Re: [aerogear-dev] aerogear security and android

hello , sorry , i will try to explain a changed project jaxrs shiro to running WildFly 8.0.0.Final: remove interface IdentityManagement interceptor jar web.xml <interceptors> <class>org.jboss.aerogear.security.interceptor.SecurityInterceptor</class> </interceptors> and change IdentityManagementImpl @ShiroSecurity //for Secure.java @Default @ApplicationScoped public class* IdentityManagementImpl* implements IdentityManagement<User> { @Override public boolean hasRoles(Set<String> roles) { return subject.hasAllRoles(roles); } ... i changed service/ @GET @Path("/bacon") @Produces(MediaType.APPLICATION_JSON) @Secure("simple") public List<String> bacons() { return Arrays.asList(new String[]{"bacon", "Jowl", "Canadian", "Speck", "Pancetta"}); } @GET @Path("/livre") @Produces(MediaType.APPLICATION_JSON) public List<String> livre() { return Arrays.asList(new String[]{"livre", "Jowl", "Canadian", "Speck", "Pancetta"}); } @GET @Path("/cerveja") @Produces(MediaType.APPLICATION_JSON) @Secure("admin") public List<String> beers() { return Arrays.asList(new String[]{"cerveja", "California", "Michigan", "Ireland", "British"}); } my problem in login and autorization service i login (mar is role "simple") curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H "Content-type: application/json" -d '{"loginName":"mar","password":"123"}' -X POST http://localhost:8080/appteste/rest/auth/login HTTP 200: Authorized curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon HTTP 401: Unauthorized curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja and is ok but another pc i login (adm is role "adm") curl -3 -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H "Content-type: application/json" -d '{"loginName":"adm","password":"123"}' -X POST http://localhost:8080/appteste/rest/auth/login HTTP 200: Authorized curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/cerveja HTTP 401: Unauthorized curl -b --cookie -v -X GET http://localhost:8080/appteste/rest/list/bacon is ok now i request again user mar , mar not access rest two users not login in one application in mobile too -- View this message in context: http://aerogear-dev.1069024.n5.nabble.com/aerogear-security-and-android-t... Sent from the aerogear-dev mailing list archive at Nabble.com.