\o/
You're the man !
It works, thx you so much !
On Fri, Aug 2, 2013 at 11:09 AM, Daniel Bevenius
<daniel.bevenius(a)gmail.com>wrote:
I've looked into this and I think the cause is that the
HttpExceptionMapper does not add CORS headers. I tried to add an
ExceptionMapper that does add CORS headers and it will then return a 401 to
the browser instead of a failed request.
I've pushed this example to this branch:
https://github.com/danbev/aerogear-push-quickstart-backend/tree/exception...
Let me know if this fixes the error you were seeing.
/Dan
On 2 August 2013 09:47, Sebastien Blanc <scm.blanc(a)gmail.com> wrote:
>
>
>
> On Fri, Aug 2, 2013 at 9:36 AM, Daniel Bevenius <
> daniel.bevenius(a)gmail.com> wrote:
>
>> Hey Seb,
>>
>> I'm trying to reproduce this but getting a Javascript error which is:
>> Uncaught ReferenceError: NewLeadController is not defined from aerodoc
>>
>
> Sorry, if you pull now it should be good
>
>>
>>
>> I think I followed the steps above, but I did change the version
>> aerogear.unifiedpush.sender.version to 0.2.1-SNAPSHOT as I did not have
>> 0.2.0-SNAPSHOT. Any ideas about this?
>>
>
> Yes, that is good, though for reproducing this scenario the sender is not
> used, but yes you can use 0.2.1-SNAPSHOT
>
>
>>
>>
>>
>>
>> On 1 August 2013 21:01, Sebastien Blanc <scm.blanc(a)gmail.com> wrote:
>>
>>> Hi Folks,
>>>
>>> I'm facing an issue and I hope you could help me on this.
>>>
>>> My app is using ag-sec with the @secure annotation and Resteasy.
>>>
>>>
<
https://gist.github.com/sebastienblanc/6133102#scenario-hitting-secured-e...:
>>> hitting secured endpoints without CORS (webapp deployed in the same domain)
>>>
>>> When the user has not the role specified by @secure I got an exception,
>>> as expected
https://gist.github.com/sebastienblanc/6134149
>>>
>>> I assume it is because of this
>>>
https://github.com/aerogear/aerogear-security/blob/master/src/main/java/o...
and,
>>> perfect, works as designed.
>>>
>>> The server returns a nice 401 status to the client.
>>>
<
https://gist.github.com/sebastienblanc/6133102#testing-in-a-cors-configur...
>>> in a CORS configuration (web client running under another domain)
>>>
>>> Same scenario I'm hitting a secure endpoint without having the role
>>> needed (BTW the OPTIONS preflights are handled without any errors).
>>>
>>> I'm getting the same exception from the server but this time no proper
>>> 401 answer sent back to the client, and on client side the request is just
>>> canceled.
>>>
>>> 1. Reproduce it To repoduce this scenario here are the step :
>>>
>>>
>>> - Clone this branch
>>>
https://github.com/sebastienblanc/aerogear-push-quickstart-backend/tree/c...
>>> ,mvn clean install , mvn jboss-as:deploy
>>> -
>>>
>>> Clone this branch :
>>>
https://github.com/aerogear/aerogear-push-quickstart-web/tree/AGPUSH-160
and
>>> deploy it, making sure it's not running on the same port as aerodoc
backend
>>> (for instancepython -m SimpleHTTPServer )
>>> -
>>>
>>> Browse to the simple client (in case you use python webserver it
>>> will be localhost:8000
>>> -
>>>
>>> Login With maria/123
>>> -
>>>
>>> Refresh the page : you should see the failure on retrieving the
>>> /leads endpoints.
>>>
>>> So, What I'm looking for is to have a normal 401 status sent back to
>>> the client when using CORS, maybe someone has some ides about this ?
>>>
>>>
>>> Regards,
>>>
>>> Seb
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev