Morning, maybe I'm not understanding your question, but we already have
this discussion and in the end the conclusion was about the lack of
documentation on AGSEC (
)
Am I wrong?
No real login exists, because we are making use of servlet filters from
PicketLink.
Matthias Wessendorf wrote:
Hi,
perhaps this is more "AeroGear-Security VS HTTP Basic/Digest", but first
some background informations:
our different "AuthenticationModule" implementations, for Android, iOS
and JavaScript, were created for the AeroGear-Security REST-APIs, which
are described here:
http://aerogear.org/docs/specs/aerogear-rest-api/
Here are the three different client platform implementations:
* Android:
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/ae...
* iOS:
https://github.com/aerogear/aerogear-ios/blob/master/AeroGear-iOS/AeroGea...
* JavaScript:
https://github.com/aerogear/aerogear-js/blob/master/src/authentication/ad...
So, basically the interface(or the different implementations) covers the
following functionality, described in the above spec:
* enroll
* login
* logout
So far so good.
However, looking at the recent work for BASIC/DIGEST (e.g.
http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-iOS-Basic-Digest-T...),
I think it might be confusing that there is no real login call against
the server, like in the above codee, for AG-Security
Instead, the "login", is _only_ applying the credentials to that
subsequent requests can read (a) protected URL(s). Similar to "logout":
Only a _reset_ of the credentials is happening. No server endpoint is
invoked.
See also
http://lists.jboss.org/pipermail/aerogear-dev/2013-May/002810.html
Similar to the "enroll"; The iOS proposal throws an exception, similar
to the Android version:
https://github.com/aerogear/aerogear-android/blob/master/src/org/jboss/ae...
https://github.com/cvasilak/aerogear-ios/blob/basic.digest.auth/AeroGear-...
To me, looks like none of the methods of the "AuthenticationModule
interface" are properly used, or am I wrong?
I think my question is: Does it really make sense to kinda try to add
the BASIC/DIGEST support into the "AuthenticationModule interface"?? or,
could there be something else ?
Not sure, I guess since I am not sure, I am asking here :)
Any feedback is appreciated!
Thanks!
Matthias
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev