[aerogear-dev] Initial Security for AeroGear UnifiedPush

Bruno Oliveira bruno at abstractj.org
Wed Jun 19 13:29:10 EDT 2013


Just to let you know, I opened the following jira 
https://issues.jboss.org/browse/AGSEC-68 and already attached a PR.

The whole idea is as soon as we on the authorization model, extract it 
to AGSEC. I'll also start some unit testing to the endpoints.

Matthias Wessendorf wrote:
>
>
>
> On Wed, Jun 19, 2013 at 6:15 PM, Bruno Oliveira <bruno at abstractj.org
> <mailto:bruno at abstractj.org>> wrote:
>
>     I do it, if we're not using the interceptor we're just hiding a issue
>     and duplicating code.
>
>
> I agree on that :)
>
>
>     - Issue: The endpoint should return 401 instead of bad request on
>     requests.
>
>
> correct.
>
> So, how about:
> I give it another try tomorrow and will report back ?
>
> -Matthias
>
>
>     Matthias Wessendorf wrote:
>      > I think I didn't use it, because it throws an RT exception (no
>     problem
>      > with that), which I could catch on the RestEasy layer.
>      > Instead of (for unauthorized invokes) returning 401 (to cURL, for
>      > instance), it was just "bad request".
>      >
>      > So, I went for the "check by code" solution first. Not saying
>     that I am
>      > AGAINST the interceptor.
>      >
>      > I think on the long run that would be better and cleaner.
>
>     --
>     abstractj
>
>     _______________________________________________
>     aerogear-dev mailing list
>     aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-- 
abstractj



More information about the aerogear-dev mailing list