<div dir="ltr">BTW,<div style><br></div><div style>Looking at your mapper, I wonder if you could not add that to <span style="font-family:arial,sans-serif;font-size:12.800000190734863px">HttpExceptionMapper class from ag-sec, if it makes sense and not side effects happens (I tried it in a non CORS app and saw no problem) I can do a PR for that on aerogear-security ? </span></div>
<div style><span style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br></span></div><div style><span style="font-family:arial,sans-serif;font-size:12.800000190734863px">Seb</span></div><div style><span style="font-family:arial,sans-serif;font-size:12.800000190734863px"><br>
</span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 11:14 AM, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">\o/<div>You're the man ! </div><div>It works, thx you so much ! </div><div><br></div></div><div class="HOEnZb">
<div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 2, 2013 at 11:09 AM, Daniel Bevenius <span dir="ltr"><<a href="mailto:daniel.bevenius@gmail.com" target="_blank">daniel.bevenius@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I've looked into this and I think the cause is that the HttpExceptionMapper does not add CORS headers. I tried to add an ExceptionMapper that does add CORS headers and it will then return a 401 to the browser instead of a failed request.<div>
I've pushed this example to this branch:</div><div><a href="https://github.com/danbev/aerogear-push-quickstart-backend/tree/exception-mapper" target="_blank">https://github.com/danbev/aerogear-push-quickstart-backend/tree/exception-mapper</a><br>
</div><div><br></div><div>Let me know if this fixes the error you were seeing.</div><div><br></div><div>/Dan</div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 2 August 2013 09:47, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div>On Fri, Aug 2, 2013 at 9:36 AM, Daniel Bevenius <span dir="ltr"><<a href="mailto:daniel.bevenius@gmail.com" target="_blank">daniel.bevenius@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hey Seb, <div><br></div><div>I'm trying to reproduce this but getting a Javascript error which is:</div>
<div><span style="color:rgb(255,0,0);font-family:Menlo,monospace;font-size:11px;line-height:12px;white-space:pre-wrap">Uncaught ReferenceError: NewLeadController is not defined from aerodoc</span><span style="color:rgb(255,0,0);font-family:Menlo,monospace;font-size:11px;line-height:12px;white-space:pre-wrap"> </span></div>
</div></blockquote><div><br></div></div><div>Sorry, if you pull now it should be good </div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">
<div><br>
</div><div><span style="color:rgb(255,0,0);font-family:Menlo,monospace;font-size:11px;line-height:12px;white-space:pre-wrap"><br></span></div><div><font color="#000000" face="Menlo, monospace"><span style="font-size:11px;line-height:12px;white-space:pre-wrap">I think I followed the steps above, but I did change the version aerogear.unifiedpush.sender.version to 0.2.1-SNAPSHOT as I did not have 0.2.0-SNAPSHOT. Any ideas about this?</span></font></div>
</div></blockquote><div><br></div></div><div>Yes, that is good, though for reproducing this scenario the sender is not used, but yes you can use 0.2.1-SNAPSHOT</div><div><div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div><font color="#000000" face="Menlo, monospace"><span style="font-size:11px;line-height:12px;white-space:pre-wrap"><br></span></font></div><div><font color="#000000" face="Menlo, monospace"><span style="font-size:11px;line-height:12px;white-space:pre-wrap"><br>
</span></font></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On 1 August 2013 21:01, Sebastien Blanc <span dir="ltr"><<a href="mailto:scm.blanc@gmail.com" target="_blank">scm.blanc@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><p style="line-height:20px;margin-right:0px;font-size:15.199999809265137px;margin-left:0px;margin-bottom:15px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin-top:0px!important">
Hi Folks,</p><p style="line-height:20px;margin-right:0px;font-size:15.199999809265137px;margin-left:0px;margin-bottom:15px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin-top:0px!important">I'm facing an issue and I hope you could help me on this.</p>
<p style="line-height:20px;margin-right:0px;font-size:15.199999809265137px;margin-left:0px;margin-bottom:15px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin-top:0px!important">My app is using ag-sec with the @secure annotation and Resteasy.</p>
<h2 style="border-bottom-style:solid;border-bottom-width:1px;line-height:1.7;font-size:2em;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:1em 0px 15px;padding:0px;border-bottom-color:rgb(238,238,238)">
