Hey Christos 

I've seen a few of these and perhaps all. I'm currently working on extracting the webapp into a separate project/modules named contacts-mobile-webapp. The webapp in that module was extracted from contacts-mobile-picketlink-secured and I've made some modifications.

For the logout issue I had to add the following:
This was to make the CORSFilter happy or it would consider the request invalid. 

I've also seen the 403 Forbidden messages but I'm no longer able to reproduce them. I'll take another look at this though.

[1] https://github.com/danbev/jboss-wfk-quickstarts/tree/push-proxy-quickstart

On 26 May 2014 11:29, Christos Vasilakis <cvasilak@gmail.com> wrote:
Hi all,

during the development of the iOS contacts client [1] , came across the following issues on the web interface. (Note: I am using edewit [2] branch that contains the Push functionality).

a) Login with “duke:duke" (role.MAINTAINER)  and try to edit(PUT) an existing contact  you get back a 403-Forbidden message.
b) Login with “admin:admin (role.ADMIN)  and try to delete(DELETE) an existing contact you get back a 403-Forbidden message.

Interestingly enough, on the iOS client using the same credentials in the above scenarios, they work correctly..  so possible(?) there are some issues on the web interface.

c) Logout on the web interface gives back a “Forbidden” message.

Tested on both wildfly-8.1.0.CR1 / CR2 and JBoss- EAP-6.2

Let me know if these are currently worked on or you want me to create JIRA’s.


[1] https://github.com/aerogear/aerogear-push-quickstarts/pull/3
[2] https://github.com/edewit/jboss-wfk-quickstarts/tree/push/contacts-mobile-picketlink-secured
aerogear-dev mailing list