Re: [aerogear-dev] Initial Security for AeroGear UnifiedPush
On Wed, Jun 19, 2013 at 6:15 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
I do it, if we're not using the interceptor we're just hiding
a issue
and duplicating code.
I agree on that :)
- Issue: The endpoint should return 401 instead of bad request on requests.
correct.
So, how about:
I give it another try tomorrow and will report back ?
-Matthias
Matthias Wessendorf wrote:
> I think I didn't use it, because it throws an RT exception (no problem
> with that), which I could catch on the RestEasy layer.
> Instead of (for unauthorized invokes) returning 401 (to cURL, for
> instance), it was just "bad request".
>
> So, I went for the "check by code" solution first. Not saying that I am
> AGAINST the interceptor.
>
> I think on the long run that would be better and cleaner.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
Attachments:
- attachment.html (text/html — 2.4 KB)