While reviewing summers' PR I've found myself doing that tedious work of
fixing license headers again - what do y'all think part of our default
tools (like maven-license-plugin) on an aerogear parent pom (which
inherits from jboss parent pom, of course)
Pulling this over from IRC.
Right now the only components I can think of which are being actively
worked on or actively planned for the near future are pipes, auth, push,
sync, and offline. Does anyone else have any that they would like to
see added to the AGDROID Jira project?
iOS platform provides built-in implementations for authenticating against HTTP endpoints that support Basic / Digest authentication (among others). The workflow when iOS tries to authenticate against those endpoints is basically:
a) A credential storage singleton object provided by the system is consulted for authentication credentials. If credentials are found, the system proceeds with authentication. Understandably for this to work, the developer has to initially push the credentials to the system object (and remove when done).
b) If credentials are NOT found, the system tries to call the delegate method e.g. 'connection:didReceiveAuthenticationChallenge', giving a chance for the user to provide the credentials, by calling the appropriate methods on the authentication challenge object passed in.
AeroGear library, currently has a notion of pluggable authentication modules providing an interface for clients to implement 'login', and 'logout' methods, depending on the authentication scenarios that they try to support. This fits nicely with singleton credential storage approach, in the sense when doing 'login' and 'logout', we simply edit the credential storage adding or removing credentials appropriately. A branch for this work can be found here. For usage, have a look at our integration test
For testing purposes, another branch was created, this time letting the user to directly pass an NSURLCredential object initialised with the username/password combination during the Pipe configuration. Those credentials are internally stored and given back to the system by implementing the necessary callback . A usage example can be found in our integration test
advantages of using the singleton approach:
- fits nicely with the authentication mechanism we have in place (as an extension HTTPBasicDigestAuthenticationModule) so user familiarity when looking to add basic/digest support to the Pipe.
- we control the credential type e.g. 'NSURLCredentialPersistenceForSession'. This eliminates errors of using 'NSURLCredentialPersistencePermanent' and having the user to explicitly clear the keychain when trying to login with a different combination. For my search, many errors occurs because of this.
disadvantages of using the singleton approach:
- not sure if many iOS dev will like the fact of creating an Authenticator object instead of using directly an NSURLCredential object that are used to.
advantages of using the 'nsurlcredential' directly:
- users familiarity with the object.
- not explicit login logout request.
disadvantages of using the 'nsurlcredential' directly:
- error credential type can lead to errors.
With discussions with Matthias, we are more keen in following the HTTPBasicDigestAuthenticationModule approach instead of providing the NSURLCredential configuration option on the Pipe. Surely enough, in the documentation we will explicitly state that "login"/ "logout" methods, serve as a mean to setup internally the iOS authentication system so users don't have too (instead of calling remote endpoints)
The new Android build tools (IE Android Studio) are still in beta, but
passos and I were thinking of adding support for them for the 1.2
release. I havn't given these tools more than a cursory look, but we
will have to support them sooner or later.
What do you guys think?
Most of the code is JDK6, except PushEE which requires JDK 6. Android requires
JDK 6 API as well, thanks Summers for pointing that out. The only component
that requires JDK7 is PushEE afaict.
So, even if JDK 6 is officially EOLed (at least Oracle's one), I'd prefer to
limit our code to JDK6 features. Does it make sense?
I can setup animal sniffer plugin to enforce JDK API conformance and
send PRs if you will - btw, do you guys already have a common parent with plugin
The other question is default runtime. Would you guys recommend JDK7 or JDK6?
I'm biased here to decide myself.