Hi Bruno,
playing with the 'picketbox' branch of the TODO app. I have one
question about the security API ...
I am able to do a successful login with 'curl' ==> curl -v -H
"Accept: application/json" -H "Content-type: application/json" -X
POST
-d '{"username":"john","password":"123"}'
http://localhost:8080/todo-server/auth/login
Great, my RESPONSE looks like:
{"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
Now when I want to fetch the projects (from their endpoint), by using
the token (as header) (again with) curl:
curl -v -H "Accept: application/json" --header "token:
6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
http://localhost:8080/todo-server/projects
As a response I am getting 401 (Unauthorized)
==>
* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
GET /todo-server/projects HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r
zlib/1.2.5
Host: localhost:8080
Accept: application/json
token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 39
< Date: Wed, 26 Sep 2012 11:29:56 GMT
<
* Connection #0 to host localhost left intact
Am I missing something here ?
Greetings,
Matthias
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf