and it's not an issue related to
Aerogear ;-)
Karel
On Tue, 5 Nov 2013 07:49:19 -0500 (EST)
Stefan Miklosovic <smikloso(a)redhat.com> wrote:
Hi,
I have very basic setup:
1) REST endpoint NOT annotated with @Secure from aerogear-security
2) service in that REST endpoint method which does some operation on
database, methods of that service are NOT annotated with @Secure from
aerogear-security 3) methods in DAO class which are called in that service
methods (DAO is injected into service), some methods of that DAO class ARE
annotated with @Secure annotation.
When I am testing this setup manually, all works ok. When I login as admin,
after that, I can call that REST endpoint which in turn calls service layer
which in turn calls DAO layer annotated with @Secure. I do this with CURL and
I get what I expect.
However, when I am doing it like this:
https://gist.github.com/smiklosovic/fe5838598a524afdb775#file-gistfile1-j...
it seems to me that when I do login in the first method, I should be
authorized to do that (200 is returned, cookies are returned, all is good, I
am logged in) but I am not from LinkDao point of view. When that 2nd test
runs, it fails and it ends up with AeroGearSecurityException - not
authorized. Why?
It is interesting that it works "in one run" meaning I do that from REST
point of view but when I inject LinkDao into test, I should have the very
same container reference of it as in case I am doing it rest-like on the
command line so it should be the same - and that is apparently not the case.
How is picketlink related to aerogear-security regarding of sessions? And
what kind of reference do I get after injecting it into test? Why is not that
DAO class aware of my authorization? It seems that when I inject it into
test, that DAO is not aware of previous steps regarding of the authorization.
Thank you for any hints
Stefan Miklosovic
Red Hat Brno - JBoss Mobile Platform
e-mail: smikloso(a)redhat.com
irc: smikloso
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev