Re: [aerogear-dev] Initial Security for AeroGear UnifiedPush

Have in mind, this is all "progressing"... Currently looking at JavaScript "secure" registration + CORS Followed by: * iOS SDK * Java Sender * Android -Matthias On Wed, Jun 19, 2013 at 6:40 AM, Matthias Wessendorf <matzew(a)apache.org&gt;wrote: Bruno merged the security bits to MASTER. A tag (0.1.0) of the previous MASTER (the one without security) has been created. -Matthias On Mon, Jun 17, 2013 at 2:52 PM, Matthias Wessendorf <matzew(a)apache.org&gt;wrote: Hi, I worked a bit on the initial security, after Bruno release the 1.0.1 versions of AG-Security. <https://gist.github.com/anonymous/b82b7bb1b2d1ab36f92d#management-of-push... of PushApplications and MobileVariants Adding a (simple) *DEVELOPER* class (just that, no *fancy* roles yet). This is powered by AG-Security and the very wellknown "login"/"logout" will be used (and soon "enroll" for new users). A *DEVELOPER* is allowed to create/manage PushApplications and MobileVariants (including the standard CRUD flow). Here is a little cURL based flow: <https://gist.github.com/anonymous/b82b7bb1b2d1ab36f92d#login>Login: curl -v -b cookies.txt -c cookies.txt -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"loginName": "admin", "password":"123"}'http://localhost:8080/ag-push/rest/auth/login <https://gist.github.com/anonymous/b82b7bb1b2d1ab36f92d#create-new-pushapp... new PushApp: