<div dir="ltr">Hello Bruno,<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span>Any specific reason to limit the scope to admin page only? I'm thinking about login for regular users</span></blockquote><div><br></div><div>Not sure I follow. What do you mean w/ "regular users"? </div>
<div><br></div><div><br></div><div>Before my change very thing was restricted by Keycloak (/*). I did not really change there a lot, however I just removed the URLs for 'device-registration' and 'sending':</div>
<div><a href="https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50">https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50</a></div>
<div><br></div><div>So, currently the following is protected by Keycloak:</div><div>* Admin UI (not speaking about a specific admin user)</div><div>* REST APIs that are accessed by the Admin UI, like:</div><div>- <a href="http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/">http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/</a><br>
</div><div>- <a href="http://aerogear.org/docs/specs/aerogear-push-rest/Variants/">http://aerogear.org/docs/specs/aerogear-push-rest/Variants/</a></div><div><br></div><div>Perviously the 'device-registration' and 'sending' URL were protected as well. Removing them from the 'keycloak protection' is really the only change</div>
<div><br></div><div>Greetings,</div><div>Matthias</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div>—<br>abstractj</div><div class=""><div class="h5">
<br><br><div class="gmail_quote"><p>On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br></p><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">Hello!<div><br></div>
<div>I have a few more updates:<div><br></div>
<div>On my branch (a fork from Bruno's branch), the URLs for the actual sending and the device-registration (both 'protected' via HTTP-Basic), now work again. I have 'limited' the scope of the Keycloak 'protection' to the AdminUI. </div>
<div><br></div>
<div>Greetings,</div>
<div>Matthias</div>
<div><br></div>
</div>
</div>
<div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <span dir="ltr"><<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr">I have updated the branch w/ their recent changes from this weeks alpha-1 release, and submitted a PR against abstractj's repo:<div>
<a href="https://github.com/abstractj/aerogear-unifiedpush-server/pull/1" target="_blank">https://github.com/abstractj/aerogear-unifiedpush-server/pull/1</a><br></div>
<div><br></div>
<div>More to come</div>
<div><br></div>
<div>Greetings,</div>
<div>Matthias</div>
<div><br></div>
</div>
<div class="gmail_extra">
<div><div>
<br><br><div class="gmail_quote">On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Good morning peeps, yesterday I started to replace AeroGear Security on Unified Push server by Keycloak and you might be asking: “Why?”. Keycloak is a SSO with some handy features like TOTP, OAuth2, user management support and I think we have too much to contribute, is the only way to have some success with security, “divide to conquer" (at least for authorization and authentication).<br>
<br>
So will ag-security be discontinued? No! Keycloak is still on Alpha and we have to test it against our projects before fully replace ag-security, but the only way to upstream our needs, is to using it.<br><br>
This replacement only applies to authentication/authorization features, we still have a ton of projects which Keycloak is not able to replace like: TOTP, crypto and OAuth2 on mobile, our focus.<br><br>
- PoC<br><br>
So let’s talk about this replacement, any dependency on ag-security was removed from the push server and replaced by Keycloak: <a href="https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift" target="_blank">https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift</a><br>
<br>
Based on Keycloak examples, I just did copy & paste from one of the demos (<a href="https://github.com/abstractj/auth-server/tree/openshift" target="_blank">https://github.com/abstractj/auth-server/tree/openshift</a>) to create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to manually replace some modules on JBoss.<br>
<br>
To test it go to: <a href="http://push-abstractj.rhcloud.com/ag-push/" target="_blank">http://push-abstractj.rhcloud.com/ag-push/</a> you must be redirected to Keycloak, enter: <br><br>
username: <a href="mailto:john@doe.com" target="_blank">john@doe.com</a><br>
password: password<br><br>
You must be redirected to agpush console, keep in mind that I took some shortcuts to get this demo working, so for example the create will fail because I removed everything related into the ember interface.<br><br>
Is also possible to enable TOTP, user’s registration and whatever you want.<br><br>
So what do you think?<br><br>
--<br>
abstractj<br><br>
_______________________________________________<br>
aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a>
</blockquote>
</div>
<br><br clear="all"><div><br></div>
</div></div>
<div>-- <br>
Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>
</div>
</blockquote>
</div>
<br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>
</blockquote></div><br></div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>