Thanks for your interest and your project sounds interesting.
<DISCLAIMER>Please reconsider twice before removing this security, you should really not do this </DISCLAIMER>

But, here is where it happens https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/jaxrs/src/main/java/org/jboss/aerogear/unifiedpush/rest/sender/PushNotificationSenderEndpoint.java#L55-L64  or https://github.com/aerogear/aerogear-unifiedpush-server/blob/0.10.x/server/src/main/java/org/jboss/aerogear/unifiedpush/rest/sender/PushNotificationSenderEndpoint.java#L55-L67 for the 0.10.x version. 
The code is pretty straighforward and remember your alias will be in UnifiedMessage.

Are you using the cartdridge for OpenShift ? if yes, you will not able to deploy your "patched" version. You will have to compile it, package a WAR and deploy it on a JBOSS/Wildfly OpenShift cartdridge.

On Wed, Apr 16, 2014 at 2:53 PM, Florian Schrofner <florian.schrofner@outlook.com> wrote:
Hey there guys!

We are currently working on our semester project which allows you to sync
notifications across different devices. The notifications themselves are
stored on a separate webserver, but we are using the aerogear unified
pushserver to start a sync.
All the devices which should receive the push (and start the sync) are using
the same alias, the push will be triggered by one of these devices
On Android it should work fine, since we are able to use the Java Client and
the secret without a problem (at least i think the secret would not be
visible to anyone on Android).
But we are also planning to implement a Chrome Addon and we don't really
like the idea to make the master-secret visible to everyone.

We know that the unified push server is not intended to be used as
client-to-client push server atm, but since the pushes don't contain any
important data it would be a sufficient solution to just disable the need
for a master-secret if an alias is given (this would at least prevent
broadcasts from being sent by third persons).

So we wanted to ask you guys which lines of code we should modify inorder to
allow pushes without master-secret, if an alias is given?
It should only be an additional "if", I guess.. or does it get more
We are currently hosting our unified pushserver on OpenShift (would be nice
if you could also roughly tell us how to push the changes onto the server..
do we need to recompile everything?)


View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Allow-Push-Without-Master-Secret-tp7474.html
Sent from the aerogear-dev mailing list archive at Nabble.com.
aerogear-dev mailing list