<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jun 4, 2013 at 3:05 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Morning, maybe I&#39;m not understanding your question, but we already have<br>
this discussion and in the end the conclusion was about the lack of<br>
documentation on AGSEC (<a href="https://issues.jboss.org/browse/AGSEC-60" target="_blank">https://issues.jboss.org/browse/AGSEC-60</a>)<br>
<br>
Am I wrong?<br></blockquote><div><br></div><div style>I don&#39;t think you are wrong there.</div><div style><br></div><div style><br></div><div style>I guess this mail is related.</div><div style><br></div><div style><br>
</div><div style>For iOS/Android, we are &quot;trying&quot; to implement the basic/digest support by using the &quot;AuthModule&quot; interface. This interface provides:</div><div style>* enroll </div><div style>* login</div>
<div style>* logout</div><div style><br></div><div style>Which, as stated in the referenced bug, does not make much sense.</div><div style><br></div><div style><br></div><div style>Kris now shared, that on JS he went a different road, so that for JS-Basic/JS-Digest  he does not need to worry about &quot;enroll&quot;, &quot;login&quot; etc.</div>
<div style><br></div><div style>I think that should be done for iOS/Android as well</div><div style><br></div><div style><br></div><div style><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<br>
No real login exists, because we are making use of servlet filters from<br>
PicketLink.<br>
<div class="HOEnZb"><div class="h5"><br>
Matthias Wessendorf wrote:<br>
&gt; Hi,<br>
&gt;<br>
&gt; perhaps this is more &quot;AeroGear-Security VS HTTP Basic/Digest&quot;, but first<br>
&gt; some background informations:<br>
&gt;<br>
&gt; our different &quot;AuthenticationModule&quot; implementations, for Android, iOS<br>
&gt; and JavaScript, were created for the AeroGear-Security REST-APIs, which<br>
&gt; are described here:<br>
&gt; <a href="http://aerogear.org/docs/specs/aerogear-rest-api/" target="_blank">http://aerogear.org/docs/specs/aerogear-rest-api/</a><br>
&gt;<br>
&gt; Here are the three different client platform implementations:<br>
&gt;<br>
&gt; * Android:<br>
&gt; <a href="https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74" target="_blank">https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/AuthenticationModule.java#L50-L74</a><br>

&gt;<br>
&gt; * iOS:<br>
&gt; <a href="https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179" target="_blank">https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGear-iOS/security/AGAuthenticationModule.h#L143-L179</a><br>

&gt;<br>
&gt; * JavaScript:<br>
&gt; <a href="https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436" target="_blank">https://github.com/aerogear/aerogear-js/blob/master/src/authentication/adapters/rest.js#L224-L436</a><br>

&gt;<br>
&gt; So, basically the interface(or the different implementations) covers the<br>
&gt; following functionality, described in the above spec:<br>
&gt; * enroll<br>
&gt; * login<br>
&gt; * logout<br>
&gt;<br>
&gt; So far so good.<br>
&gt;<br>
&gt;<br>
&gt; However, looking at the recent work for BASIC/DIGEST (e.g.<br>
&gt; <a href="http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html" target="_blank">http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-Thoughts-td2847.html</a>),<br>

&gt; I think it might be confusing that there is no real login call against<br>
&gt; the server, like in the above codee, for AG-Security<br>
&gt;<br>
&gt; Instead, the &quot;login&quot;, is _only_ applying the credentials to that<br>
&gt; subsequent requests can read (a) protected URL(s). Similar to &quot;logout&quot;:<br>
&gt; Only a _reset_ of the credentials is happening. No server endpoint is<br>
&gt; invoked.<br>
&gt; See also <a href="http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html" target="_blank">http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html</a><br>
&gt;<br>
&gt;<br>
&gt; Similar to the &quot;enroll&quot;; The iOS proposal throws an exception, similar<br>
&gt; to the Android version:<br>
&gt;<br>
&gt; <a href="https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164" target="_blank">https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L164</a><br>

&gt;<br>
&gt; <a href="https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95" target="_blank">https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L93-L95</a><br>

&gt;<br>
&gt; To me, looks like none of the methods of the &quot;AuthenticationModule<br>
&gt; interface&quot; are properly used, or am I wrong?<br>
&gt;<br>
&gt;<br>
&gt; I think my question is: Does it really make sense to kinda try to add<br>
&gt; the BASIC/DIGEST support into the &quot;AuthenticationModule interface&quot;?? or,<br>
&gt; could there be something else ?<br>
&gt;<br>
&gt; Not sure, I guess since I am not sure, I am asking here :)<br>
&gt;<br>
&gt; Any feedback is appreciated!<br>
&gt;<br>
&gt; Thanks!<br>
&gt; Matthias<br>
&gt;<br>
&gt; --<br>
&gt; Matthias Wessendorf<br>
&gt;<br>
&gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
&gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
&gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
&gt;<br>
</div></div><div class="HOEnZb"><div class="h5">&gt; _______________________________________________<br>
&gt; aerogear-dev mailing list<br>
&gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
&gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>