<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Aug 8, 2013 at 6:55 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">This piece if code will be removed from AGSec<br>
<a href="https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L37" target="_blank">https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L37</a><br>
because is something very tied to Resteasy.<br></blockquote><div> </div><div style>Oh that is great news, that was also a point worrying me a bit ... so +1</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Regarding the issue with CORS, at first glance if we are willing to<br>
provide it on AGSec we will send extra HTTP headers to every<br>
unauthorized request. And is impossible to AGSec to cover every corner<br>
case, because at this point we should be able to distinguish CORS<br>
request from non CORS to send the correct headers.<br>
<br>
In the next releases the dependency with Resteasy will be removed and we<br>
will have only this block of code<br>
<a href="https://github.com/aerogear/aerogear-security/blob/1.1.x/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L41" target="_blank">https://github.com/aerogear/aerogear-security/blob/1.1.x/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L41</a>.<br>
<br>
<br>
I can't see any problems on having it at your project, unless with think<br>
this is very very high priority, leave it as is and feel free to<br>
implement your own exception handler.<br></blockquote><div style>Yes, will do that but in the same time I think we should document that somewhere, in case someone is facing the same issue. Any idea where would the best place to doc that ?</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5"><br>
Sebastien Blanc wrote:<br>
> Hi,<br>
><br>
> I realized that the HttpExceptionMapper[1] provided by ag-sec do not<br>
> work well in a CORS environment when returning a 401 response to the client.<br>
><br>
> Dan has found the fix by adding CORS headers in the HttpExceptionMapper,<br>
> we implemented that in a custom class[2] .<br>
><br>
> My question is, could we update the HttpExceptionMapper in ag-sec with<br>
> these extra headers or does that expose any side effects/risks ?<br>
><br>
> Or Should we provide just the CORS HttpExceptionMapper variant in ag-sec<br>
> based on [2] and document that ?<br>
><br>
> A JIRA [3] has been created to track this.<br>
><br>
> Seb<br>
><br>
><br>
><br>
><br>
> [1] <a href="https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java" target="_blank">https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java</a><br>
><br>
> [2] <a href="https://github.com/aerogear/aerogear-push-quickstart-backend/blob/master/src/main/java/org/jboss/aerogear/aerodoc/rest/CorsExceptionHandler.java" target="_blank">https://github.com/aerogear/aerogear-push-quickstart-backend/blob/master/src/main/java/org/jboss/aerogear/aerodoc/rest/CorsExceptionHandler.java</a><br>
><br>
> [3] <a href="https://issues.jboss.org/browse/AGSEC-98" target="_blank">https://issues.jboss.org/browse/AGSEC-98</a><br>
><br>
</div></div>> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
abstractj<br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</font></span></blockquote></div><br></div></div>