about the aerogear-dev mailing list