[aerogear-dev] Few suggestions about push quickstarts

Kris Borchers kris at redhat.com
Thu Jun 27 12:26:27 EDT 2013


On Jun 27, 2013, at 11:17 AM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Good morning, today I was looking at the quickstart demo for push and 
> would like to make some considerations and see what do you guys think. 
> In this way we can file jiras to move forward.
> 
> - The quickstart make use of AeroGear Controller. IMO we should move to 
> Resteasy

+1
> - Code formatting, do we have a template for it? I don't want to mess up 
> with the project.

As I said in an earlier e-mail on another thread, code formatting is on of my pet peeves so I am +9001 on keeping code clean and readable
> - Something that brought to my attention, after discuss with Passos some 
> issues on Android is when you send: curl -v -b cookies.txt -c 
> cookies.txt -H "Accept: application/json" -H "Content-type: 
> application/json" -X POST -d '{"loginName": "john", "password":"123"}' 
> http://localhost:8080/prodoctor/login
> 
> The HTTP response is:
> 
> {"id":"8a7d9bfd-6adc-475a-9b90-407efb6bcae5","enabled":true,"createdDate":1372349593981,"expirationDate":null,"partition":null,"loginName":"john","firstName":null,"lastName":null,"email":null,"status":"PTO","password":"123","location":"New 
> York"}

This is bad!
> 
> Attributes like expirationDate, partition and mailing password should 
> never be sent back. For more details please take a look at how aerogear 
> controller demo handle it 
> https://github.com/aerogear/aerogear-controller-demo/blob/master/src/main/java/org/jboss/aerogear/controller/demo/Login.java#L48.
> 
> Behind the scenes PicketLink already encrypts the passwords on AGSec, 
> but I can't do so much if they're sent back through the network. Thoughts?
> 
> -- 
> abstractj
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev




More information about the aerogear-dev mailing list