On Thu, Jun 27, 2013 at 6:17 PM, Bruno Oliveira <bruno@abstractj.org> wrote:

Good morning, today I was looking at the quickstart demo for push and
would like to make some considerations and see what do you guys think.
In this way we can file jiras to move forward.

- The quickstart make use of AeroGear Controller. IMO we should move to
Resteasy

+1 , I have a local brach with resteasy, will be pushed tomorrow ;)

- Code formatting, do we have a template for it? I don't want to mess up
with the project.

Yeah, sorry, that is also my fault, is https://github.com/aerogear/ide-config still up to date and shall I use this one ?

- Something that brought to my attention, after discuss with Passos some
issues on Android is when you send: curl -v -b cookies.txt -c
cookies.txt -H "Accept: application/json" -H "Content-type:
application/json" -X POST -d '{"loginName": "john", "password":"123"}'
http://localhost:8080/prodoctor/login

The HTTP response is:

{"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New
York"}

Attributes like expirationDate, partition and mailing password should
never be sent back. For more details please take a look at how aerogear
controller demo handle it
https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/Login.java#L48.

Behind the scenes PicketLink already encrypts the passwords on AGSec,
but I can't do so much if they're sent back through the network. Thoughts?

Yes I have to filter the answer like you did in controller, thanks for pointing that out.

--
abstractj

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev