Hi Bruno, playing with the 'picketbox' branch of the TODO app. I have one question about the security API ... I am able to do a successful login with 'curl' ==> curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"username":"john","password":"123"}' http://localhost:8080/todo-server/auth/login Great, my RESPONSE looks like: {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"} Now when I want to fetch the projects (from their endpoint), by using the token (as header) (again with) curl: curl -v -H "Accept: application/json" --header "token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET http://localhost:8080/todo-server/projects As a response I am getting 401 (Unauthorized) ==> * About to connect() to localhost port 8080 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 8080 (#0) > GET /todo-server/projects HTTP/1.1 > User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5 > Host: localhost:8080 > Accept: application/json > token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad > < HTTP/1.1 401 Unauthorized < Server: Apache-Coyote/1.1 < Content-Type: application/json < Content-Length: 39 < Date: Wed, 26 Sep 2012 11:29:56 GMT < * Connection #0 to host localhost left intact Am I missing something here ? Greetings, Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

I'll try to reproduce that error today guys to see what happens between the TODO app and curl. -- "The measure of a man is what he does with power" - Plato - @abstractj - Volenti Nihil Difficile On Wednesday, September 26, 2012 at 9:42 AM, Kris Borchers wrote: I see the same thing via curl but it works in browser. My guess would be it has something to do with everything being session based and the session isn't properly maintained with curl. That's mostly just a guess though. On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <matzew(a)apache.org&gt; wrote: Hi Bruno, playing with the 'picketbox' branch of the TODO app. I have one question about the security API ... I am able to do a successful login with 'curl' ==> curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"username":"john","password":"123"}' http://localhost:8080/todo-server/auth/login Great, my RESPONSE looks like: {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"} Now when I want to fetch the projects (from their endpoint), by using the token (as header) (again with) curl: curl -v -H "Accept: application/json" --header "token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET http://localhost:8080/todo-server/projects As a response I am getting 401 (Unauthorized) ==> * About to connect() to localhost port 8080 (#0) * Trying 127.0.0.1... * connected * Connected to localhost (127.0.0.1) port 8080 (#0) GET /todo-server/projects HTTP/1.1 User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5 Host: localhost:8080 Accept: application/json token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad < HTTP/1.1 401 Unauthorized < Server: Apache-Coyote/1.1 < Content-Type: application/json < Content-Length: 39 < Date: Wed, 26 Sep 2012 11:29:56 GMT < * Connection #0 to host localhost left intact Am I missing something here ? Greetings, Matthias -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev