<div dir="ltr">Sorry I just missed your e-mail during while the syncalipse was happening.<div><br></div><div>What I meant was something like: admin, developers, regular users and how to deal with these roles. Maybe this is planned to the next steps, but at some point we need to test how KeyCloak could protect our endpoints and deal with multiple roles.</div>

<div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jan 26, 2014 at 10:41 AM, Matthias Wessendorf <span dir="ltr">&lt;<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello Bruno,<br><div class="gmail_extra"><br><br><div class="gmail_quote"><div class="im">On Sun, Jan 26, 2014 at 1:20 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<span>Any specific reason to limit the scope to admin page only? I&#39;m thinking about login for regular users</span></blockquote><div><br></div></div><div>Not sure I follow. What do you mean w/ &quot;regular users&quot;?&nbsp;</div>


<div><br></div><div><br></div><div>Before my change very thing was restricted by Keycloak (/*). I did not really change there a lot, however I just removed the URLs for &#39;device-registration&#39; and &#39;sending&#39;:</div>


<div><a href="https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50" target="_blank">https://github.com/matzew/aerogear-unifiedpush-server/blob/keycloak/src/main/webapp/WEB-INF/web.xml#L42-L50</a></div>


<div><br></div><div>So, currently the following is protected by Keycloak:</div><div>* Admin UI (not speaking about a specific admin user)</div><div>* REST APIs that are accessed by the Admin UI, like:</div><div>- <a href="http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/" target="_blank">http://aerogear.org/docs/specs/aerogear-push-rest/PushApplication/</a><br>


</div><div>- <a href="http://aerogear.org/docs/specs/aerogear-push-rest/Variants/" target="_blank">http://aerogear.org/docs/specs/aerogear-push-rest/Variants/</a></div><div><br></div><div>Perviously the &#39;device-registration&#39; and &#39;sending&#39; URL were protected as well. Removing them from the &#39;keycloak protection&#39; is really the only change</div>


<div><br></div><div>Greetings,</div><div>Matthias</div><div><div class="h5"><div><br></div><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


<div>&mdash;<br>abstractj</div><div><div>
<br><br><div class="gmail_quote"><p>On Sun, Jan 26, 2014 at 9:11 AM, Matthias Wessendorf <span dir="ltr">&lt;<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>&gt;</span> wrote:<br></p><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



<div dir="ltr">Hello!<div><br></div>
<div>I have a &nbsp;few more updates:<div><br></div>
<div>On my branch (a fork from Bruno&#39;s branch), the URLs for the actual sending and the device-registration (both &#39;protected&#39; via HTTP-Basic), now work again. I have &#39;limited&#39; the scope of the Keycloak &#39;protection&#39; to the AdminUI.&nbsp;</div>



<div><br></div>
<div>Greetings,</div>
<div>Matthias</div>
<div><br></div>
</div>
</div>
<div class="gmail_extra">
<br><br><div class="gmail_quote">On Fri, Jan 24, 2014 at 6:05 PM, Matthias Wessendorf <span dir="ltr">&lt;<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">



<div dir="ltr">I have updated the branch w/ their recent changes from this weeks alpha-1 release, and submitted a PR against abstractj&#39;s repo:<div>
<a href="https://github.com/abstractj/aerogear-unifiedpush-server/pull/1" target="_blank">https://github.com/abstractj/aerogear-unifiedpush-server/pull/1</a><br></div>
<div><br></div>
<div>More to come</div>
<div><br></div>
<div>Greetings,</div>
<div>Matthias</div>
<div><br></div>
</div>
<div class="gmail_extra">
<div><div>
<br><br><div class="gmail_quote">On Fri, Dec 20, 2013 at 1:11 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">


Good morning peeps, yesterday I started to replace AeroGear Security on Unified Push server by Keycloak and you might be asking: &ldquo;Why?&rdquo;. Keycloak is a SSO with some handy features like TOTP, OAuth2, user management support and I think we have too much to contribute, is the only way to have some success with security, &ldquo;divide to conquer&quot; (at least for authorization and authentication).<br>


<br>
So will ag-security be discontinued? No! Keycloak is still on Alpha and we have to test it against our projects before fully replace ag-security, but the only way to upstream our needs, is to using it.<br><br>
This replacement only applies to authentication/authorization features, we still have a ton of projects which Keycloak is not able to replace like: TOTP, crypto and OAuth2 on mobile, our focus.<br><br>
- PoC<br><br>
So let&rsquo;s talk about this replacement, any dependency on ag-security was removed from the push server and replaced by Keycloak:&nbsp;<a href="https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift" target="_blank">https://github.com/abstractj/aerogear-unifiedpush-server/tree/openshift</a><br>


<br>
Based on Keycloak examples, I just did copy &amp; paste from one of the demos (<a href="https://github.com/abstractj/auth-server/tree/openshift" target="_blank">https://github.com/abstractj/auth-server/tree/openshift</a>) to create a server. Keycloak requires Resteasy 3.0.4, for this reason I had to manually replace some modules on JBoss.<br>


<br>
To test it go to: <a href="http://push-abstractj.rhcloud.com/ag-push/" target="_blank">http://push-abstractj.rhcloud.com/ag-push/</a> you must be redirected to Keycloak, enter:&nbsp;<br><br>
username: <a href="mailto:john@doe.com" target="_blank">john@doe.com</a><br>
password: password<br><br>
You must be redirected to agpush console, keep in mind that I took some shortcuts to get this demo working, so for example the create will fail because I removed everything related into the ember interface.<br><br>
Is also possible to enable TOTP, user&rsquo;s registration and whatever you want.<br><br>
So what do you think?<br><br>
--<br>
abstractj<br><br>
_______________________________________________<br>
aerogear-dev mailing list<br><a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br><a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a>
</blockquote>
</div>
<br><br clear="all"><div><br></div>
</div></div>
<div>-- <br>
Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>




twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>
</div>
</blockquote>
</div>
<br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>



twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>
</blockquote></div><br></div></div><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div></div></div><div><div class="h5"><br><br clear="all"><div><br>

</div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>


twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><br></div>--&nbsp;<br>

&quot;The measure of a man is what he does with power&quot; - Plato<br>-<br>@abstractj<br>-<br>Volenti Nihil Difficile
</div></div>