
<div dir="ltr">+1<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Sep 18, 2013 at 10:16 AM, Karel Piwko <span dir="ltr">&lt;<a href="mailto:kpiwko@redhat.com" target="_blank">kpiwko@redhat.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">+1<br>

<div class="HOEnZb"><div class="h5"><br>

On Wed, 18 Sep 2013 07:40:58 -0500<br>

Kris Borchers &lt;<a href="mailto:kris@redhat.com">kris@redhat.com</a>&gt; wrote:<br>

<br>

&gt; +1<br>

&gt;<br>

&gt; On Sep 18, 2013, at 7:35 AM, Matthias Wessendorf &lt;<a href="mailto:matzew@apache.org">matzew@apache.org</a>&gt; wrote:<br>

&gt;<br>

&gt; &gt; No, it&#39;s more like<br>

&gt; &gt;<br>

&gt; &gt; * may not be null<br>

&gt; &gt; * is to long<br>

&gt; &gt;<br>

&gt; &gt; etc<br>

&gt; &gt;<br>

&gt; &gt; Not providing IDs, credentials etc. Makes sense ?<br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt; On Wed, Sep 18, 2013 at 2:32 PM, Kris Borchers &lt;<a href="mailto:kris@redhat.com">kris@redhat.com</a>&gt; wrote:<br>

&gt; &gt; I will say +1 for this as long as none of the error messages returned<br>

&gt; &gt; introduce security issues by exposing too much info.<br>

&gt; &gt;<br>

&gt; &gt; On Sep 18, 2013, at 4:27 AM, Matthias Wessendorf &lt;<a href="mailto:matzew@apache.org">matzew@apache.org</a>&gt; wrote:<br>

&gt; &gt;<br>

&gt; &gt;&gt; Following up on [1], currently we give 400 (Bad Request), with no good<br>

&gt; &gt;&gt; meaning, when creating/updating a PushApplication or a Variant;<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; The HTML page(!) simply says &quot;The request sent by the client was<br>

&gt; &gt;&gt; syntactically incorrect &quot;<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; As suggested in [1] a good idea is using Bean Validation and returning<br>

&gt; &gt;&gt; better errors.<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; The result would be a 400 (Bad Request) response, containing the errors<br>

&gt; &gt;&gt; and their messages as a JSON object (instead of a HTML page).<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; E.g.:<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; {&quot;name&quot;:&quot;may not be null&quot;}<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; This is a) more meaningful and we can also get rid of our &#39;hard-coded&#39;<br>

&gt; &gt;&gt; validation rules, like:<br>

&gt; &gt;&gt; <a href="https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/AndroidVariantEndpoint.java#L79-L82" target="_blank">https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/src/main/java/org/jboss/aerogear/unifiedpush/rest/registry/applications/AndroidVariantEndpoint.java#L79-L82</a><br>


&gt; &gt;&gt;<br>

&gt; &gt;&gt; -Matthias<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; [1] <a href="https://issues.jboss.org/browse/AGPUSH-255" target="_blank">https://issues.jboss.org/browse/AGPUSH-255</a><br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; --<br>

&gt; &gt;&gt; Matthias Wessendorf<br>

&gt; &gt;&gt;<br>

&gt; &gt;&gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; &gt;&gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; &gt;&gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

&gt; &gt;&gt; _______________________________________________<br>

&gt; &gt;&gt; aerogear-dev mailing list<br>

&gt; &gt;&gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt;&gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt; _______________________________________________<br>

&gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt;<br>

&gt; &gt; --<br>

&gt; &gt; Matthias Wessendorf<br>

&gt; &gt;<br>

&gt; &gt; blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>

&gt; &gt; sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>

&gt; &gt; twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>

&gt; &gt; _______________________________________________<br>

&gt; &gt; aerogear-dev mailing list<br>

&gt; &gt; <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

&gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

&gt;<br>

<br>

_______________________________________________<br>

aerogear-dev mailing list<br>

<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>

<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>

</div></div></blockquote></div><br></div>