<style>
/* Changing the layout to use less space for mobiles */
@media screen and (max-device-width: 480px), screen and (-webkit-min-device-pixel-ratio: 2) {
    #email-body { min-width: 30em !important; }
    #email-page { padding: 8px !important; }
    #email-banner { padding: 8px 8px 0 8px !important; }
    #email-avatar { margin: 1px 8px 8px 0 !important; padding: 0 !important; }
    #email-fields { padding: 0 8px 8px 8px !important; }
    #email-gutter { width: 0 !important; }
}
</style>
<div id="email-body">
<table id="email-wrap" align="center" border="0" cellpadding="0" cellspacing="0" style="background-color:#f0f0f0;color:#000000;width:100%;">
    <tr valign="top">
        <td id="email-page" style="padding:16px !important;">
            <table align="center" border="0" cellpadding="0" cellspacing="0" style="background-color:#ffffff;border:1px solid #bbbbbb;color:#000000;width:100%;">
                <tr valign="top">
                    <td bgcolor="#3b4d64" style="background-color:#3b4d64;color:#ffffff;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;line-height:1;"><img src="https://issues.jboss.org/s/en_USdrryc7-418945332/852/58/_/jira-logo-scaled.png" alt="" style="vertical-align:top;" /></td>
                </tr><tr valign="top">
    <td id="email-banner" style="padding:32px 32px 0 32px;">
        
                
        
        
            <table align="left" border="0" cellpadding="0" cellspacing="0" width="100%" style="width:100%;">
    <tr valign="top">
        <td style="color:#505050;font-family:Arial,FreeSans,Helvetica,sans-serif;padding:0;">
                                        <img id="email-avatar" src="https://community.jboss.org/people/mwessendorf/avatar/16.png" alt="" height="48" width="48" border="0" align="left" style="padding:0;margin: 0 16px 16px 0;" />
                        <div id="email-action" style="padding: 0 0 8px 0;font-size:12px;line-height:18px;">
                                    <a class="user-hover" rel="mwessendorf" id="email_mwessendorf" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=mwessendorf" style="color:#326ca6;">Matthias Wessendorf</a>
     created <img src="https://issues.jboss.org/images/icons/issuetypes/newfeature.png" height="16" width="16" border="0" align="absmiddle" alt="Feature Request"> <a style='color:#326ca6;text-decoration:none;' href='https://issues.jboss.org/browse/AEROGEAR-1109'>AEROGEAR-1109</a>
            </div>
                        <div id="email-summary" style="font-size:16px;line-height:20px;padding:2px 0 16px 0;">
                <a style='color:#326ca6;text-decoration:none;' href='https://issues.jboss.org/browse/AEROGEAR-1109'><strong>TODO: can use wrong Auth-Token</strong></a>
            </div>
                    </td>
    </tr>
</table>
    </td>
</tr>
<tr valign="top">
    <td id="email-fields" style="padding:0 32px 32px 32px;">
        <table border="0" cellpadding="0" cellspacing="0" style="padding:0;text-align:left;width:100%;" width="100%">
            <tr valign="top">
                <td id="email-gutter" style="width:64px;white-space:nowrap;"></td>
                <td>
                    <table border="0" cellpadding="0" cellspacing="0" width="100%">
                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Issue Type:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                <img src="https://issues.jboss.org/images/icons/issuetypes/newfeature.png" height="16" width="16" border="0" align="absmiddle" alt="Feature Request">        Feature Request
    </td>
</tr>                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Affects Versions:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                    1.0.0            </td>
</tr>
                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Assignee:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                    Unassigned            </td>
</tr>                                                <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Components:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                    examples            </td>
</tr>
                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Created:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
        12/Apr/13 11:15 AM
    </td>
</tr>                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Description:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
        <p style='margin-top:0;margin-bottom:10px;'>When using CURL, I am able to by pass the Auth-Token (with cookies);</p>


<p style='margin-top:0;margin-bottom:10px;'>Doing a login:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
curl -3 -v --cookie-jar newcookies.txt -H <span class="code-quote">"Accept: application/json"</span> -H <span class="code-quote">"Content-type: application/json"</span> -X POST https:<span class="code-comment">//todo-aerogear.rhcloud.com/todo-server/auth/login -d '{<span class="code-quote">"username"</span>:<span class="code-quote">"john"</span>,<span class="code-quote">"password"</span>:<span class="code-quote">"123"</span>}'</span>
</pre>
</div></div>

