[aerogear-dev] Basic Authentication - Push

Matthias Wessendorf matzew at apache.org
Thu Jun 27 09:41:41 EDT 2013


On Wed, Jun 26, 2013 at 8:55 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Are we skipping PL now?
>
> https://github.com/aerogear/aerogear-unified-push-server/blob/227ca43c6a4ee54ceab1b8ac325b7dab39284fbc/src/main/java/org/jboss/aerogear/connectivity/rest/registry/instances/MobileVariantInstanceEndpoint.java#L84
>
> I'm asking, because the PL have already implemented it.
>

I did it for a few reasons. I thought about using some "extension" of the
PL Agent (or a wrapper): Something like "MobileVariantAgent.java"
That would have a variantID (similar to the login name) and a secret,
stored as an attribute.

Right now, what I really do is user the variantID and the secret and check
if a) variant does exist and master password matches.

For the PicketLink I am also a bit unsure if that here (stealing the
session) is bad:
https://issues.jboss.org/browse/PLINK-204

so, I could "login" for variant "123" and have the chance to add "devices"
for a different variant 122 (if that exists in the database).

I am very open, to go with the default filter from PL, but the above was my
motivation of doing what I did for:
* Sender endpoint
* MobileVariantInstance endpoint

-Matthias



> --
> abstractj
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130627/86edf461/attachment.html 


More information about the aerogear-dev mailing list