[aerogear-dev] Security / HTTP Basic: server interaction for Login/logout ?
Matthias Wessendorf
matzew at apache.org
Fri May 24 03:27:12 EDT 2013
Hi,
we do have server side endpoints, for login/logout:
SPEC:
http://aerogear.org/docs/specs/aerogear-rest-api/
TODO demo:
https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/Routes.java#L151-L162
(routes to
https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java
)
One thing that I noticed, when talking w/ Christos about the HTTP BASIC
support, is that currently the modules "just" set the credentials on
"LOGIN",
and they perform a "clean-up", on the logout.
For both, login/logout, no request is send to the matching "endpoints" on
the server-side
Android (logout):
https://github.com/aerogear/aerogear-android/blob/29b70da146e965e18ae9b6966d9b533c4993eb9b/src/org/jboss/aerogear/android/authentication/impl/HttpBasicAuthenticationModule.java#L122-L147
iOS (logout):
https://github.com/cvasilak/aerogear-ios/blob/464b981e4aafbace032cd403163bbd581a068264/AeroGear-iOS/AeroGear-iOS/security/AGHttpBasicDigestAuthentication.m#L128-L139
Not sure, but ususally, a logout against the server also performs some sort
of clean up. For instance in the TODO demo, it issues a logout against the
IDM:
https://github.com/aerogear/TODO/blob/master/server/src/main/java/org/aerogear/todo/server/rest/AuthenticationService.java#L113
Greetings,
Matthias
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130524/f9afe1c2/attachment.html
More information about the aerogear-dev
mailing list