<p style='margin-top:0;margin-bottom:10px;'>Getting a response, with the new Auth-Token:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt; HTTP/1.1 200 OK
&lt; Date: Fri, 12 Apr 2013 15:09:53 GMT
&lt; Server: Apache-Coyote/1.1
&lt; Auth-Token: 6f5b8b84-f872-428d-8ee0-a516610d30e4
&lt; Content-Type: application/json;charset=UTF-8
&lt; Content-Length: 46
* Added cookie JSESSIONID=<span class="code-quote">"AWxvYeSr0nin0AE+XdotWsQd"</span> <span class="code-keyword">for</span> domain todo-aerogear.rhcloud.com, path /todo-server, expire 0
&lt; Set-Cookie: JSESSIONID=AWxvYeSr0nin0AE+XdotWsQd; Path=/todo-server
&lt; Vary: Accept-Encoding
&lt; 
* Connection #0 to host todo-aerogear.rhcloud.com left intact
{<span class="code-quote">"username"</span>:<span class="code-quote">"john"</span>,<span class="code-quote">"roles"</span>:[<span class="code-quote">"admin"</span>,<span class="code-quote">"simple"</span>]}* Closing connection #0
</pre>
</div></div>


<p style='margin-top:0;margin-bottom:10px;'>Now, accessing a proctected resource, using the cookies but an invalid Auth-Token:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
curl -3 -v --cookie newcookies.txt -H <span class="code-quote">"Accept: application/json"</span> -H <span class="code-quote">"Content-type: application/json"</span> --header <span class="code-quote">"Auth-Token: I_AM_WRONG"</span> -X GET https:<span class="code-comment">//todo-aerogear.rhcloud.com/todo-server/tags</span>
</pre>
</div></div>

<p style='margin-top:0;margin-bottom:10px;'>I am getting a 200 response of the endpoint:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&gt; GET /todo-server/tags HTTP/1.1
&gt; User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
&gt; Host: todo-aerogear.rhcloud.com
&gt; Cookie: JSESSIONID=AWxvYeSr0nin0AE+XdotWsQd
&gt; Accept: application/json
&gt; Content-type: application/json
&gt; Auth-Token: I_AM_WRONG
&gt; 
&lt; HTTP/1.1 200 OK
&lt; Date: Fri, 12 Apr 2013 15:10:03 GMT
&lt; Server: Apache-Coyote/1.1
&lt; Content-Type: application/json;charset=UTF-8
&lt; Vary: Accept-Encoding
&lt; Transfer-Encoding: chunked
&lt; 
* Connection #0 to host todo-aerogear.rhcloud.com left intact
[{<span class="code-quote">"id"</span>:1,<span class="code-quote">"title"</span>:<span class="code-quote">"asdf"</span>,<span class="code-quote">"style"</span>:<span class="code-quote">"tag-79-33-196"</span>,<span class="code-quote">"tasks"</span>:[1]},{<span class="code-quote">"id"</span>:2,<span class="code-quote">"title"</span>:<span class="code-quote">"dadasdasdas"</span>,<span class="code-quote">"style"</span>:<span class="code-quote">"tag-255-255-255"</span>,<span class="code-quote">"tasks"</span>:[]}]* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
</pre>
</div></div>


    </td>
</tr>
                                                                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Fix Versions:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                    1.1.0            </td>
</tr>
                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Project:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
        <a style="color:#326ca6;" href="https://issues.jboss.org/browse/AEROGEAR">AeroGear</a>
    </td>
</tr>                                                <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Priority:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                        <img src="https://issues.jboss.org/images/icons/priorities/major.png" height="16" width="16" border="0" align="absmiddle" alt="Major">                Major
    </td>
</tr>
                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Reporter:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
                                        <a class="user-hover" rel="mwessendorf" id="email_mwessendorf" href="https://issues.jboss.org/secure/ViewProfile.jspa?name=mwessendorf" style="color:#326ca6;">Matthias Wessendorf</a>
                </td>
</tr>                        <tr valign="top">
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 10px 10px 0;white-space:nowrap;">
        <strong style="font-weight:normal;color:#505050;">Security Level:</strong>
    </td>
    <td style="color:#000000;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:12px;padding:0 0 10px 0;width:100%;">
        Public (Everyone can see)     </td>
</tr>
                            
    
    
                        </table>
                </td>
            </tr>
        </table>
    </td>
</tr>













            </table>
        </td><!-- End #email-page -->
    </tr>
    <tr valign="top">
        <td style="color:#505050;font-family:Arial,FreeSans,Helvetica,sans-serif;font-size:10px;line-height:14px;padding: 0 16px 16px 16px;text-align:center;">
            This message is automatically generated by JIRA.<br />
            If you think it was sent incorrectly, please contact your JIRA administrators<br />
            For more information on JIRA, see: <a style='color:#326ca6;' href='http://www.atlassian.com/software/jira'>http://www.atlassian.com/software/jira</a>
        </td>
    </tr>
</table><!-- End #email-wrap -->
</div><!-- End #email-body -->