<a name="1403e4e9100f365e_1403e4a0de63d1cc_1403dff704fbda51_1403df4ccd62c20a_1403b41a3c86bad0_scenario-hitting-secured-endpoints-without-cors-webapp-deployed-in-the-same-domain" href="https://gist.github.com/sebastienblanc/6133102#scenario-hitting-secured-endpoints-without-cors-webapp-deployed-in-the-same-domain" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-left:0px;line-height:1" target="_blank"><span></span></a>Scenario: hitting secured endpoints without CORS (webapp deployed in the same domain)</h2>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">When the user has not the role specified by @secure I got an exception, as expected <a href="https://gist.github.com/sebastienblanc/6134149" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://gist.github.com/sebastienblanc/6134149</a></p>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">I assume it is because of this <a href="https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/interceptor/SecurityInterceptor.java#L71" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/interceptor/SecurityInterceptor.java#L71</a> and, perfect, works as designed.</p>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">The server returns a nice 401 status to the client.</p><h2 style="border-bottom-style:solid;border-bottom-width:1px;line-height:1.7;font-size:2em;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:1em 0px 15px;padding:0px;border-bottom-color:rgb(238,238,238)">
<a name="1403e4e9100f365e_1403e4a0de63d1cc_1403dff704fbda51_1403df4ccd62c20a_1403b41a3c86bad0_testing-in-a-cors-configuration-web-client-running-under-another-domain" href="https://gist.github.com/sebastienblanc/6133102#testing-in-a-cors-configuration-web-client-running-under-another-domain" style="color:rgb(65,131,196);text-decoration:none;display:block;padding-left:30px" target="_blank"><span></span></a>Testing in a CORS configuration (web client running under another domain)</h2>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">Same scenario I'm hitting a secure endpoint without having the role needed (BTW the OPTIONS preflights are handled without any errors).</p>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">I'm getting the same exception from the server but this time no proper 401 answer sent back to the client, and on client side the request is just canceled.</p>
<ol style="padding-left:30px;line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px"><li>Reproduce it To repoduce this scenario here are the step :</li>
</ol><ul style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px;padding:0px 0px 0px 30px"><li>Clone this branch <a href="https://github.com/sebastienblanc/aerogear-push-quickstart-backend/tree/cors_tests" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://github.com/sebastienblanc/aerogear-push-quickstart-backend/tree/cors_tests</a> ,<code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">mvn clean install</code> , <code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">mvn jboss-as:deploy</code></li>
<li><p style="margin:15px 0px">Clone this branch : <a href="https://github.com/aerogear/aerogear-push-quickstart-web/tree/AGPUSH-160" style="color:rgb(65,131,196);text-decoration:none" target="_blank">https://github.com/aerogear/aerogear-push-quickstart-web/tree/AGPUSH-160</a> and deploy it, making sure it's not running on the same port as aerodoc backend (for instance<code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">python -m SimpleHTTPServer</code> )</p>
</li><li><p style="margin:15px 0px">Browse to the simple client (in case you use python webserver it will be <code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">localhost:8000</code></p>
</li><li><p style="margin:15px 0px">Login With maria/123</p></li><li><p style="margin:15px 0px">Refresh the page : you should see the failure on retrieving the <code style="font-family:Consolas,'Liberation Mono',Courier,monospace;font-size:12px;line-height:normal;margin:0px 2px;padding:0px 5px;border:1px solid rgb(221,221,221);background-color:rgb(248,248,248);border-top-left-radius:3px;border-top-right-radius:3px;border-bottom-right-radius:3px;border-bottom-left-radius:3px;white-space:nowrap">/leads</code> endpoints.</p>
</li></ul><p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">So, What I'm looking for is to have a normal 401 status sent back to the client when using CORS, maybe someone has some ides about this ?</p>
<p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px"><br></p><p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">
Regards,</p><p style="line-height:20px;font-size:15.199999809265137px;font-family:Helvetica,arial,freesans,clean,sans-serif;margin:15px 0px">Seb</p></div>
<br></div></div>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div></div></div><br></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>