[aerogear-dev] Initial Security for AeroGear UnifiedPush

Matthias Wessendorf matzew at apache.org
Wed Jun 19 13:59:26 EDT 2013


merged https://github.com/aerogear/aerogear-unified-push-server/pull/6

thanks


On Wed, Jun 19, 2013 at 7:29 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Just to let you know, I opened the following jira
> https://issues.jboss.org/browse/AGSEC-68 and already attached a PR.
>
> The whole idea is as soon as we on the authorization model, extract it
> to AGSEC. I'll also start some unit testing to the endpoints.
>
> Matthias Wessendorf wrote:
> >
> >
> >
> > On Wed, Jun 19, 2013 at 6:15 PM, Bruno Oliveira <bruno at abstractj.org
> > <mailto:bruno at abstractj.org>> wrote:
> >
> >     I do it, if we're not using the interceptor we're just hiding a issue
> >     and duplicating code.
> >
> >
> > I agree on that :)
> >
> >
> >     - Issue: The endpoint should return 401 instead of bad request on
> >     requests.
> >
> >
> > correct.
> >
> > So, how about:
> > I give it another try tomorrow and will report back ?
> >
> > -Matthias
> >
> >
> >     Matthias Wessendorf wrote:
> >      > I think I didn't use it, because it throws an RT exception (no
> >     problem
> >      > with that), which I could catch on the RestEasy layer.
> >      > Instead of (for unauthorized invokes) returning 401 (to cURL, for
> >      > instance), it was just "bad request".
> >      >
> >      > So, I went for the "check by code" solution first. Not saying
> >     that I am
> >      > AGAINST the interceptor.
> >      >
> >      > I think on the long run that would be better and cleaner.
> >
> >     --
> >     abstractj
> >
> >     _______________________________________________
> >     aerogear-dev mailing list
> >     aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
> >     https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> >
> >
> >
> > --
> > Matthias Wessendorf
> >
> > blog: http://matthiaswessendorf.wordpress.com/
> > sessions: http://www.slideshare.net/mwessendorf
> > twitter: http://twitter.com/mwessendorf
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130619/d874136a/attachment.html 


More information about the aerogear-dev mailing list