Re: [aerogear-dev] Few suggestions about push quickstarts
On Thu, Jun 27, 2013 at 6:17 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning, today I was looking at the quickstart demo for push
and
would like to make some considerations and see what do you guys think.
In this way we can file jiras to move forward.
- The quickstart make use of AeroGear Controller. IMO we should move to
Resteasy
+1 - I think it was already mentioned on that original thread (or an IRC).
- Code formatting, do we have a template for it? I don't want to
mess up
with the project.
yes. You mean "check-style" (part of the build), or more a "template"
?
- Something that brought to my attention, after discuss with Passos
some
issues on Android is when you send: curl -v -b cookies.txt -c
cookies.txt -H "Accept: application/json" -H "Content-type:
application/json" -X POST -d '{"loginName": "john",
"password":"123"}'
http://localhost:8080/prodoctor/login
The HTTP response is:
{"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New
York"}
Attributes like expirationDate, partition and mailing password should
never be sent back. For more details please take a look at how aerogear
controller demo handle it
https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main....
Behind the scenes PicketLink already encrypts the passwords on AGSec,
but I can't do so much if they're sent back through the network. Thoughts?
yep, makes sense :)
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf