Java Sender API - fire&forget - adding callback methods?
by Karel Piwko
Hi,
I went once again through
http://lists.jboss.org/pipermail/aerogear-dev/2013-June/002901.html - which
says that Sender API should be fire&forget. It feels more like "maybe
fire"&forget, for instance it does not say that your credentials were wrong - or
it says, you need parse logs to get that information.
If I think about Android, iOS, JS solutions to communicate with
UnifiedPush we provide - Pipes - they always provide a callback to be executed
on success/failure. Could we add callback to Sender API? Or should not Aerogear
rather have something like Pipes abstraction for Java developers instead of
pretty dumb Sender API?
Thoughts?
Thanks,
Karel
11 years, 11 months
Re: [aerogear-dev] [aerogear-issues] [JBoss JIRA] (AEROGEAR-1338) It is impossible to log in for the second time or with different user simultaneously
by Luke Holmquist
Where are u trying to log in. It doesn't say
Sent from my iPhone
> On Oct 17, 2013, at 7:15 PM, "Stefan Miklosovic (JIRA)" <aerogear-issues(a)lists.jboss.org> wrote:
>
>
>
>
> Stefan Miklosovic created AEROGEAR-1338
> It is impossible to log in for the second time or with different user simultaneously
> Issue Type: Bug
> Assignee: Unassigned
> Created: 17/Oct/13 7:14 PM
> Description:
> When I register as admin and developer and I try to log in as admin in one tab and after that as developer in another tab (I changed password from default one for both users) I am unable to do so since error is thrown.
>
> I can not log in as admin twice (I log in as admin in one tab and I log in as admin in another tab while I am still logged in in the first tab)
>
> First of all, being able to be logged in for multilple users seems to be crucial. Secondly, when I try to log in for the second time while I am already logged in, I would expect appropriate error message to be displayed to me or I would be automatically redirected to application itself when credentials have not expired yet.
>
> Project: AeroGear
> Priority: Major
> Reporter: Stefan Miklosovic
> Security Level: Public (Everyone can see)
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
> _______________________________________________
> aerogear-issues mailing list
> aerogear-issues(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-issues
11 years, 11 months
Github History
by Kris Borchers
I just wanted to point something out that Matthias and I found this morning. Apparently, when you rename a folder in your repo, the history view for that file gets fragmented. If you go into the blame for that file, you can still see all of the last commits for each line and from there you can view the file history before the structure change. I just wanted to make sure everyone was aware so that contributors don't think we are removing their commits or doing anything else shady like that because on the surface it looks bad without a bit of digging. I feel like we are very careful with maintaining history and credit for work so just wanted to point this out.
11 years, 11 months
Release: AeroGear UnifiedPush Server (Version: 0.8.1) (was: Re: Staged: AeroGear UnifiedPush Server)
by Matthias Wessendorf
Hi,
I am happy to announce that we have a new release of the AeroGear
UnifiedPush Server!
The biggest change we did in this release was applying an update to our
RESTful Sender API: We now have one single endpoint to deliver Push
Notifications to the supported platforms like Android, iOS and Mozilla's
SimplePush. This of course has some impact on the client libraries and we
will have the Java Library available on Maven Central shortly, while our
latest NodeJS API is already available on npm.
Besides that we added support for JavaEE Bean Validation, added support for
WildFly and polished the Admin UI (including an update to Ember 1.0.0). An
SSL workaround for our OpenShift cardridge could be remove as well, as the
underlying bug was fixed. And other minor things. Below are the enitre
release notes for further details!
Now, you can download the WAR
file<http://dl.bintray.com/matzew/AeroGear-UnifiedPush/org/jboss/aerogear/unif...>
and
give it a shot!
Have fun!
Matthias
Release Notes - AeroGear Push - Version 0.8.1
<https://gist.github.com/matzew/8524d680710919da44da#--------bug>Bug
- [AGPUSH-255 <https://issues.jboss.org/browse/AGPUSH-255>] - Add server
side validation and appropriate response body for bad requests
- [AGPUSH-259 <https://issues.jboss.org/browse/AGPUSH-259>] - When
adding variant, all "help" links point to iOS help
- [AGPUSH-298 <https://issues.jboss.org/browse/AGPUSH-298>] - PushServer
@DELETE methods violate REST specifications
- [AGPUSH-299 <https://issues.jboss.org/browse/AGPUSH-299>] - Misleading
info in the Authentication Info section on the Mobile Variant Overview page
- [AGPUSH-304 <https://issues.jboss.org/browse/AGPUSH-304>] - Admin UI
should do auth check before rendering content
- [AGPUSH-342 <https://issues.jboss.org/browse/AGPUSH-342>] - Admin UI
installation details wrong label Description instead of Device Type
- [AGPUSH-353 <https://issues.jboss.org/browse/AGPUSH-353>] - Loading
mispelled
<https://gist.github.com/matzew/8524d680710919da44da#--------enhancement>
Enhancement
- [AGPUSH-343 <https://issues.jboss.org/browse/AGPUSH-343>] - Add
Access-Control-Max-Age to CORS preflight headers
<https://gist.github.com/matzew/8524d680710919da44da#--------feature-request>Feature
Request
- [AGPUSH-200 <https://issues.jboss.org/browse/AGPUSH-200>] - Add Google
"Project Number" to Android Variant
- [AGPUSH-271 <https://issues.jboss.org/browse/AGPUSH-271>] - AdminUI:
simplePushEndpoint for SP installations
- [AGPUSH-275 <https://issues.jboss.org/browse/AGPUSH-275>] -
UnifiedPush Server: Add database CLI
- [AGPUSH-287 <https://issues.jboss.org/browse/AGPUSH-287>] - Undo
OpenShift SSL Certificate workaround
- [AGPUSH-288 <https://issues.jboss.org/browse/AGPUSH-288>] - No way to
show variant details if the variant has no name
- [AGPUSH-302 <https://issues.jboss.org/browse/AGPUSH-302>] -
UnifiedPush: iOS-Corodva guide
- [AGPUSH-305 <https://issues.jboss.org/browse/AGPUSH-305>] - Move CURL
commands to REST API specs
- [AGPUSH-332 <https://issues.jboss.org/browse/AGPUSH-332>] - Allow to
add user
- [AGPUSH-334 <https://issues.jboss.org/browse/AGPUSH-334>] - Update to
Ember 1.0.0
- [AGPUSH-341 <https://issues.jboss.org/browse/AGPUSH-341>] - Admin UI
show push endpoint URL in installation details screen
- [AGPUSH-354 <https://issues.jboss.org/browse/AGPUSH-354>] - remove
provider class name in persistence.xml
- [AGPUSH-356 <https://issues.jboss.org/browse/AGPUSH-356>] - Using
AuthenticationManager injection with Agent parameter
- [AGPUSH-357 <https://issues.jboss.org/browse/AGPUSH-357>] - Using
IdentityManagement injection with User parameter
- [AGPUSH-375 <https://issues.jboss.org/browse/AGPUSH-375>] - Update
UnifiedPush Spec to use https
<https://gist.github.com/matzew/8524d680710919da44da#--------task>Task
- [AGPUSH-226 <https://issues.jboss.org/browse/AGPUSH-226>] - Update
Ember in Bower
- [AGPUSH-323 <https://issues.jboss.org/browse/AGPUSH-323>] - Remove
broadcast from Sender API
<https://gist.github.com/matzew/8524d680710919da44da#--------sub-task>
Sub-task
- [AGPUSH-313 <https://issues.jboss.org/browse/AGPUSH-313>] - Admin UI:
Display Android Project Number
- [AGPUSH-314 <https://issues.jboss.org/browse/AGPUSH-314>] - Update
AG-UP specs to reflect the project number property
- [AGPUSH-348 <https://issues.jboss.org/browse/AGPUSH-348>] - Update UP
Specs
- [AGPUSH-370 <https://issues.jboss.org/browse/AGPUSH-370>] - Spec update
On Tue, Oct 15, 2013 at 4:43 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
> Hi,
>
> the WAR file has been staged:
>
> http://dl.bintray.com/matzew/AeroGear-UnifiedPush/org/jboss/aerogear/unif...
>
> I'd appreciate if you give it a shot.
>
> NOTE: You need to take care of adding our datasource to the standalone.xml
> file.
> We have a CLI that does that for you, details are here:
>
>
> https://github.com/aerogear/aerogear-unifiedpush-server#h2-database-confi...
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
11 years, 11 months
iOS Crypto findings II
by Corinne Krych
Hello All,
With Christos we sit down to see remaining tasks/questions to achieve symmetric encryption.
See team agenda:
http://oksoclap.com/p/iOS_Security_Meeting.16.10.03
Here is the output:
- We created initial unit test for encryption/decryption
- Password derivation is done.
- Random generation helper done. Refactor of AGRandomGenerator. Split into different classes. Christos on it.
- Corinne created an initial encryptionimplementation using block encryption see
https://github.com/cvasilak/aerogear-crypto-ios/blob/master/crypto-sdk/AG...
We would like to move to stream encryption using CCCryptorUpdate. Christos on the case. Work in Pogress.
- Encryption/Decryption could be a coslty operation we would like to do async work on different thread (dispatch_async->cipher->dispatch_main_queue )
Corinne to look at it.
=> impact on API, we would like to go forward with "encrypt:success:failure" async versions to avoid developer to use e.g.
- Question: where do we want to store random IV, encryption key (or just salt) used for encryption and neeeded to decrypt?
- What do we want for a demo?
Corinne to start a separate demo thread on ML: as the demo should be shared across JS/Android/iOS/cordova
++
Corinne
11 years, 11 months
Querying encrypted data
by Summers Pittman
One of the things that came up while discussing offline secure storage
on Android was how to query encrypted data.
The first ideas that I could think of were:
1) Load encrypted files/data/databases into memory, decrypt them, query
them, return results and GC the decrypted data.
2) magical phonetic encryption
3) Include queryable decrypted metadata along with encrypted payloads.
The payloads will not be queryable and only be decrypted if metadata
matches the query.
#1 has some benefits (easy to implement across platforms, doesn't
require a lot of work) and some draw backs (large datasets would eat
into available memory, whole dataset would be vulnerable to a VM attack).
#2 is a placeholder for better ideas.
#3 is interesting because it is a middle of the road approach. One of
the options for implementation I thought of would be to annotate fields
in the VO being stored as "privledged" and they would be the only ones
encrypted/decrypted when an object is stored or loaded.
wdyt?
11 years, 11 months
blog links
by Erik Jan de Wit
Hi,
When I was blogging for Errai we had a dedicated blog page errai-blog.blogspot.ch, good thing about that is that it's very simple gathers all the blogs about Errai into a single place. Now we don't have that for AeroGear everybody uses there own personal blog. But wouldn't it be nice if we could somehow mesh those post all up ad put them on the site somehow? Something like a recent blog section. Only problem is how do we make something like that? We could use a feed aggregator to mesh all these feeds up into one and publish a feed about AeroGear, that would be a start. But how would we display the titles that are in this feed on the site. There are javascript feed parsers, but because of XSS restrictions this wouldn't help much or we could use jekll to download the feed as xml and then parse it in javascript, but is then the update cycle fast enough?
What do you guys thing about having a aggregated feed and or a recent blog section on the site?
Cheers,
Erik Jan
11 years, 11 months
