I see the same thing via curl but it works in browser. My guess would be it has something
to do with everything being session based and the session isn't properly maintained
with curl. That's mostly just a guess though.
On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <matzew(a)apache.org> wrote:
Hi Bruno,
playing with the 'picketbox' branch of the TODO app. I have one
question about the security API ...
I am able to do a successful login with 'curl' ==> curl -v -H
"Accept: application/json" -H "Content-type: application/json" -X
POST
-d
'{"username":"john","password":"123"}'
http://localhost:8080/todo-server/auth/login
Great, my RESPONSE looks like:
{"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
Now when I want to fetch the projects (from their endpoint), by using
the token (as header) (again with) curl:
curl -v -H "Accept: application/json" --header "token:
6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
http://localhost:8080/todo-server/projects
As a response I am getting 401 (Unauthorized)
==>
* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /todo-server/projects HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r
zlib/1.2.5
> Host: localhost:8080
> Accept: application/json
> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 39
< Date: Wed, 26 Sep 2012 11:29:56 GMT
<
* Connection #0 to host localhost left intact
Am I missing something here ?
Greetings,
Matthias
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev