October 2012 - aerogear-dev - Jboss List Archives

by Daniel Passos

Hi guys I did some changes in the android library based on iOS stuff, it's closer to the pipeline adapter implementation. I would appreciate feedback and review. https://github.com/aerogear/aerogear-android/pull/1 https://github.com/aerogear/aerogear-android-todo/pull/1 Thanks, Passos

13 years

5
25
0 / 0

building aerogear-android-todo

by Daniel Bevenius

Hi! just wanted to ask if anyone has had any issues building aerogear-android-todo? I think I must have missed something obvious here as it does not build for me :( The details can be found here [1] Thanks, /Daniel [1] https://gist.github.com/3826704

13 years

4
4
0 / 0

0.0.3.M6 Snapshot - Security & Controller

by Bruno Oliveira

Hi everyone, Today I finally got https://issues.jboss.org/browse/AEROGEAR-437 done, which means that now we have AeroGear Controller integrated with PicketBox, Picketlink and Deltaspike. Aerogear Security is the "middle-man" responsible for deal with security frameworks and JAX-RS authorization responses, currently. And our routes now can be role based like this https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main...: route() .from("/delorean").roles("admin") .on(RequestMethod.GET) .to(Home.class).anotherPage(); It was deployed on OpenShift: http://controller-abstractj.rhcloud.com/aerogear-controller-demo/. If you wan't to test it and file some jiras to me, just configure your application like I did at our demo https://github.com/aerogear/aerogear-controller-demo/blob/master/pom.xml#L86 and go for it. What's missing? - HTTP authentication responses (High priority now, to handle responses to the client side) - Better exception handling - Expose timeout configuration - PicketBoxLoadUser must be optional - Role validation improvements - Page redirection on error (Daniel have been working on it - https://issues.jboss.org/browse/AEROGEAR-426) - Registration page - Code refactoring as usual - Make use of aerogear controller at our TODO app (eating our own dog food) -- "The measure of a man is what he does with power" - Plato - @abstractj - Volenti Nihil Difficile

13 years

2
1
0 / 0

AeroGear-Controller Exception Handling

by Daniel Bevenius

Hi! I've started looking at AEROGEAR-426 "General/fall-back error page on Controller": https://issues.jboss.org/browse/AEROGEAR-426 and have put together some suggestions which can be found here: https://gist.github.com/3737360 Any feedback is most welcome! Thanks, /Daniel

13 years

2
3
0 / 0

Aerogear.auth.js Tests

by Lucas Holmquist

I just sent a PR for AEROGEAR-499. https://github.com/aerogear/aerogear-js/pull/5 these tests only test the client side api. There will probably be other tests needed once the api is finalized, example, the isAuthenticated issue Matthias found

13 years

1
0
0 / 0

[auth] 401 vs. 403

by Matthias Wessendorf

Hi, I noticed that with Amazon's S3 (for instance) they return 403 when you are not authorized. Not really sure, but forbidden (403) is perhaps fine when accessing a protected REST endpoint (versus 401) ? Thoughts? -Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf

13 years

3
8
0 / 0

(no subject)

by Matthias Wessendorf

Hi Bruno, when issuing a HTTP request against a protected resource (I am not logged in), I am getting 401 (fine), but I don't see a 'WWW-Authenticate' header on the response. I also don't see any info on this in the security roadmap (see [1]). Was there a special reason to leave it out? I ask b/c usually that header is sent for basic, digest or even oauth on the response header. Thanks, Matthias [1] http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/ -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf

13 years

2
3
0 / 0

'WWW-Authenticate' header on 401 response

by Matthias Wessendorf

adding a subject :) On Tue, Oct 2, 2012 at 10:33 AM, Matthias Wessendorf <matzew(a)apache.org> wrote: > Hi Bruno, > > when issuing a HTTP request against a protected resource (I am not > logged in), I am getting 401 (fine), but I don't see a > 'WWW-Authenticate' header on the response. I also don't see any info > on this in the security roadmap (see [1]). Was there a special reason > to leave it out? I ask b/c usually that header is sent for basic, > digest or even oauth on the response header. > > Thanks, > Matthias > > [1] http://staging.aerogear.org/docs/planning/1.0.0/AeroGearSecurity/ > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf

13 years

1
0
0 / 0

[JS - auth] isAuthenticated issue...

by Matthias Wessendorf

Hi, I noticed some interesting behavior with the 'isAuthenticated' function. It returns TRUE even when the pipe is not authenticated, because a wrong(or no) authenticator has been attached, See: https://gist.github.com/3812824 IMO it should return FALSE when no authenticator is attached. Even on a 'pipe connection' where no auth is required, the 'isAuthenticated:false' would be still wrong, as the connection is not authenticated - since not required... Any thoughts ? Of course, this brings up the question if there should be some 'callback' that is invoke when the 'pipe' receives a 401. To indicate 'wrong' (or no) auth provided.. ?! -Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf

13 years

2
3
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

aerogear-dev October 2012