On Thu, Aug 8, 2013 at 6:55 AM, Bruno Oliveira <bruno@abstractj.org> wrote:
This piece if code will be removed from AGSec
https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L37
because is something very tied to Resteasy.
 
Oh that is great news, that was also a point worrying me a bit  ... so +1

Regarding the issue with CORS, at first glance if we are willing to
provide it on AGSec we will send extra HTTP headers to every
unauthorized request. And is impossible to AGSec to cover every corner
case, because at this point we should be able to distinguish CORS
request from non CORS to send the correct headers.

In the next releases the dependency with Resteasy will be removed and we
will have only this block of code
https://github.com/aerogear/aerogear-security/blob/1.1.x/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java#L41.


I can't see any problems on having it at your project, unless with think
this is very very high priority, leave it as is and feel free to
implement your own exception handler.
Yes, will do that but in the same time I think we should document that somewhere, in case someone is facing the same issue. Any idea where would the best place to doc that ?
 

Sebastien Blanc wrote:
> Hi,
>
> I realized that the HttpExceptionMapper[1]  provided by ag-sec do not
> work well in a CORS environment when returning a 401 response to the client.
>
> Dan has found the fix by adding CORS headers in the HttpExceptionMapper,
> we implemented that in a custom class[2] .
>
> My question is, could we update the HttpExceptionMapper in ag-sec with
> these extra headers or does that expose any side effects/risks ?
>
> Or Should we provide just the CORS HttpExceptionMapper variant in ag-sec
> based on [2] and document that ?
>
> A JIRA [3] has been created to track this.
>
> Seb
>
>
>
>
> [1] https://github.com/aerogear/aerogear-security/blob/master/src/main/java/org/jboss/aerogear/security/exception/HttpExceptionMapper.java
>
> [2] https://github.com/aerogear/aerogear-push-quickstart-backend/blob/master/src/main/java/org/jboss/aerogear/aerodoc/rest/CorsExceptionHandler.java
>
> [3] https://issues.jboss.org/browse/AGSEC-98
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

--
abstractj

_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev