Re: [aerogear-dev] Few suggestions about push quickstarts

Good morning, today I was looking at the quickstart demo for push and would like to make some considerations and see what do you guys think. In this way we can file jiras to move forward. - The quickstart make use of AeroGear Controller. IMO we should move to Resteasy

- Code formatting, do we have a template for it? I don't want to mess up with the project.

- Something that brought to my attention, after discuss with Passos some issues on Android is when you send: curl -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"loginName": "john", "password":"123"}' http://localhost:8080/prodoctor/login The HTTP response is: {"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New York"}

Attributes like expirationDate, partition and mailing password should never be sent back. For more details please take a look at how aerogear controller demo handle it https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main.... Behind the scenes PicketLink already encrypts the passwords on AGSec, but I can't do so much if they're sent back through the network. Thoughts? -- abstractj _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev