Re: [aerogear-dev] Initial Security for AeroGear UnifiedPush

Just to let you know, I opened the following jira https://issues.jboss.org/browse/AGSEC-68 and already attached a PR. The whole idea is as soon as we on the authorization model, extract it to AGSEC. I'll also start some unit testing to the endpoints. Matthias Wessendorf wrote: > > > > On Wed, Jun 19, 2013 at 6:15 PM, Bruno Oliveira <bruno(a)abstractj.org > <mailto:bruno@abstractj.org>> wrote: > > I do it, if we're not using the interceptor we're just hiding a issue > and duplicating code. > > > I agree on that :) > > > - Issue: The endpoint should return 401 instead of bad request on > requests. > > > correct. > > So, how about: > I give it another try tomorrow and will report back ? > > -Matthias > > > Matthias Wessendorf wrote: > > I think I didn't use it, because it throws an RT exception (no > problem > > with that), which I could catch on the RestEasy layer. > > Instead of (for unauthorized invokes) returning 401 (to cURL, for > > instance), it was just "bad request". > > > > So, I went for the "check by code" solution first. Not saying > that I am > > AGAINST the interceptor. > > > > I think on the long run that would be better and cleaner. > > -- > abstractj > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > > -- > Matthias Wessendorf > > blog: http://matthiaswessendorf.wordpress.com/ > sessions: http://www.slideshare.net/mwessendorf > twitter: http://twitter.com/mwessendorf > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev -- abstractj _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev