I'm sure you can do that. I was just being lazy and it was quicker to test
this way :)
On 2 August 2013 11:23, Sebastien Blanc <scm.blanc(a)gmail.com> wrote:
BTW,
Looking at your mapper, I wonder if you could not add that to HttpExceptionMapper
class from ag-sec, if it makes sense and not side effects happens (I tried
it in a non CORS app and saw no problem) I can do a PR for that on
aerogear-security ?
Seb
On Fri, Aug 2, 2013 at 11:14 AM, Sebastien Blanc <scm.blanc(a)gmail.com>wrote:
> \o/
> You're the man !
> It works, thx you so much !
>
>
>
> On Fri, Aug 2, 2013 at 11:09 AM, Daniel Bevenius <
> daniel.bevenius(a)gmail.com> wrote:
>
>> I've looked into this and I think the cause is that the
>> HttpExceptionMapper does not add CORS headers. I tried to add an
>> ExceptionMapper that does add CORS headers and it will then return a 401 to
>> the browser instead of a failed request.
>> I've pushed this example to this branch:
>>
>>
https://github.com/danbev/aerogear-push-quickstart-backend/tree/exception...
>>
>> Let me know if this fixes the error you were seeing.
>>
>> /Dan
>>
>>
>> On 2 August 2013 09:47, Sebastien Blanc <scm.blanc(a)gmail.com> wrote:
>>
>>>
>>>
>>>
>>> On Fri, Aug 2, 2013 at 9:36 AM, Daniel Bevenius <
>>> daniel.bevenius(a)gmail.com> wrote:
>>>
>>>> Hey Seb,
>>>>
>>>> I'm trying to reproduce this but getting a Javascript error which
is:
>>>> Uncaught ReferenceError: NewLeadController is not defined from aerodoc
>>>>
>>>
>>> Sorry, if you pull now it should be good
>>>
>>>>
>>>>
>>>> I think I followed the steps above, but I did change the version
>>>> aerogear.unifiedpush.sender.version to 0.2.1-SNAPSHOT as I did not have
>>>> 0.2.0-SNAPSHOT. Any ideas about this?
>>>>
>>>
>>> Yes, that is good, though for reproducing this scenario the sender is
>>> not used, but yes you can use 0.2.1-SNAPSHOT
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>> On 1 August 2013 21:01, Sebastien Blanc <scm.blanc(a)gmail.com>
wrote:
>>>>
>>>>> Hi Folks,
>>>>>
>>>>> I'm facing an issue and I hope you could help me on this.
>>>>>
>>>>> My app is using ag-sec with the @secure annotation and Resteasy.
>>>>>
>>>>>
<
https://gist.github.com/sebastienblanc/6133102#scenario-hitting-secured-e...:
>>>>> hitting secured endpoints without CORS (webapp deployed in the same
domain)
>>>>>
>>>>> When the user has not the role specified by @secure I got an
>>>>> exception, as expected
https://gist.github.com/sebastienblanc/6134149
>>>>>
>>>>> I assume it is because of this
>>>>>
https://github.com/aerogear/aerogear-security/blob/master/src/main/java/o...
and,
>>>>> perfect, works as designed.
>>>>>
>>>>> The server returns a nice 401 status to the client.
>>>>>
<
https://gist.github.com/sebastienblanc/6133102#testing-in-a-cors-configur...
>>>>> in a CORS configuration (web client running under another domain)
>>>>>
>>>>> Same scenario I'm hitting a secure endpoint without having the
role
>>>>> needed (BTW the OPTIONS preflights are handled without any errors).
>>>>>
>>>>> I'm getting the same exception from the server but this time no
>>>>> proper 401 answer sent back to the client, and on client side the
request
>>>>> is just canceled.
>>>>>
>>>>> 1. Reproduce it To repoduce this scenario here are the step :
>>>>>
>>>>>
>>>>> - Clone this branch
>>>>>
https://github.com/sebastienblanc/aerogear-push-quickstart-backend/tree/c...
>>>>> ,mvn clean install , mvn jboss-as:deploy
>>>>> -
>>>>>
>>>>> Clone this branch :
>>>>>
https://github.com/aerogear/aerogear-push-quickstart-web/tree/AGPUSH-160 and
>>>>> deploy it, making sure it's not running on the same port as
aerodoc backend
>>>>> (for instancepython -m SimpleHTTPServer )
>>>>> -
>>>>>
>>>>> Browse to the simple client (in case you use python webserver it
>>>>> will be localhost:8000
>>>>> -
>>>>>
>>>>> Login With maria/123
>>>>> -
>>>>>
>>>>> Refresh the page : you should see the failure on retrieving the
>>>>> /leads endpoints.
>>>>>
>>>>> So, What I'm looking for is to have a normal 401 status sent back
to
>>>>> the client when using CORS, maybe someone has some ides about this ?
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Seb
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev