[aerogear-dev] Few suggestions about push quickstarts

Bruno Oliveira bruno at abstractj.org
Thu Jun 27 12:17:07 EDT 2013


Good morning, today I was looking at the quickstart demo for push and 
would like to make some considerations and see what do you guys think. 
In this way we can file jiras to move forward.

- The quickstart make use of AeroGear Controller. IMO we should move to 
Resteasy
- Code formatting, do we have a template for it? I don't want to mess up 
with the project.
- Something that brought to my attention, after discuss with Passos some 
issues on Android is when you send: curl -v -b cookies.txt -c 
cookies.txt -H "Accept: application/json" -H "Content-type: 
application/json" -X POST -d '{"loginName": "john", "password":"123"}' 
http://localhost:8080/prodoctor/login

The HTTP response is:

{"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New 
York"}

Attributes like expirationDate, partition and mailing password should 
never be sent back. For more details please take a look at how aerogear 
controller demo handle it 
https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/Login.java#L48.

Behind the scenes PicketLink already encrypts the passwords on AGSec, 
but I can't do so much if they're sent back through the network. Thoughts?

-- 
abstractj



More information about the aerogear-dev mailing list