Re: [aerogear-dev] Initial Security for AeroGear UnifiedPush
I do it, if we're not using the interceptor we're just hiding a issue
and duplicating code.
- Issue: The endpoint should return 401 instead of bad request on requests.
Matthias Wessendorf wrote:
I think I didn't use it, because it throws an RT exception (no
problem
with that), which I could catch on the RestEasy layer.
Instead of (for unauthorized invokes) returning 401 (to cURL, for
instance), it was just "bad request".
So, I went for the "check by code" solution first. Not saying that I am
AGAINST the interceptor.
I think on the long run that would be better and cleaner.
--
abstractj